Hacker publishes detailed view of his attack on Hacking Team

Apr

18

2016

A hacker known as Phineas Fisher, has published a detailed description of his attack on the Italian firm Hacking Team in 2015. He describes how he worked and what tools he used to create data booty 400GB.

The hacker name is probably a pun on the FinFisher malware, supplied by the German company Gamma International. This company had previously targeted by the same hacker. The recently published story is a translation of a document originally in Spanish appeared . The hacker says he has adapted his method for this attack, so he can not be identified on the basis of his technique. The story starts with a display of the process and there will be given general tips, such as encrypting hard disk drives as a security measure.

Also, the hacker goes on in its infrastructure, which consists of both stable and hacked servers. He also makes use of domain names in order to have a guaranteed tunnel from the hacked network to command and control servers. To gather information about the target, the hacker praises the versatility of Google in conjunction with a number of specific terms.

After Fisher had collected enough information, he could begin to penetrate the network of Hacking Team. He chose not to use spear phishing, because the Italian company itself often used this technique of targeted phishing attacks. He also thought about buying access of Russian parties, which would have access to virtually all Fortune 500 companies. Hacking Team, however, was too small party for this approach. It was nothing left than previously unknown vulnerabilities, or zero days, searching the systems that were present on the servers of Hacking Team, including the Joomla content management system and e-mail software Postfix.

Ultimately, he chose to seek such vulnerabilities in embedded devices that perform a particular function, such as a router. After two weeks he found a leak that allowed him to remotely execute code on the device through rce. Now he had access, he could explore the rest of the Hacking Team network. He found an iSCSI device that led him to a number of databases. In it he found backups that contain hashed passwords, including a local administrator. On that basis he came into possession of more passwords.

Team hacking passwords The passwords of various Hacking Team members

After this he was able to download the e-mail and files of the company, after which he made it publicly available in 2015 through a torrent file. In total, the hack would have cost him about one hundred hours. After this event seemed like Hacking Team had stopped, but later there were several indications that the company is still active and espionage tools sold to governments and other parties. The Italian government decided recently that the company is only allowed on European governments focus .

Viewing:-161

In: Technology & Gadgets Asked By: [15764 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »