"Phineas Fisher", the hacktivist who claims to be the perpetrator of the devastating data breach against Italian spyware vendor Hacking Team, has detailed exactly how he or she pulled off the attack.
According to a rundown posted on Pastebin, the motive for popping Hacking Team was a political one, a response to the spyware vendor selling surveillance malware to oppressive regimes around the world.
"Hacking Team was a company that helped governments hack and spy on journalists, activists, political opposition, and other threats to their power. And, occasionally, on actual criminals and terrorists," Fisher wrote.
The document outlines how a careful and dedicated opponent can get through even the most hardened security practices.
"With 100 hours of work, one person can undo years of work by a multi-million dollar company. Hacking gives the underdog a chance to fight and win," Fisher said.
Fisher began the attack by gathering information through Google searches, LinkedIn and data.com lookups, and scanning the domain name system and Hacking Team's internet-facing network to find a way in.
With the attack surfaces mapped out, Fisher decided to home in on one of the embedded devices at the edge of Hacking Team's network, and spent two weeks writing a zero-day for the appliance that provided the attacker with root or superuser access.
Since the vulnerability is still unpatched, Fisher declined to provide further details on the appliance or the backdoor in the firmware that was created.
Armed with root access to the network appliance, Fisher was then able to scan and attack Hacking Team's internal company network.
By using a variety of freely available tools and operating system features, the hacker was able to laterally move around the spyware vendor's network, penetrate systems and copy over 400 gigabytes of sensitive data which was later published on the web.
Fisher appear to have gained full access to not only servers but personal computers of Hacking Team executives and systems administrators, allowing the hacker to spy in real time on daily activities.
The hacker, whose real name is unknown, also claimed responsibility for a 2014 attack against government and law enforcement spyware vendor Gamma Group International, which makes and sells the FinFisher suite of malware.
As with Hacking Team, Fisher similarly published a guide on Pastebin detailing the attack.