16 August 2016

The Hacking Teams: who they are, what they want, and how they hack

Using remote malware, keyloggers, and DDoS attacks, hacking is a collaborative enterprise, and the sinister six can knock you offline and swipe your data.
By Dan Patterson | August 9, 2016, 


2016 is the summer hacking went mainstream. Critical network systems were crippled, and piles of valuable documents, ranging from confidential email to health records to financial data, were exposed. Game company Blizzard Entertainment was slammed with a DDoS (distributed denial of service) attack backed by Lizard Squad. For a brief period CNN and Fox News were disrupted by a similar attack from Ghost Squad. The Panamanian law firm Mossack Fonseca was cracked open and nearly 12 million documents about governments and corporations were leaked. The DNC was allegedly targeted by Russian kompromats.

Of course, governments, enterprise companies, and SMBs are constantly attacked by other governments, organized cyber-criminals, and loose-knit groups. Attack sophistication varies. Some groups, intent only on disruption and chaos, launch crude-but-effective DDoS attacks, intended to take a target's servers, websites, and other functionality offline. Other attackers are more nuanced and refined.

Some attackers hack for fun, others for disruption. The vast majority of attacks are for data, and for profit. According to Bloomberg data, the most common targets for hackers are data-rich companies in retail and ecommerce, financial services, and private and government healthcare providers. If your company is attacked, it's critical to understand the organization—or type of organization—responsible for the attack. It's likely you won't be directly targeted by one of these groups, but it is reasonable to assume at some point your company will be attacked by, exposed to, or be the victim of a hack by a similar squad.

These are some the world's most notable and notorious hacking teams.

Hacking Team

Mission: The Milan, Italy-based Hacking Team is a for-profit, mercenary enterprise that quietly creates malware and spyware for large corporations and government agencies.

Core competency: The company creates offensive malware known as Da Vinci, with a specialization in remote document and email encryption-breaking, Wi-Fi password extraction, keystroke logging, phone call audio monitoring, and mobile device GPS data.


Who they target: The company claims to sell legal tactical surveillance software to world governments, including Sudan, the UAE, Egypt, Oman, Saudi Arabia, and Russia.

Gamma International

Mission: Gamma is a for-profit agency that creates monitoring and communication software for government agencies.

Core competency: Gamma allows governments to monitor, collect, and aggregate data, then communicate results upstream to decision-makers. Gamma creates FinFisher, a remote monitoring tool that can mimic common applications like Firefox and allows attackers to take control of the target machine.

Who they target: Like Hacking Team, Gamma technically operates above the law. However, its monitoring and encryption-breaking software FinFisher and FinSpy Mobile has been deployed by the governments of Egypt, Bahrain, and Uganda against internal and external protest, government, business, and NGO targets.

Deep Panda

Mission: The mysterious Chinese-linked group steals data from government agencies and enterprise companies.

Core competency: The group is best known for 2015's Anthem health insurance hack that resulted in the loss of over 78 million consumer health records, and the Office of Personnel Management (OPM) breach that leaked 25 million government worker social security numbers and fingerprint data.

Who they target: Deep Panda goes after enterprise companies, Middle East oil interests, and federal agencies like the OPM. According to CrowdStrike, a security firm that analyzed Deep Panda's early activity, the group also targeted financial services, healthcare, legal, and telecommunication companies.

Guccifer and Guccifer 2.0

Mission: Guccifer and Guccifer 2.0—allegedly a single man, or group of men—appear to be Romanian, lone-wolf "freedom fighters" hell-bent on hacking the US presidential election. Since May 2016 Guccifer and Guccifer-sympathetic accounts have hacked into and leaked information related to the DNC and various Clinton-related accounts.

Core competency: Guccifer appears adept at intrusion, likely in the form of pretexting and spearfishing.

Who they target: The group targets democratic and Clinton-related political organizations like the DNC, The Clinton Foundation, and the Clinton campaign.

Ghost Squad Hackers

Mission: Ghost Squad Hackers, the self-proclaimed "hacking NGO," is a small, well-organized conglomeration of anti-authoritarian hackers. In an attempt to embarrass large organizations and corporations, GSH "penetrates and extracts data," in their words, then publishes their target's information.

Core competency: The group focuses on penetration, data extraction, and DDoS-based disruption.

Who they target: GSH targets organizations as diverse as the KKK and Black Lives Matter, major broadcast media organizations like CNN and Fox News, and various US military departments.

Lizard Squad

Mission: Lizard Squad came from the gaming world and is dedicated to trolling gaming's biggest companies. Though the organization started as a centralized entity, the fragmented group known Lizard Squad today is an umbrella adopted and used by several self-organized splinters. The end result is the same: Lizard Squad attempts to completely disrupt the target's business.

Core competency: Lizard Squad's tactics include network penetration, data extraction, and high-intensity DDoS attacks.

Who they target: The group mostly targets large, game-related enterprises, like Sony's Playstation Network and Microsoft's Xbox, World of Warcraft publisher Blizzard Entertainment, and e-sports giant Riot Games.

No comments: