Almost a year after Hacking Team was hacked, the hacker who succeeded has published the method he used to breach the company's servers. Remember that after infringement, stole all their data.
The FinFisher hacker, also known as Phineas Fisher, published in Pastebin during the weekend, how he attacked, and what tools he used.
The hacker revealed that the entry point into Hacking Team's infrastructure was a zero-day root exploit on an embedded device that exists on the company's internal corporate network. Of course, he refused to name the exact one nature and the purpose of the embedded device.
FinFisher reports that it has spent a lot of time scanning the company's network, also detecting a vulnerability in the front end of the Joomla website. In addition to the above, he discovered several security issues affecting e-mail servers, two routers, and some VPNs. The investigator concluded that the zero-day exploit he detected was very reliable for further attacks.
After drafting and developing a backdoored firmware on the vulnerable embedded device, he waited, "listening" to internal traffic, scanning and mapping local infrastructures.
So he discovered two vulnerable MongoDB databases that Hacking Team admins did not protect with a password (!). There he found details of the backup system and the backup store.
The most valuable backup was on the Exchange e-mail server, it was able to extract from the BES (BlackBerry Enterprise Server) the Administrator account password, which was still valid.
This password allowed FinFisher to access the server as an administrator. So he was able to export them all codeof access by all users of the company.
Of course, the hacker knew there was a chance he could catch him at some point. So the first thing she did was to use Windows PowerShell to get the data that was on the company's e-mail server. For the coming weeks, as he had access, he received daily the new e-mail.
After reading some emails, FinFisher realized that there was another hidden network within the company's premises, where Hacking Team stored the RCS source code. (the top surveillance software of the Remote Control System).
With access to each computer and administrator password, FinFisher focused on one of the company's top developers, Christian Pozzi.
He scanned Pozzi's computers and the email accounts he used, eventually discovering his Web password interface του GitLab source code management system.
“That's all you need to start a company and stop human rights violations. This is the beauty and asymmetry of piracy: With 100 hours of work, one person can set aside years of work from a multi-million dollar company, ”FinFisher says.
"Hacking gives the underdogs the opportunity to fight and win."
For more details, read the link below
