The hacker who claims responsibility for the flaying of Italian spyware-for-States firm Hacking Team says the vulnerability they used is yet to be patched and has detailed the process by which they claimed to have gained access to the huge trove of data and documents later dumped online.
The details are contained in a post broadcast from their known (Twitter account) but the veracity of the claims cannot be verified.
Hacking Team has been contacted for comment.
The breach, in July last year, revealed a laundry list of governments and law enforcement agencies that use Hacking Team's spyware to monitor communications on targeted systems, plus full details of then zero day vulnerabilities it offered to its customers.
Using the handle Phineas Fisher, the hacker claims they gained remote root access to Hacking Team networks using a zero day flaw in an unnamed embedded device.
"I had three options: look for a zero day in Joomla, look for a zero day in postfix, or look for a zero day in one of the embedded devices," the hacker says in the post.
"A zero day in an embedded device seemed like the easiest option, and after two weeks of work reverse engineering, I got a remote root exploit.
The hacker did not reveal further details of the affected embedded device nor the attack claiming it is still open to attack.
Hacking Team had "very little exposed to the internet" and locked-down many potential attack surfaces, according to the hacker.
With a foot hole in Hacking Team's networks the hacker claims they found unprotected network attached storage boxes that contained backups which he accessed remotely.
Credentials were ripped from there that allowed access to email and Blackberry servers among other systems.
"That's the beauty and asymmetry of hacking: with 100 hours of work, one person can undo years of work by a multi-million dollar company," they said. ®