In July last year, a great response in the media received a cyber attack on the Italian company “Hacking Team”, supplying intelligence agencies of different countries to monitor citizens. The leak of more than 400 GB of corporate data was widely covered in the media, but the manner of the attack and stood behind its intruder virtually nothing was known.
The hacker, who identified himself as Phineas Fisher., was responsible for the incident. Last week, after eight months of silence, he published details of hacking “Hacking Team”.
Hacker Explained Step By Step About The Attack On The “Hacking Team”
Publication Phineas Fisher is not just a detailed account of the attack on the company’s system but also a political platform explaining the attacker’s motives. “That’s all you need to close the company and prevent human rights violations.
That is the beauty and the asymmetry of resistance: in just one hundred hours, only one person can nullify the years of a multi-million company. Hacking humiliated gives a chance to fight and win,” said a statement.
According to Phineas Fisher, real “ethical hackers” publish documents revealing corruption and abuse of power rather than advise and help companies deserve to be hacked. As the hacker explained, he exploited a zero-day vulnerability to penetrate the internal network of the “Hacking Team”. Since the vulnerability remains unpatched, Phineas Fisher does not report any details.
Once inside the network, he downloaded e-mails and accessed other servers. Then the hacker gained administrative privileges basic Windows network and observed the actions of the administrators. Using a keylogger, Phineas Fisher managed to steal the password of a member of the Hacking Team, Christian Pozzi and used it to gain access to all the source codes of the Hacking Team, stored on a separate isolated network.
Using the password recovery function, the hacker changed the password to the company’s account on Twitter, and on July 5, 2015, Phineas Fisher reported a burglary on behalf of itself Hacking Team.
According to Phineas Fisher, he spent six weeks on the corporate network, and implementing the attack and data kidnapping took one hundred hours.