“Hacking Team” Hack

Comprehensive TimelineBy Kamalesh Lunkad

CT+ student ASCL

Hacking Team is a Italian surveillance company.

Sells spyware to governments all around the world, was seriously Hacked on July 5th.

This Hack ripped the company's corporate secrets, emails, source code and files, and leaked over internet.

Hacking (Hacked) Team

The attacker either had direct Physical access to security engineer Christian Pozzi's PC or used malware to achieve a similar level of access to download all data.

We can tell simply by looking at a folder name among the files that were leaked onto the internet.

(Covered Later in this presentation)

Saturday  July 5th 2015 or beforeAttack Began

Hacking Team’s Twitter feed was taken over. The banner on the page changed to “Hacked Team.”

July 5th 2015

Hackers Leaked all the stolen data online, including all emails, source code and files.

1st Tweet

Transperency report of 400GB

After taking over Hacking Team’s twitter account

Attacker started to publish emails that were leaked as part of the 400GB files.

Sunday July 6, 2015

Phineas Fisher,a hacker which previously took responsibility for an attack on Gamma came forward taking responsibility for this too.

Who is Responsible?

Attacker did not answer further questions asked on twitter but he said he will revel how he hacked :Hacking Team”

Christian Pozzi, Hacking Team system and security engineer, took to Twitter to refute claims made by the cyber attackers.

The Twitter account has been deleted, but a (https://archive.is/Ca8Kz) containing his comments can be accessed:

Damage Control (Incident Response)

While at first calm, Pozzi's tweets became increasingly frantic.

Later his account also got hacked

11.30 GMT :  Hacking Team's Twitter account wrestled control back

Hacking Team removed messages, screenshots of stolen data and mockery levied against the company

Hacking Team’s Twitter account archive before deleting posts here https://archive.is/n0om8)

14.09 GMT: The Hacking Team website is offline.

May be because cyberattack or the company took it down avoid further problems or the heat of the media.

July 6th 2015

15.07 GMT: The Company’s surveillance solution code leaked onto GitHub. (https://github.com/hackedteam/)

Wikileaks created a database to comb through all released email of HT. https://wikileaks.org/hackingteam/emails/

July 9th

https://ht.transparencytoolkit.org/ One can access all the data online and

download any file

Online mirror of 400 Gb data

Contract with Ethiopia Leaked Docs

Hacking Team assigned Anonymizers to customers from Lebanon and Egypt. The IPs are for VPN services in the U.S. and Germany

VPN servers

A list of VPS credentialsVPS servers

Customer lists

Mexico was discovered to be top client.

Product listsAn example of the type of products offered by Hacking Team and their associated cost in Euro

Collectors and anonymizers

Hacking Team had recently told the UN that they had never done business with the country.

Contract with Sudan

A contract with a company in Israel for €55,000 Euro.

A contract with Lebanon for €100,000 Euro.