In a recent article written by Checkpoint Research, BreakingSecurity has been accused to support illicit abuse of our software via a third party retailer who has been selling some external products alongside Remcos.
We have also been accused to be the same company of the retailer, forging a double identity in order to provide encryption service to our software and facilitating abuse.
However, as we will demonstrate in this answer, these accusations are wrong.
First of all, our company has never been interested in supporting the abuse of our cybersecurity programs (proofs below).
As is clearly highlighted on our site, and also on the article itself, we never provided in our website a tool that could be used to make Remcos undetected to security software.
Also, we never provided any support on our official website and telegram channel about abusing our software in any way.
We do not sell our products on any blackhat or hacking forum.
Any customer manifesting any illegal intention of using our software has had his license banned (proofs posted below).
Any report sent to us regarding any illegal usage of our software has been investigated and the responsible user had his license banned (proofs posted below).
We also have developed CyberGuard, an Anti-Malware application, which we sell on our own site.
The article focuses on one of our software, Remcos.
Remcos is a versatile surveillance and cybersecurity tool, and as such is used in many different scenarios.
We have many customers and companies that use our products and services in various cybersecurity fields.
For example, Remcos is widely used as a tool for red teaming, pen testing, legitimate surveillance, but also for administering many machines from a single control point, for creating a proxy, and much more.
We are aware that Remcos, like most cybersecurity and pentesting tools, has risks.
Many other cybersecurity tools such as Cobalt Strike, Metasploit, Flipper Zero, many VPNs, and many other software or services have been abused to the detriment of the developers’ intentions, even though their company, like ours, has never sold their products with the purpose of being abused.
We do not provide any products on our site that allow users to bypass the protection of antivirus software: so users can only use Remcos on computers on which they have explicit consent and access to install it.
Various proofs of support tickets, showing that we enforce legal usage both in public and in private, and we ban any suspicious license and user:
As we can see from the ticket dates, we always enforced legal usage of our software, long before any article about us was posted.
Now let’s show some examples from our Telegram Group.
Note that some of the related users messages was deleted by us, as we moderate any message who could manifest suspicious intentions.
Some of the related posts:
The document sent to us certifies that our reseller has a business in Jordan based on the sale of products online.
We however verified that our reseller had a registered company in the trade of online software.
The work conducted by our employee with VgoStore was conducted by him personally on his own behalf, without any relationship to the rest of BreakingSecurity.
Regarding the claim that our company and VgoStore are the same one, or that our employee and Vgo are the same person using different accounts:
We asked our retailer VgoStore to provide clear proof to show that
- We are not the same company
- Our companies are managed by different people
- Our businesses do not share income.
BreakingSecurity did not receive any income from the sale or support of any encryption tool or any other service provided on the VgoStore platform.
- The relationship between BreakingSecurity and VgoStore was just the one between a developer and a retailer;
BreakingSecurity didn’t manage which other software or services were provided in this external platform.
Before allowing resale of our software, we however verified that our reseller had a registered company in the trade of online software.
- The work conducted by our ex-employee with VgoStore was done on his behalf and outside of BreakingSecurity.
In this video recorded by VgoStore and provided upon our request, showing old chats by him and our employee, all the above points are clearly proved:
Proof of this in private chat conversations:
He provided us with evidence regarding old conversations with customers:
It is worth noting that our employee was tasked, during his external job for VgoStore, into helping customers with software installation in their own servers, via remote support sessions. So he didn’t own some of the servers displayed in the article, and could not know what other tools were installed on these servers or how these servers were going to be used by customers.
Our employee provided us a record of an old conversation with the customer which sent him a sample (formbook). The same customer was the owner of the Formbook panels.
The conversation proves that there is no relation between our employee and the malware campaigns mentioned in the article, neither that our employee was the owner of this server and Formbook.