How To Hack The Police
The hacker behind the Hacking Team breach has now published a video showing how he hacked a Catalan police department, encouraging others to follow suit. A screenshot above is from a promotional video for its Da Vinci tool. Screenshot

Hacking Team, the Italian spyware vendor that was hacked last year, claims the media coverage of the hack was “sensationalist,” and despite claims from cybersecurity experts of its demise, the company has managed to get its products back up and running.

Hacking Team CEO David Vincenzetti called the hacker, who leaked 400GB of data connecting the group to U.S. government agencies, a “vigilante” in a response to a post published last weekend by the hacker detailing how he accessed the company’s system, remained unnoticed for weeks and downloaded emails, files and source code before publishing it all on the internet.

The hacker, who goes by the name Phineas Fisher, remains anonymous but Vincenzetti warned that “multiple law enforcement investigations are underway in several countries. We hope that the vigilante’s barging about his work will lead to his swift arrest and prosecution.”

The hacker claims to have used a zero-day vulnerability — a previously unknown flaw in software — to first gain access to the company’s systems, but in his post — entitled Hack Back — he fails to give more details about the vulnerability as he says it has not yet been patched.

The hacker was able to remain inside the Hacking Team system for more than six weeks before downloading the huge trove of data that contained details of which governments and law enforcement agencies the company was working with, including the FBI, Drug Enforcement Agency and Department of Defense.

Hacking Team is one of a number of companies that specialize in finding — or buying — hardware and software vulnerabilities to utilize in their own surveillance tools that they sell to governments and law enforcement agencies. Hacking Team claims it sells only to organizations in countries approved by the United Nations. However, the leak revealed the company had been doing business with countries such as Sudan, which are on the U.N. blacklist, despite telling U.N. investigators it had no business relationship with the African country.

The portrayal of Hacking Team in the media is the result of publications being “desperate for sensational stories,” according to Vincenzetti, who said the same publications were ignoring the facts. “Criminals and terrorists today routinely use Internet secrecy and end-to-end encryption to rob, kill and terrorize whole populations,” Vincenzetti said. “Hacking Team provides a valuable tool that law enforcement and security agencies around the world use to keep citizens safe.”

In the post published over the weekend, the hacker claiming to be responsible for the attack on Hacking Team revealed the reasons behind the leak. “Hacking Team saw themselves as part of a long line of inspired Italian design. I see Vincenzetti, his company, his cronies in the police, Carabinieri, and government, as part of a long tradition of Italian fascism.”

The hacker says it took just one hacker 100 hours to undo years of work by a multimillion-dollar company. He encouraged other hackers to follow his lead. “Hacking gives the underdog a chance to fight and win.” To help other potential hackers, the post gives advice on what tools to use and how to go about targeting companies like Hacking Team.

However, despite the hacker’s claims to have undone years of work, the Italian company says it has been able to get its surveillance tool, known as Remote Control System, back online despite the source code being leaked. “Hacking Team has restored our lawful surveillance product and developed new cutting-edge tools,” Vincenzetti said. “At the same time, the company has overhauled and secured internal computer networks.”

When asked if the leak had led to a decline in business, a spokesperson for Hacking Team told International Business Times that as a private company it did not disclose customer numbers or revenues.