Phineas Fisher, the hacker who claimed responsibility for breaching Hacking Team last year published an explainer guide detailing his process in executing the attack.
The hacker's how-to post on PasteBin stated that he found MongoDB databases without authentication, a common flaw that many companies, including Verizon Enterprise and multiple voter groups, failed to secure. “The audio that RCS records is stored in MongoDB with GridFS. The audio folder in the torrent came from this,” he wrote. “They were spying on themselves without meaning to.”
The hacker, who was also known as FinFisher, located the admin password and through the password gained access to Hacking Team's email. He then used Windows Powershell to save copies of emails as he proceeded since “with each step I take there's a chance of being detected”.
In July 2015, the hacker breached 400GB of Hacking Team's confidential documents, emails, and source code, which exposed the company's client list, which included the FBI and the U.S. Drug Enforcement Agency.
The leaked documents also demonstrated that the company sold its surveillance tools to several countries have been cited for human rights abuses, including Egypt, Bahrain, Morocco, Russia Uganda, among others.