Hacking Team – a notorious government-spying and hacking tool vendor – was attacked by an unknown hacker about a year ago. This break-in made news all over the world, but the identity and methods of the attacker were never exposed or released.
After a long time of uncertainty about the hacker’s identity, he finally came forward by publishing a description of how he infiltrated Hacking Team’s computers – while also baring information that the hacking company kept close to its vest.
The attacker, who uses the moniker Phineas Fisher, described how he was able to break into the Hacking Team’s systems and stealthily took at least 400 GB of data. Fisher’s essay also included his ideas about politics, and his motivations for hacking Hacking Team.
Fisher added, “And that’s all it takes to take down a company and stop its abuses against human rights. That’s the beauty and asymmetry of hacking” with just 100 hours of work, one person can undo years of a multi-million dollar company’s work. Hacking gives the underdog a chance to fight and win.”
He also said that leaking the paperwork that showed Hacking Team’s wrongdoings was the real “ethical hacking” compared to consultancy with companies who “deserve to be hacked.”
With just 100 hours of work, one person can undo years of a multi-million dollar company’s work.
Milan-based Hacking Team offers spyware and hacking services to police and intelligence agencies all over the world. Over the span of its existence, however, Hacking Team’s products have been found to be used against the media, activists, and other similar groups.
Fisher added, “I see (Hacking Team’s CEO David) Vincenzetti, his company, and his friends in the police, military and governments, as part of a long tradition of Italian fascists.” In 2015, Fisher also broke into several Hacking Team servers – not being detected for weeks.
Fisher’s hacking of the Hacking Team’s data allowed him to leak internal documents, communications, and source codes of the company’s projects. His attack revealed the company’s information – including some of its secrets and their list of clients.
When Fisher came out with the information he pilfered from the Hacking Team, he also admitted to a 2014 security breach that targeted Gamma International, a competitor of Hacking Team which also offers spyware applications.
Fisher swore he would reveal how he managed to humiliate the company whose mission was to hack other people. He, however, did not divulge the information until months after; saying he wanted to wait until the hacking company “had some time to fail at figuring out what happened and go out of business.”
Yet this did not happen. The Hacking Team never went out of business, so Fisher eventually published how he was able to embarrass them. Fisher did this so everyone “can laugh them off the internet for good.”
Phineas Fisher’s confession detailed how he made use of a new system vulnerability to get into the core network of Hackin Team. The bug did not have a patch, so Fisher did not give any specifics about it at the time. One of his first actions once he was in the system was to obtain emails before he was able to access the servers and other parts of the system. Fisher admitted to spying on Christian Pozzi – the company’s senior security official – once he got administration rights inside the company’s network since people of Pozzi’s position usually had access to the entire network. He was able to steal Pozzi’s different network accounts by recording his keystrokes. This gave him the ability to view and take the entire source code of Hacking Team.
Fisher was able to get into the Hacking Team’s Twitter account by resetting the password through the “forgot password” option. He was able to send a tweet broadcasting the hack. The professional hacker had access to the Hacking Team’s systems for one and a half months. He stated that it took him approximately 100 hours to navigate the system and collect all its data.
“I want to dedicate this guide to the victims of the assault on the Armando Diaz school, and all those who had their blood spilled by Italian fascists,” Phineas Fisher stated. He was referring to a very fatal raid set out on the Genoa, Italy-based school. More than 100 policemen were tried in court for the controversial and inhumane practices they committed during the 2011 raid.
Fisher, on the other hand, does not identify as a vigilante, stating, “I would characterize myself as an anarchist revolutionary, not as a vigilante. Vigilantes act outside the system but intend to carry out the work of the police and judicial system, neither of which I’m a fan of. I’m clearly a criminal; it’s unclear whether Hacking Team did anything illegal. If anyone, Hacking Team are the vigilantes, acting in the margins in pursuit of their love for authority and law and order.”
In his manifesto, Fisher inspires others to follow his lead. “Hacking gives the underdog a chance to fight and win. (It) is a powerful tool. Let’s learn and fight.”
However, the details in Phineas Fisher’s report have not been corroborated as both the Hacking Team and Italian authorities have spoken about anything related to the attack on Hacking Team’s systems. Eric Rabe, a spokesperson for Hacking Team, said, “Any comment should not come from the Italian police authorities who have been investigating the attack on Hacking team, so no comment from the company.”
Fisher continued by disclosing information about how Hacking Team was in the development stages of technology that would permit the user to track criminals. He stopped short of mocking the company by saying, “Considering I’m still free, I have doubts about its effectiveness.”
He concluded with a call to action, writing, “If not you, who? If not now, when?”
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.