The group behind a 2014 attack on the authors of the FinFisher spyware has claimed credit for a strike on Italian surveillance software maker Team Hacking.
Spyware is a type of software designed to spy and collect information on machines it is installed on without the users’ knowledge.
The latest strike saw the attackers infiltrate the Italy-based Hacking Team’s network to steal and publish online over 400GB of the firm’s data and temporarily hijack control of its Twitter account.
Stolen data included a list of Hacking Team’s current customers — many of which are government agencies — email correspondence, and the source code of a number of its surveillance tools.
The attack follows the same strategy as a 2014 strike on Gamma International UK, a firm that makes and sells the FinFisher spyware. The attack saw the hackers similarly breach Gamma International UK’s systems and publish stolen information online.
Initially no one group had publically come forward to claim responsibility. However the “Phineas Fisher” Twitter account used in 2014 to publicise the FinFisher attack later left a vague message, which online Motherboard writer Lorenzo Franceschi-Bicchieraisrc says confirms they are responsible.
gamma and HT down, a few more to go :)
— Phineas Fisher (@GammaGroupPR) July 6, 2015
At the time of publishing the Phineas Fisher account had not responded to Business Insider’s request for comment.
However, F-Secure security advisor Sean Sullivan told Business Insider without further information from the account it is hard to verify whether the claim is legitimate.
“That account was used to link to FinFisher stuff in August 2014. I think I remember seeing the account back then. But there’s nothing much to connect it to a group,” he said.
ESET security specialist Mark James said, regardless of who mounted the attack, the larger question is how they got the data and what they plan to do with it, as many of Hacking Team’s clients would make attractive targets for follow up strikes.
“There is no indication yet how the hack happened,” he said. “[But] the type of business they are in, along with the cliental they attract, has turned them into a very lucrative target from many internet groups.”
Itsik Mantin, Imperva director of security research at Imperva, agreed and added the hackers could use the data they stole to hurt Hacking Team customers.
“The information leaked may include intellectual property of the Hacking Team and commercial secrets, as well as personal information on personnel, business information on customers, including customers like law enforcement agencies,” he told Business Insider.
“Data stolen in this breach such as user credentials, may be used, or may have been used, to extend the breach and get more data.”
The Hacking Team breach is one of many high profile cyber attacks to occur over the last week. A group of hackers, known online as Team GhostShell, claimed to have successfully hacked over 300 websites and posted over 13,000 users’ personal details online on July 1.