scorecard
  1. Home
  2. tech
  3. Hackers plan to teach people how they stole 400GB of data from Hacking Team

Hackers plan to teach people how they stole 400GB of data from Hacking Team

Alastair Stevenson   

Hackers plan to teach people how they stole 400GB of data from Hacking Team
Tech3 min read

A classroom

Reuters Pictures

The group promises to reveal how they did it.

The hacker group behind a high profile cyber strike on Hacking Team has pledged to release details how it stole 400GB worth of data from the surveillance software maker.

The incident occurred when hackers infiltrated the Italy-based Hacking Team's network to steal and publish online over 400GB of the firm's data and temporarily hijack control of its Twitter account on Sunday and Monday.

The attack saw the attackers leak vast amounts of Hacking Team information, including customer details, the source code of many of its products and internal emails.

The leaks have also lead to concerns Hacking Team is selling its surveillance products to countries international organisations, including the United Nations, NATO, European Parliament, and the US have blacklisted.

It was originally unclear how Hacking Team was breached or who had mounted the attack.

However, the "Phineas Fisher" Twitter account used in 2014 to publicise attacks on Gamma International UK - a company that makes similar surveillance products to Hacking Team - has since claimed credit for the attacks and pledged to reveal how it breached the firm's systems.

The claim has led to speculation within the security community about what techniques the hackers used.

F-Secure security consultant Sean Sullivan told Business Insider initial evidence suggests the the attackers were able to get in as Hacking Team was using insecure, easy to guess, passwords to protect its systems.

"Based on what I've seen poor use of passwords could be the issue. These guys might have some decent skills as Forwards, but as Goalkeepers? Not so much it seems," he said.

The theory was shared by independent security expert Graham Cluley, who pointed out one of the leaked documents showed many of Hacking Team's internal and external systems had shared passwords, in a blog post.

"The hackers appear to have successfully compromised Pozzi's Firefox browser password store, revealing a slew of poorly chosen login credentials rather than the complex, hard-to-crack, unique passwords that most security professionals would recommend," he said.

AlienVault security evangelist Javvad Malik held a similar opinion, pointing out early reports indicate Hacking Team was even using variants of the same word as a password to secure its systems.

"It looks like Hacking Team were reusing some relatively weak passwords - variants of "password" seemed common," he told Business Insider.

NOW WATCH: These Surveillance Balloons Are The Hot New Way To Spy On People

READ MORE ARTICLES ON


Advertisement

Advertisement