German-based spyware startup inadvertently exposes 20GB of its own unprotected data online

• The data exposed included surveillance targets’ information, passports scans of its founder and family, recordings of meetings and more.
• The company’s data was left unprotected in a command and control server and a public Google Drive folder.

A German-based spyware company named Wolf Intelligence accidentally exposed its own corporate data, including surveillance targets’ information, passports scans of its founder and family, recordings of meetings and more.

The data leak exposed around 20 GB of the company’s data, which was left unprotected in a command and control server and a public Google Drive folder. Security researchers from CSIS Security discovered the exposed data and confirmed their validity. The researchers shared screenshots of the leaked data during a talk at the Virus Bulletin conference in Montreal.

“This is a very stupid story in the sense that you would think that a company actually selling surveillance tools like this would know more about operational security,” CSIS co-founder Peter Kruse told Motherboard.

About Wolf Intelligence

Wolf Intelligence is part of the spyware industry. Many individuals consider the activities carried out by companies from this industry to be unregulated, yet it still remains legal. Wolf Intelligence provides hacking and spy software to law enforcement and intelligence agencies from around the world.

Wolf Intelligence denies the accusation

Wolf Intelligence founder Manish Kumar told Motherboard that the data was not left unprotected by his company, but left online by a reseller whom he refused to identify. Kumar also added that he plans to sue CSIS for hacking his reseller.

However, CSIS pointed out that it had not hacked into anything to obtain the data. CSIS researcher Benoit Ancel told Motherboard that he found many indications that the data left exposed was not the work of a reseller.

To prove his arguments he also shared some pictures from the servers. One such image of an exposed database reportedly showed one of Kumar’s mobile numbers, a series of intercepted text messages, and a screenshot of a Slack conversation between Kumar and one of his employees.

Server secured

The insecure data was found by Kruse’s colleagues Benoit Ancel and Aleksejs Kurpins when they were investigating a banking malware sold on the dark web and reused by cybercriminals.

“Maybe they were thinking that the server was secure, I don't know, but it was definitely stupid,” Kruse said. “Everything was just floating around on the internet. That's why I thought this story was too good to be true.”

The CSIS researchers said that after their talk at the Virus Bulletin, Wolf Intelligence shut down the exposed servers immediately.