Hacking Team (previously) was an Italian company that developed cyberweapons that it sold to oppressive government around the world, to be used against their own citizens to monitor and suppress political oppositions; in 2015, a hacker calling themselves "Phineas Fisher" hacked and dumped hundreds of gigabytes' worth of internal Hacking Team data, effectively killing the company.
Three years later, the Italian prosecutors who have been chasing Phineas Fisher have given up on unmasking them. On Motherboard, Lorenzo Franceschi-Bicchierai combines the contents of sealed court documents with interview with "Fisher" to reveal the tradecraft that kept Fisher safe from legal retaliation; the stupid mistakes that left Hacking Team vulnerable; and the sleazy tactics the company's CEO used to torment his former employees in the name of tracking down Fisher.
Fisher's ability to evade unmasking is largely attributable to their extreme caution and diligence: using tools like Tor to remain anonymous, and using stolen, hacked Bitcoin to buy the services and tools that Fisher used to penetrate Hacking Team's defenses.
The attack was only possible because David Vincenzetti, Hacking Team's founder and CEO, refused to upgrade his VPN software, forcing the IT workers at Hacking Team to keep older, legacy services running. One of the systems administrators who might have caught Fisher during their raids on Hacking Team's data was reportedly distracted by a weeks-long World of Warcraft binge, allowing Fisher to operate with impunity.
Meanwhile, the court documents reveal that Vincenzetti has pursued vendettas against former employees whom he falsely believed to be implicated in the hack, going so far as to frame them with false evidence. However, Vincenzetti was ultimately unsuccessful in his attempts to frame these workers.
According to the court documents, Pelliccione not only had nothing to do with the hack, but Hacking Team actively tried to frame him—and got caught. Vincenzetti told investigators that the company detected two attempts to attack Hacking Team coming from IP addresses in Malta, where Reaqta used to be based. In fact, the judge concluded, it was the other way around: someone inside Hacking Team connected to Reaqta's network the day after the attack, in a clear—albeit clumsy—attempt to leave breadcrumbs pointing to Pelliccione. (The other alleged attack was months before the hack on the company, on May 13, 2015, when Hacking Team had already engaged private investigators to figure out whether Pelliccione and another former employee had stolen company secrets.)
The judge found that Pelliccione and fellow former employees Guido Landi, Mustapha Maanna, Serge Woon, and Alex Velasco are innocent. But also found that Phineas Fisher's motives were "certainly political and ideological."
When I asked the hacker what they thought about the ruling, they said that they always wanted to expose what they believe were the company's shady dealings.
"Maybe now the prosecutors will have time to investigate the various crimes committed by Hacking Team," Phineas Fisher told me recently, referring to the sale of Hacking Team spyware in Sudan, the company questionable hacking methods, and the sale to Mexican authorities who then used it to target dissidents. "But I don't have any illusions that prosecutors will look into any of that."
Hacking Team Hacker Phineas Fisher Has Gotten Away With It [Lorenzo Franceschi-Bicchierai/Motherboard]