The Hacking Team Hack (2015)
Jump to navigation Jump to search
|Date||22 May 2015. However, the attack was discovered on 5 July 2015. |
|Suspected actor||Unknown. However, the hacker claimed to be a lone wolf under the nickname of Phineas Fisher. Further investigations did not clarify whether the attack has been conducted by a single hacker or an organization.|
|Target||The Hacking Team, an Italian security company offering surveillance tool software to governments, intelligence and law enforcement agencies.|
|Target systems||Microsoft Windows-based systems|
|Method||The hacker managed to exploit a vulnerability on one of the embedded devices of the company´s network. After obtaining a remote root exploit, the malicious actor was able to gain administrative privileges inside the company’s main Windows network. From there, the hacker was able to navigate within the network and steal a considerable amount of data.|
|Purpose||The hacker claimed that the attack was conducted to punish the Hacking Team company for selling digital surveillance products considered to be enablers of human rights violations . The attack also highlighted that many of the company’s customers had been authoritarian regimes.|
|Result||Theft and leak of more than 400 gigabytes of data including internal emails, files and their Remote Control System (RCS) source code. The malicious actor hacked the Twitter account of the company and posted a message containing a link to the torrent file containing the files. Around 80% of the company’s spyware source code has been made visible online.|
|Aftermath||The attack was followed by the release of a “do it yourself guide” that explains how the attack has been conducted. This is considered to be the Phineas’ Manifesto, which explains both its political motivations and technical details of the hack. The leaked material showed that the Hacking Team sold surveillance tools to repressive regimes such as Ethiopia, Sudan, Russia, or Saudi Arabia which were used to spy on journalists and activists. The attack to the company and the leaking of documents rendered the surveillance tools public and available for everybody. In the DIY guide, Phineas described the attack as ethical hacking. |
|Analysed in||Scenario 11: Sale of surveillance tools in defiance of international sanctions|
Collected by: Samuele De Tomas Colatin
- L Franceschi-Bicchierai, “Hacking Team Hacker Phineas Fisher Has Gotten Away With It”, (12 November 2018), Motherboard.
- Z Zorz, “Hacking Team hacked, 400GB+ of company documents and emails leaked”, (6 July 2015), Help Net Security.
- J M Porup, “How Hacking Team got hacked”, (19 April 2016), Ars Technica.
- L Franceschi-Bicchierai, “The Vigilante Who Hacked Hacking Team Explains How He Did It”, (16 April 2016), Motherboard.
- E Auchard, J Menn, “Surveillance software maker Hacking Team gets taste of its own medicine”, (6 July 2015), Reuters.
- A Hern, “Hacking Team hack casts spotlight on murky world of state surveillance”, (11 July 2015), The Guardian.
- D Kushner, “Fear This Man”, (26 April 2016), Foreign Policy.
- Phineas Fisher, “Hack Back! A DIY Guide”, () http://pastebin.com/raw/0SNSvyjJ
- Pierluigi Paganini, “The hacker PhineasFisher published a detailed explanation of how he has hacked the Italian surveillance firm Hacking Team”, (18 April 2016), Security Affairs.
- A Hern, “Hacking Team hacked: firm sold spying tools to repressive regimes, documents claim”, (6 July 2015), The Guardian.
- CSO Press, “Hacker who hacked Hacking Team published DIY how-to guide”, (17 April 2016), CSO.