Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker's Account of How He Took Down Hacking Team's Servers (softpedia.com)

Posted by EditorDavid on from the in-your-base dept.

An anonymous reader writes: FinFisher, the hacker that broke into Italian firm Hacking Team, has published a step-by-step account of how he carried out the attacks, what tools he used, and what he learned from scouting HackingTeam's network. Published on PasteBin, the attack's timeline reveals he entered their network through a zero-day exploit in an (unnamed) embedded device, accessed a MongoDB database that had no password, discovered backups in the database, found a BES admin password in the backups, and eventually got admin access to the Windows Domain Server. From here, it was easy to reach into their email server and steal all the company's emails, and later access Git repos and steal the source code of their surveillance software.

6 of 70 comments (clear)

  1. Fascinating by JustAnotherOldGuy · · Score: 5, Interesting

    I read the whole account, and although I by no means understood everything, it was a fascinating read.

    It appears that almost any route into a system will lead to more exploitable routes, and those lead to even more, and so on, until you're basically free to roam at will, read and change key files, install all the backdoors you like, and so on. He basically ended up with an embarrassment of riches, so to speak, with as much (or likely more) access than all of the legit admins combined.

      It would appear that truly locking down a large, complex network is next to impossible- there are so many moving parts and so many places to prod and poke that sooner or later, someone will find that one little vulnerability that opens the door.

    It's hard not to admire someone with skills and the persistence it took to do this.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Fascinating by Qzukk · · Score: 3, Interesting

      Setting aside this particular hack, *most* "hacks" are simply scattershot: if it costs $X of effort to break into a computer, as long as one out of every N computers gets you something worth N*X, the question is why not?

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  2. Re:MongoDBs by JustAnotherOldGuy · · Score: 5, Interesting

    sigh, MongoDB.
    On install
    1. no authentication, no passwords
    2. default read access to everything for any user
    3. no granularity.
    4. data sent in the clear
    5. no encryption
    6. binds to all available interfaces

    If I didn't know better (and I don't) it would seem that one of MongoDB's design goals was "easy to hack right out of the box".

    --
    Just cruising through this digital world at 33 1/3 rpm...
  3. FinFisher by Anonymous Coward · · Score: 2, Interesting

    FinFisher, the hacker that broke into Italian firm Hacking Team

    I'm pretty sure FinFisher is the name of a competitor of Hacking Team, not the name of the hacker who broke into Hacking Team's network.

    1. Re:FinFisher by radicimo · · Score: 5, Interesting

      It's likely that the same person who took down FinFisher took down HT. Maybe he adopted the name FinFisher as a badge of honor? Here's an example of his previous writing. http://0x27.me/HackBack/0x00.t...

      --
      100 REM PISS OFF CODE FASCISTS 200 GOTO 100
  4. Also, unauthenticated iSCSI by Lev_Arris · · Score: 3, Interesting

    The linked article doesn't mention this but the way FinFisher got into the Backup server was by simply mounting its iSCSI volumes which required no authentication at all. (Technically, the iSCSI targets were supposed to be on a separate network, but it turns out you could still get at them from the main network.)

    The lesson there: It doesn't matter which network the service is in, turn on authentication!