Threat Intelligence, Threat Management

Hacker behind Hacking Team breach publishes how-to guide

Phineas Fisher, the hacker who claimed responsibility for breaching Hacking Team last year published an explainer guide detailing his process in executing the attack.

The hacker's how-to post on PasteBin stated that he found MongoDB databases without authentication, a common flaw that many companies, including Verizon Enterprise and multiple voter groups, failed to secure. “The audio that RCS records is stored in MongoDB with GridFS. The audio folder in the torrent came from this,” he wrote. “They were spying on themselves without meaning to.”

The hacker, who was also known as FinFisher, located the admin password and through the password gained access to Hacking Team's email. He then used Windows Powershell to save copies of emails as he proceeded since “with each step I take there's a chance of being detected”.

In July 2015, the hacker breached 400GB of Hacking Team's confidential documents, emails, and source code, which exposed the company's client list, which included the FBI and the U.S. Drug Enforcement Agency.

The leaked documents also demonstrated that the company sold its surveillance tools to several countries have been cited for human rights abuses, including Egypt, Bahrain, Morocco, Russia Uganda, among others.

The hacker was also linked to hacking Gamma International, a U.K. company that sold a spyware product similar in functionally similar to the exploits used by Hacking Team.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.