Hacker's Account of How He Took Down Hacking Team's Servers

An anonymous reader writes: FinFisher, the hacker that broke into Italian firm Hacking Team, has published a step-by-step account of how he carried out the attacks, what tools he used, and what he learned from scouting HackingTeam's network. Published on PasteBin, the attack's timeline reveals he entered their network through a zero-day exploit in an (unnamed) embedded device, accessed a MongoDB database that had no password, discovered backups in the database, found a BES admin password in the backups, and eventually got admin access to the Windows Domain Server. From here, it was easy to reach into their email server and steal all the company's emails, and later access Git repos and steal the source code of their surveillance software.

And he had to go and ruin it right at the end...

[Viol8]

... by getting on his cross, polishing his halo and talk about "stopping their human rights abuses". Oh get over yourself son. The world isn't black and white, its shades of grey. The quicker you learn that fact the sooner you can pull that rod out of your arse. These guys just sell the software, they don't use it. If you really want to sort out human rights abuses there are plenty of governments and islamic terrorist networks you can try and hack. Though the latter might actually involve real personal danger, which is where most keyboard warriors draw the line.