Hacker Fisher gives Detail Write-up about the Way He Breached Servers of Hacking Team

The hacker behind causing trouble for the Hacking Team, during 2015 July, recently produced a detailed "DIY guide" telling the manner in which he accomplished his task.

He, well known as Phineas Fisher owns a Twitter account @GammaGroupPR, currently going by the name "Hack Back." Earlier, the hacker exposed the spyware documents of FinFisher, particularly the name of anti-virus products capable of detecting the surveillance malware of Gamma International.

Using a pseudonym, the digital watching hacker attacking Hacking Team is back following an 8-month of literally full inactivity, publishing an in-depth explanation about the way he invaded computers of the company and leaked the secrets it most closely safeguarded.

Phineas Fisher unnoticeably exfiltrated data sized 400GB-or-more. Not only that, he also gives detail analysis about his political principles' policy as well as the explanation as to why he executed the hack, within the publication. Techworm.com posted this, April 17, 2016.

Phineas disclosed he entered the Hacking Team's server via certain 0-day exploit inside one device embedded into the firm's main PC-network. He, however, does not tell the device's exact purpose or type.

The hacker subsequently writes he scanned Hacking Team's computers for long as well as even revealed one flaw the company had in its front-end website which's Joomla-based, and found problems in the e-mail server, a few VPN appliances and one-or-two routers of the company. Also, in spite of the company's huge area prone to attack, Phineas summarizes that the mentioned 0-day vulnerability could, more reliably, facilitate further assaults.

According to him, there were many security flaws, like one unprotected MongoDB wherein Hacking Team stored its audio of Remote Control Software. The hacker observed that the torrent where the audio file was placed happened because of this, implying the company spied on its staff although unintentional.

The server for Exchange e-mail's backup was the most valuable the hacker breached, extracting the administrative account password of the BlackBerry Enterprise Server. With this password, Fisher was capable of escalating his hold over the company via hacking 'Hacking Team's' Domain Admin computer server, so he could glean all of the people's passwords in Hacking Team.

» SPAMfighter News - 4/25/2016