The Hacking Team Hack (2015)

From International cyber law: interactive toolkit
Jump to navigation Jump to search
Date 22 May 2015. However, the attack was discovered on 5 July 2015. [1]
Suspected actor Unknown. However, the hacker claimed to be a lone wolf under the nickname of Phineas Fisher. Further investigations did not clarify whether the attack has been conducted by a single hacker or an organization.
Target The Hacking Team, an Italian security company offering surveillance tool software to governments, intelligence and law enforcement agencies.[2]
Target systems Microsoft Windows-based systems
Method The hacker managed to exploit a vulnerability on one of the embedded devices of the company´s network.[3] After obtaining a remote root exploit, the malicious actor was able to gain administrative privileges inside the company’s main Windows network. From there, the hacker was able to navigate within the network and steal a considerable amount of data.[4]
Purpose The hacker claimed that the attack was conducted to punish the Hacking Team company for selling digital surveillance products considered to be enablers of human rights violations . The attack also highlighted that many of the company’s customers had been authoritarian regimes.[5]
Result Theft and leak of more than 400 gigabytes of data including internal emails, files and their Remote Control System (RCS) source code.[6] The malicious actor hacked the Twitter account of the company and posted a message containing a link to the torrent file containing the files. Around 80% of the company’s spyware source code has been made visible online.[7]
Aftermath The attack was followed by the release of a “do it yourself guide” that explains how the attack has been conducted.[8] This is considered to be the Phineas’ Manifesto, which explains both its political motivations and technical details of the hack.[9] The leaked material showed that the Hacking Team sold surveillance tools to repressive regimes such as Ethiopia, Sudan, Russia, or Saudi Arabia which were used to spy on journalists and activists.[10] The attack to the company and the leaking of documents rendered the surveillance tools public and available for everybody. In the DIY guide, Phineas described the attack as ethical hacking. [11]
Analysed in Scenario 11: Sale of surveillance tools in defiance of international sanctions

Collected by: Samuele De Tomas Colatin