Data Breach

PhineasFisher explained how he breached the Hacking Team

The hacker PhineasFisher published a detailed explanation of how he has hacked the Italian surveillance firm Hacking Team.

In July 2015, the surveillance firm Hacking Team suffered a serious security breach, unknown attackers have exfiltrated some 400Gbs of data (including emails, internal documents, and exploit source code), but since now no news regarding the attack was disclosed.

Now the hacker using the online pseudonymous ‘PhineasFisher‘ published a detailed explanation of how he has hacked the Italian surveillance firm.

PhineasFisher is the same hacker that breached the surveillance company Gamma International, that sells hacking tools including the popular spyware FinFisher.

PhineasFisher also shared his political ideology in the manifesto he published, the hacker explained that he breached the company to its questionable affairs with rogue governments.

The surveillance software sold by the Hacking Team was in fact abused by many governments against activists and political opponents.

“So easy it is to tear down a company and stop their abuses human rights. That is the beauty and the asymmetry of hacking: with only a hundred hours of work, one person can undo years of work of a multimillion-dollar company. The hacking gives us the possibility of the dispossessed fight and win.“ states the conclusion of the PhineasFisher’s message.

“Hacking Team is see themselves as part of a tradition of inspiring Italian [1] design. I see them Vincenzetti, your company, and their cronies police, police, and government, as part of a long tradition of Italian fascism. I want to dedicate this guide to the victims of the assault on the Armando Diaz school, and all those who have shed their blood on hands Italian fascists.”

Phineas Fisher decided to disclose the details of the hack to give a new blow to the Hacking Team that never left the business.

The hacker revealed to have used a zero-day exploit  unknown vulnerability to breach the internal network of the company. The Phineas Fisher didn’t provide further details on the vulnerability he exploited, likely because it is still unpatched. He has also avoided disclosing how he has obtained the exploit.

“I did a lot of work and testing before using the exploit against Hacking Team. I wrote a backdoor firmware, and compiled several tools post-exploitation for embedded system. The backdoor serves to protect the exploit. Use the exploit only once and then return by the backdoor ago work harder to find and patch vulnerabilities.” the hacker wrote.

Once inside the network, the hacker moved laterally accessing other servers, including the internal email system. Phineas Fisher was able to find the passwords of the on the system administrators, including the one belonging to Christian Pozzi. The hacker was inside, and with full administrative privileges and Pozzi’s credentials, he was able to control the entire network. The hacker confirmed to have breached also a separate network storing the company’s source code.

“One of my favorite pastimes is hunting the sysadmins. spying Christan Pozzi (sysadmin Hacking Team) got the server accesso Nagios gave me accessibility to sviluppo rete (network development in RCS source code). With a simple combination of Get-Keystrokes and Get-TimedScreenshot of PowerSploit [13], Do-Exfiltration of Nishang [14], and GPO, you can spy on any employee or even the entire domain.” stated the hacker.

Once exfiltrated the data, the hacker reset Hacking Team’s Twitter password by using the “forgot password” function and used the account to announce the data breach.

The hacker spent six weeks, nearly 100 hours of work, inside the Hacking Team network to exfiltrate the data.

I invite you to read the details of the hack disclosed by the hacker, despite it is impossible to verify their accuracy, it is interesting to note how the hacker described its alleged operation and the motivation behind the attack.

PhineasFisher is politically motivated and he is inciting the hacking community to follow his example.

 

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Hacking Team, PhineasFisher)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

6 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

17 hours ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

21 hours ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

1 day ago

Finnish police linked APT31 to the 2021 parliament attack

The Finnish Police attributed the attack against the parliament that occurred in March 2021 to…

1 day ago

This website uses cookies.