PhineasFisher explained how he breached the Hacking Team

The hacker PhineasFisher published a detailed explanation of how he has hacked the Italian surveillance firm Hacking Team.

In July 2015, the surveillance firm Hacking Team suffered a serious security breach, unknown attackers have exfiltrated some 400Gbs of data (including emails, internal documents, and exploit source code), but since now no news regarding the attack was disclosed.

Now the hacker using the online pseudonymous ‘PhineasFisher‘ published a detailed explanation of how he has hacked the Italian surveillance firm.

PhineasFisher is the same hacker that breached the surveillance company Gamma International, that sells hacking tools including the popular spyware FinFisher.

PhineasFisher also shared his political ideology in the manifesto he published, the hacker explained that he breached the company to its questionable affairs with rogue governments.

The surveillance software sold by the Hacking Team was in fact abused by many governments against activists and political opponents.

“So easy it is to tear down a company and stop their abuses human rights. That is the beauty and the asymmetry of hacking: with only a hundred hours of work, one person can undo years of work of a multimillion-dollar company. The hacking gives us the possibility of the dispossessed fight and win.“ states the conclusion of the PhineasFisher’s message.

“Hacking Team is see themselves as part of a tradition of inspiring Italian [1] design. I see them Vincenzetti, your company, and their cronies police, police, and government, as part of a long tradition of Italian fascism. I want to dedicate this guide to the victims of the assault on the Armando Diaz school, and all those who have shed their blood on hands Italian fascists.”

Phineas Fisher decided to disclose the details of the hack to give a new blow to the Hacking Team that never left the business.

The hacker revealed to have used a zero-day exploit  unknown vulnerability to breach the internal network of the company. The Phineas Fisher didn’t provide further details on the vulnerability he exploited, likely because it is still unpatched. He has also avoided disclosing how he has obtained the exploit.

“I did a lot of work and testing before using the exploit against Hacking Team. I wrote a backdoor firmware, and compiled several tools post-exploitation for embedded system. The backdoor serves to protect the exploit. Use the exploit only once and then return by the backdoor ago work harder to find and patch vulnerabilities.” the hacker wrote.

Once inside the network, the hacker moved laterally accessing other servers, including the internal email system. Phineas Fisher was able to find the passwords of the on the system administrators, including the one belonging to Christian Pozzi. The hacker was inside, and with full administrative privileges and Pozzi’s credentials, he was able to control the entire network. The hacker confirmed to have breached also a separate network storing the company’s source code.

“One of my favorite pastimes is hunting the sysadmins. spying Christan Pozzi (sysadmin Hacking Team) got the server accesso Nagios gave me accessibility to sviluppo rete (network development in RCS source code). With a simple combination of Get-Keystrokes and Get-TimedScreenshot of PowerSploit [13], Do-Exfiltration of Nishang [14], and GPO, you can spy on any employee or even the entire domain.” stated the hacker.

Once exfiltrated the data, the hacker reset Hacking Team’s Twitter password by using the “forgot password” function and used the account to announce the data breach.

The hacker spent six weeks, nearly 100 hours of work, inside the Hacking Team network to exfiltrate the data.

I invite you to read the details of the hack disclosed by the hacker, despite it is impossible to verify their accuracy, it is interesting to note how the hacker described its alleged operation and the motivation behind the attack.

PhineasFisher is politically motivated and he is inciting the hacking community to follow his example.

 

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Hacking Team, PhineasFisher)

[adrotate banner=”5″]

[adrotate banner=”13″]