Thursday, November 8, 2018

The Mindset of a Hacker who Hacked the Hacking Team

Hacking Team was a notorious Italian infosec firm, that was known for selling exploits and malware to oppressive regimes and enable them to pray on journalists, activists, and political opponents. In 2015, the internal network of Hacking Team was completely infiltrated by a hacker, and over 400 gigabytes of data, including e-mails, invoices, and source code have been released.

Later in that year, the hacker known as Phineas Fisher, published an articles to an underground e-zine, HackBack! A DIY Guide for those without the patience to wait for whistleblowers, which himself was the editor, to share his mindset and experience. It was a detailed account of how he managed to hack the HackingTeam. Besides technical details, it also includes his methodology, motivation and political stance.

A years before the HackingTeam hack, Phineas Fisher already published a guide to HackBack in 2014, which was a general introduction to the basic methodology and offensive security. In other words, he successfully applied his theory to practice.

(original articles don't have titles, titles are my own). Even some suggestions and techniques in the articles are outdated (such as Bitcoin and TrueCrypt, when now there are better alternatives available, and it is not recommended to use them), it still remains a classic, both from technical and r/CoreCyberpunk's perspective.

I recommend reading the article about Hacking Team first, then review his introduction.

Here are some interesting quotes from the articles.

Unfortunately, our world is backwards. You get rich by doing bad things and go to jail for doing good.

The English-speaking world already has tons of books, talks, guides, and info about hacking. In that world, there's plenty of hackers better than me, but they misuse their talents working for "defense" contractors, for intelligence agencies, to protect banks and corporations, and to defend the status quo.

Hacker culture was born in the US as a counterculture, but that origin only remains in its aesthetics - the rest has been assimilated. At least they can wear a t-shirt, dye their hair blue, use their hacker names, and feel like rebels while they work for the Man.

You used to have to sneak into offices to leak documents. You used to need a gun to rob a bank. Now you can do both from bed with a laptop in hand.

If you have no experience with programming or hacking, some of the text below might look like a foreign language. Check the resources section at the end to help you get started. And trust me, once you've learned the basics you'll realize this really is easier than filing a FOIA request.



No comments:

Post a Comment