Hackers plan to teach people how they stole 400GB of data from Hacking Team
Reuters Pictures
The incident occurred when hackers infiltrated the Italy-based Hacking Team's network to steal and publish online over 400GB of the firm's data and temporarily hijack control of its Twitter account on Sunday and Monday.
The attack saw the attackers leak vast amounts of Hacking Team information, including customer details, the source code of many of its products and internal emails.
The leaks have also lead to concerns Hacking Team is selling its surveillance products to countries international organisations, including the United Nations, NATO, European Parliament, and the US have blacklisted.
It was originally unclear how Hacking Team was breached or who had mounted the attack.
However, the "Phineas Fisher" Twitter account used in 2014 to publicise attacks on Gamma International UK - a company that makes similar surveillance products to Hacking Team - has since claimed credit for the attacks and pledged to reveal how it breached the firm's systems.
I'll writeup how hacking team got hacked once they've had some time to fail at figuring out what happened and go out of business
- Phineas Fisher (@GammaGroupPR) July 7, 2015
The claim has led to speculation within the security community about what techniques the hackers used.
F-Secure security consultant Sean Sullivan told Business Insider initial evidence suggests the the attackers were able to get in as Hacking Team was using insecure, easy to guess, passwords to protect its systems.
"Based on what I've seen poor use of passwords could be the issue. These guys might have some decent skills as Forwards, but as Goalkeepers? Not so much it seems," he said.
The theory was shared by independent security expert Graham Cluley, who pointed out one of the leaked documents showed many of Hacking Team's internal and external systems had shared passwords, in a blog post.
"The hackers appear to have successfully compromised Pozzi's Firefox browser password store, revealing a slew of poorly chosen login credentials rather than the complex, hard-to-crack, unique passwords that most security professionals would recommend," he said.
AlienVault security evangelist Javvad Malik held a similar opinion, pointing out early reports indicate Hacking Team was even using variants of the same word as a password to secure its systems.
"It looks like Hacking Team were reusing some relatively weak passwords - variants of "password" seemed common," he told Business Insider.
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- 19,000 school job losers likely to be eligible recruits: Bengal SSC
- Groww receives SEBI approval to launch Nifty non-cyclical consumer index fund
- Retired director of MNC loses ₹25 crore to cyber fraudsters who posed as cops, CBI officers
- Hyundai plans to scale up production capacity, introduce more EVs in India
- FSSAI in process of collecting pan-India samples of Nestle's Cerelac baby cereals: CEO