Friday, March 10, 2017

Hacker Teach How He Hacked Spain’s Catalan Police Union Website

The dark web has become synonymous with hacking, a day doesn’t go by when a white/grey/black hat hacker has completed a hack, and highlighted security issues, or dumped another database with a trove of valuable secrets displayed across various underground forums or dark net markets.

The latest hacker to enter the fray is Phineas Fisher, who shot to fame when he hacked “Hacking team” and “Gamma Group”, an organisation based in Italy that sold, and provided support to various international police forces, or clandestine organisations.

Since his initial rise to fame, Phineas has again hit the headlines for two main reasons.  Firstly his donation of $11,000 in bitcoin to anti ISIS outfit in Syria, and now a few days later for hacking the Spain’s Catalan police union website called Sindicat De Mossos d’Esquadra (SME).

Phineas has even posted a tutorial showing how he completed the hack, tools used, and insights into how hackers work. Video can be seen here

The dump of data obtained, includes names, bank details and other identifying personal details on the police of Catalan, some of whom have been alleged to have been involved in police brutality during the on-going anti-austerity movement in Spain.

Phineas shows within his video, the tools used to allow him access to the SME website.  Using Kali Linux OS, which has a host of penetration testing tools, Phineas runs through a step by step guide of using a SQLi injection process, launching an attack and downloading the data from the database.

Phineas even released a written guide, with additional reading included for wannabe hackers or internet vigilantes.  Phineas describes himself as a cyber vigilante, fighting for people without the resources or inclination to fight themselves.  Having watched the video in its entirety, it shows how quickly, and easily a hacker can gain control of a system that is not patched, or configured correctly.

Some will say that this was an easy target, and Phineas didn’t display any real hacking skills, yet this is the same hacker who pwned “Hacking Team”, without them realizing for quite some time, and only becoming fully aware once Phineas had admitted to the hack, and released proof of the internal workings of the company.

With his latest round of hacks, Phineas has revealed himself as a cyber vigilante, a social justice fighter, and a philanthropist, although the money was stolen from a bank, the monies were donated and put to good use.  Not many hackers that can claim to have put the future of others before themselves.  Most hackers use their skills to further their own careers, or extort money from vulnerable system admins or normal computer users.

This is a hacker that everyone should keep an eye on, as we suspect that they will be hitting the headlines again, with another database dump, pwning of a website, or another robin hood esque donation.