Cyber Attack On Hacking Team Could Have Been Conducted From Barcelona

A Catalan portal reports:

Catalan and Italian police are investigating the hacker attack on the Police Union and the leak of 5540 police officers’ personal data. The police suspects that the four persons under investigation have formed the hacker groups “Phineas Fisher” and “Hack Back!”, and that they are responsible for the cyber attack on the multinational cyber espionage firm Hacking Team.

In July 2015 Phineas Fisher has attained 400 GB of company data from Hacking Team, a company dedicated to selling computer surveillance software to governments and corporations. The data included emails, internal documents and source code for Hacking Team’s spyware. In 2014 Phineas Fisher had claimed another attack on an Anglo-German cyber espionage company “Gamma Group”. That leak included the source code for the most famous spyware at the time, the FinFisher (the spyware’s title apparently inspired Phineas Fisher in naming their hacker collective).

Police agents estimate that apart from the four people under investigation, another two or three people are involved. Group members, except one man from Salamanca, are located in Barcelona’s metropolitan area.

The police is also going to determine the connection between two previously detained industrial engineers to the cyber attack. The hackers have been using the Tor network which allowed them to anonymize their IP addresses, however, they had to drop Tor during a part of the attack, as the police servers don’t allow connection from an IP outside of Spain. The police have matched the “user agent” strings of the hackers connected via Tor to the hacker who had infiltrated the police server and installed a web shell(remote control) on it. The engineers claim that they have nothing to do with the attack.

The police also highlights a link between some of the social movements in Barcelona to the cyber attack on its servers. One of the detained hackers has been a member of various anti-banking and “anti-system” protests. Other protesters may have been involved in the cyber attacks as well.
The investigation continues with the police conducting a linguistic analysis on “Phineas Fisher”’s written communication, in order to establish a link to the detained persons.

Leave a Reply

Your email address will not be published.