Vigilante hacker who brought The Hacking Team to its knees explains how he hacked it

The hacking of the controversial government spying and hacking tool seller Hacking Team made headlines worldwide back in July of last year for being breached by an outside attacker. Further, there was no information about the offender or how it was done.

However, that secret has finally been disclosed.

The pseudonymous digital vigilante behind the hack has reappeared after maintaining eight months of virtually complete silence, printing a thorough account of how he broke into the company’s systems and laid bare its most closely protected secrets.

The hacker who slipped into Hacking Team’s network calls himself Phineas Fisher not only quietly exfiltrated more than 400 gigabytes of data, but also has provided an insight of his policy of political ideals and the reasons behind the hack in his write-up.

“And that’s all it takes to take down a company and stop its abuses against human rights,” the hacker announced at the end of his guide. “That’s the beauty and asymmetry of hacking: with just 100 hours of work, one person can undo years of a multimillion dollar company’s work. Hacking gives the underdog a chance to fight and win.”

“And that’s all it takes to take down a company and stop its abuses against human rights.”

According to Phineas Fisher, as opposed to doing consulting work for companies who are often the ones that actually deserve to be hacked, leaking documents to show corruption and abuse of power is real “ethical hacking.”

Hacking Team is an Italian company that sells spyware and hacking services to police and intelligence agencies worldwide. Several cases have been documented by the researchers through the years where Hacking Team’s tools were used against journalists, protesters, or activists.

“I see [Hacking Team’s CEO David] Vincenzetti, his company, and his friends in the police, military and governments, as part of a long tradition of Italian fascists,” Phineas Fisher continued, writing in Spanish. (Vincenzetti often signs his emails with the fascist motto “Boia chi molla“)

The hacker who is only known as Phineas Fisher, though his Twitter account’s handle is now “Hack Back,” apparently went undetected for weeks after he broke into the corporate servers of Hacking Team last year.

However, the hacker concluded his invasion in early July of 2015, by leaking online a huge treasure trove of files that included thousands of internal documents, emails, and even the source code of the company’s hacking tools. In other words, Phineas Fisher took everything there was to take, laying bare all the company’s secrets, including its once secretly guarded list of customers.

The night that the hacker published the data, he disclosed that he was the same person who in 2014 breached Gamma International, a Hacking Team’s competitor that sells spyware called FinFisher. However, for months, there was one giant question that has remained unanswered: how did the hacker manage to humiliate and entirely own a company whose whole business model rested exactly on hacking other people?

The hacker at that time promised he would declare to the world. But he just wanted to wait for some time, he said on Twitter, until Hacking Team “had some time to fail at figuring out what happened and go out of business.”

More than eight months later, Hacking Team is still in business. Hence, Phineas Fisher decided to reveal the detailed account of what happened, “so we can laugh them off the internet for good,” he tweeted.

The hacker whose guide got published on Friday described how he used an unidentified vulnerability, or zero day to get the first footing into Hacking Team’s internal network. The bug still has not been patched; however, Phineas Fisher refused to divulge any more details on what the vulnerability is exactly, or where he found it. (The hacker also declined to comment for this story.)

The hacker said that after getting he moved around cautiously, first downloading emails, then obtaining entry to other servers and parts of the network. Phineas Fisher said after getting administrative rights inside the company’s main Windows network, he snooped on the system administrators, mainly on Christian Pozzi, given that they typically have access to the whole network. The hacker said he gained access and exfiltrated all the company’s source code having stolen Pozzi’s passwords by recording his keystrokes, which was hosted on a separate isolated network.

At that point, he reset Hacking Team’s Twitter password using the “forgot password” function, and on the late evening of July 5, he declared the hack using the company’s own Twitter account.

The hacker said that he was inside Hacking Team’s network for six weeks, and that it took him approximately 100 hours of work to move around and retrieve all the data. Going by his words, it’s clear that Phineas Fisher had a strong political drive to attack Hacking Team.

Making reference to the bloody raid on the Italian school in Genoa in 2001, where police forces took over a school where anti G-8 activists of the Genao Social Forum were held, leading to the arrest of 93 activists, he added, “I want to dedicate this guide to the victims of the assault on the Armando Diaz school, and all those who had their blood spilled by Italian fascists.” However, the techniques of the raid and following confinement were so debateable that 125 policemen were brought to trial, indicted of beating and torturing the detainees.

The hacker also rejected being defined as a vigilante, and selected a more political definition.

“I would characterize myself as an anarchist revolutionary, not as a vigilante,” he told in an email to Motherboard. “Vigilantes act outside the system but intend to carry out the work of the police and judicial system, neither of which I’m a fan of. I’m clearly a criminal, it’s unclear whether Hacking Team did anything illegal. If anyone, Hacking Team are the vigilantes, acting in the margins in pursuit of their love for authority and law and order.”

“Hacking gives the underdog a chance to fight and win.”

In the guide, Phineas Fisher inspires others to follow his example.

Quoting the anarcho-syndicalist labor union Comision Nacional de Trabajo, or CNT, he wrote, “Hacking is a powerful tool. Let’s learn and fight!” In 2014, after Phineas Fisher hacked Gamma Group, the CNT said that it was clear technology was just another front in class warfare, and that it was time to “take a step ahead” with “new forms of fighting.”

Given that neither Hacking Team nor the Italian authorities have revealed anything connected to the hack, it is not possible to confirm whether all the information in the guide is factual.

In in an email to Motherboard, Hacking Team’s spokesperson Eric Rabe said, “Any comment should come from the Italian police authorities who have been investigating the attack on Hacking Team, so no comment from the company.” No information was provided by the Italian prosecutor’s office.

There is no clarity as to how the investigation is going, but Phineas Fisher seems unfazed about him getting caught. In another section of his guide, he labelled Hacking Team as a company that assisted governments spy on activists, journalists, political opponents, and “very occasionally” terrorists and criminals. The hacker also referred to Hacking Team’s claims that using the Tor network and on the dark web, it was making tech to track criminals.

“But considering I’m still free,” he wrote snarkily, “I have doubts about its effectiveness.”

The hacker finally ends with a call to arms after sharing a contact email address, in case anyone wants to send “spear phishing attempts, death threats in Italian, or to gift him zero days or access inside banks, corporations or governments.”

“If not you, who?” He wrote. “If not now, when?”

Source: Motherboard