The hacker group behind a high profile cyber strike on Hacking Team has pledged to release details how it stole 400GB worth of data from the surveillance software maker.
The incident occurred when hackers infiltrated the Italy-based Hacking Team’s network to steal and publish online over 400GB of the firm’s data and temporarily hijack control of its Twitter account on Sunday and Monday.
The attack saw the attackers leak vast amounts of Hacking Team information, including customer details, the source code of many of its products and internal emails.
The leaks have also lead to concerns Hacking Team is selling its surveillance products to countries international organisations, including the United Nations, NATO, European Parliament, and the US have blacklisted.
It was originally unclear how Hacking Team was breached or who had mounted the attack.
However, the “Phineas Fisher” Twitter account used in 2014 to publicise attacks on Gamma International UK — a company that makes similar surveillance products to Hacking Team — has since claimed credit for the attacks and pledged to reveal how it breached the firm’s systems.
I’ll writeup how hacking team got hacked once they have had some time to fail at figuring out what happened and go out of business
— Phineas Fisher (@GammaGroupPR) July 7, 2015
The claim has led to speculation within the security community about what techniques the hackers used.
F-Secure security consultant Sean Sullivan told Business Insider initial evidence suggests the the attackers were able to get in as Hacking Team was using insecure, easy to guess, passwords to protect its systems.
“Based on what I’ve seen poor use of passwords could be the issue. These guys might have some decent skills as Forwards, but as Goalkeepers? Not so much it seems,” he said.
The theory was shared by independent security expert Graham Cluley, who pointed out one of the leaked documents showed many of Hacking Team’s internal and external systems had shared passwords, in a blog post.
“The hackers appear to have successfully compromised Pozzi’s Firefox browser password store, revealing a slew of poorly chosen login credentials rather than the complex, hard-to-crack, unique passwords that most security professionals would recommend,” he said.
AlienVault security evangelist Javvad Malik held a similar opinion, pointing out early reports indicate Hacking Team was even using variants of the same word as a password to secure its systems.
“It looks like Hacking Team were reusing some relatively weak passwords — variants of “password” seemed common,” he told Business Insider.