“Hacking Team” Hack Comprehensive Timeline By Kamalesh Lunkad CT+ student ASCL
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
“Hacking Team” Hack
Comprehensive TimelineBy Kamalesh Lunkad
CT+ student ASCL
Hacking Team is a Italian surveillance company.
Sells spyware to governments all around the world, was seriously Hacked on July 5th.
This Hack ripped the company's corporate secrets, emails, source code and files, and leaked over internet.
Hacking (Hacked) Team
The attacker either had direct Physical access to security engineer Christian Pozzi's PC or used malware to achieve a similar level of access to download all data.
We can tell simply by looking at a folder name among the files that were leaked onto the internet.
(Covered Later in this presentation)
Saturday July 5th 2015 or beforeAttack Began
Hacking Team’s Twitter feed was taken over. The banner on the page changed to “Hacked Team.”
July 5th 2015
Hackers Leaked all the stolen data online, including all emails, source code and files.
1st Tweet
Transperency report of 400GB
After taking over Hacking Team’s twitter account
Attacker started to publish emails that were leaked as part of the 400GB files.
Sunday July 6, 2015
Phineas Fisher,a hacker which previously took responsibility for an attack on Gamma came forward taking responsibility for this too.
Who is Responsible?
Attacker did not answer further questions asked on twitter but he said he will revel how he hacked :Hacking Team”
Christian Pozzi, Hacking Team system and security engineer, took to Twitter to refute claims made by the cyber attackers.
The Twitter account has been deleted, but a (https://archive.is/Ca8Kz) containing his comments can be accessed:
Damage Control (Incident Response)
While at first calm, Pozzi's tweets became increasingly frantic.
Later his account also got hacked
11.30 GMT : Hacking Team's Twitter account wrestled control back
Hacking Team removed messages, screenshots of stolen data and mockery levied against the company
Hacking Team’s Twitter account archive before deleting posts here https://archive.is/n0om8)
14.09 GMT: The Hacking Team website is offline.
May be because cyberattack or the company took it down avoid further problems or the heat of the media.
July 6th 2015
15.07 GMT: The Company’s surveillance solution code leaked onto GitHub. (https://github.com/hackedteam/)
Wikileaks created a database to comb through all released email of HT. https://wikileaks.org/hackingteam/emails/
July 9th
https://ht.transparencytoolkit.org/ One can access all the data online and
download any file
Online mirror of 400 Gb data
Contract with Ethiopia Leaked Docs
Hacking Team assigned Anonymizers to customers from Lebanon and Egypt. The IPs are for VPN services in the U.S. and Germany
VPN servers
A list of VPS credentialsVPS servers
Customer lists
Mexico was discovered to be top client.
Product listsAn example of the type of products offered by Hacking Team and their associated cost in Euro
Collectors and anonymizers
Hacking Team had recently told the UN that they had never done business with the country.
Contract with Sudan
A contract with a company in Israel for €55,000 Euro.
A contract with Lebanon for €100,000 Euro.
Related Documents
