HACKER PUBLISHES 2TB OF DATA FROM CAYMAN NATIONAL BANK
A hacker, known as Phineas Fisher, has published more than 2TB of data from the Cayman National Bank. This includes more than 640,000 emails and the data of more than 1400 customers. Phineas Fisher also calls on other hackers to hack banks and oil companies.
Phineas Fisher has made the archive publicly available, Motherboard writes. The archive include more than 640,000 emails along with the data of more than 1400 customers of the bank. An internal document from the bank with information about the hack has also been shared.
According to the hacker, theses documents are "The most detailed view of international banks that the public will ever have access to". Furthermore, Phineas Fisher accuses the bank of money laundering, "organised by Russian oligarchy, among others."
"I think hacking become more powerful, and hacktivism has only been used to a fraction of its potential," Phineas Fisher told also Motherboard "A little investment can help to develop that, the golden years [of hacktivism] are coming soon."
A quick overview on @DDoSecrets Twitter account and you can find the link to download a copy of this archive were you will see that half of the customers come from or are registered on the Isle of Man. The file also contains the complete address details of the customers, the balance of 3800 accounts and the information about the owners.
Massive Hack Strikes Offshore Cayman National Bank and Trust. https://t.co/ClhcgrkZeQ— Unicorn Riot (@UR_Ninja) November 17, 2019
Late last night, more than two terabytes of data hacked from a secretive offshore bank got released by transparency collective @DDoSecrets - handed off by hacker "Phineas Fisher".
Phineas Fisher added a file called ["hackback"] to the archive. It is a Spanish-language manifesto that also look like a 'do-it-yourself guide for robbing banks'. In the document, the hacker explains, among other things, how and why he hacked the bank.
Phineas Fisher claims to have 'stolen a few hundred thousand dollars'. The hacker also makes some activist statements such as : "Follow your conscience, not the law." In this document, Phineas Fisher makes a call to hackers to hack banks and oil companies. With this, the hacker hopes that more secret documents will become publicly available. Basically, Phineas Fisher is not clearly talking about money but he is offering a bounty of USD100,000 to hackers who successfully obtain and publish secret documents from banks or oil companies.
Phineas Fisher does not want to say exactly how much he made and how he did. But it's seems that he made 'a few tens of thousands of euros' from his work. The bounties promised by the hacker would be paid with the stolen money from the Cayman National Bank and converted in in crypto currency like Monero to secure the anonymity of the transaction.
Phineas Fisher is a notorious hacktivist, who was mainly discredited by the hack of the Italian company Hacking Team, which he or she carried out in 2015. At the time, Phineas Fisher released more than 400GB of data, including spyware source code used by governments.
The identity of Phineas Fisher is still unknown, earlier this year the Italian government admitted that they have unclear drawing about who performed this attack and leaked legal documents. The hacker indicates that he has adapted his method for this attack, so that he cannot be identified by his technique. The story starts with a description of the method and general tips are given, such as encrypting hard disks as a security measure.
The hacker also discusses his infrastructure, which consists of both stable and hacked servers. He also uses domain names to have a establish tunnel from the hacked network to command and control servers. To collect information about the target, the hacker praises the versatility of Google in combination with a number of specific search terms.
HOW HACKING TEAM WAS HACKED ?
After Phineas Fisher had collected enough information, he started to penetrate the Hacking Team network. He chose not to use spear phishing because the Italian company itself often used this technique of targeted phishing attacks. He also considered buying a path from Russian parties, who would have access to the top 500 of the most rich companies but Hacking Team, however, was too small for using this approach. He was left with no other option then search for unknown vulnerabilities, or zero days, in the systems that were present Hacking Team's servers, including the content management system Joomla and the e-mail software Postfix.
Ultimately, he chose to look for such vulnerabilities in embedded devices that perform a certain function, such as a router. After two weeks he had found a leak that enabled him to remotely execute code on the device through RCE. Now that he had access, he was able to explore the rest of the Hacking Team network.
After this, he was able to download the company's e-mail and files, which he made them publicly accessible in 2015 via a torrent file. In total, the hack would have cost him around a hundred hours. The global financial elite are oppressors, not victims [...] Hacking that elite and returning the tiniest fraction of the wealth that they've stolen doesn't make them victims, It is cybercrime. It's also activism. It's motivated by a desire for social change, I'm not personally profiting or benefiting from it.