
Hacker Releases a How-To Video Targeting Police - mjbellantoni
https://motherboard.vice.com/read/phineas-fisher-sme
======
danso
This guy is amazing. I can't even upload videos in the public domain (old
movies) without getting an auto-takedown from YouTube's content
algorithm...somehow he manages to post a video that includes one of the most
famous tracks in rap history?

(slightly less non-facetious question: maybe NWA has asked YouTube to
whitelist their work?)

More relevant comment, as if it were going to be a big surprise: the attack
vector was SQL injection into what appears to be a custom built PHP site:
[https://youtu.be/QoSrjrYC3hI?t=6m16s](https://youtu.be/QoSrjrYC3hI?t=6m16s)

~~~
anc84
Well, at least in Germany it is blocked: _Unfortunately, this video is not
available in your country because it could contain music from UMG, for which
we could not agree on conditions of use with GEMA._

~~~
peterwwillis
[http://www.clipconverter.cc/download/SrakCrS6/246323557/](http://www.clipconverter.cc/download/SrakCrS6/246323557/)

~~~
Mandatum
Mirror as at 5AM Friday UTC:
[https://tune.pk/video/6528544/hack](https://tune.pk/video/6528544/hack)

~~~
whamlastxmas
Thanks, been waiting for one.

------
csdrane
The author isn't actually Chema Alonso [1] as the terminal session would lead
you to believe, right?

[1] [https://twitter.com/chemaalonso](https://twitter.com/chemaalonso)

~~~
dewyatt
I'm thinking it's just misdirection (along with some other parts of the
video).

I saw some nice attention to detail in the video so I would be surprised if
something like that was an accident.

~~~
csdrane
Seeing as how the person he is allegedly imitating also works in security and
ostensibly would have the means to commit the hack--and who is also Spanish--
this seems like a shitty thing to do.

~~~
dewyatt
Definitely a shitty thing to do, I can't imagine law enforcement won't
investigate Chema after seeing that.

I don't understand the language though so there may be other relevant details
I'm missing.

------
vanous
So be quick: youtube-dl
[https://www.youtube.com/watch?v=QoSrjrYC3hI](https://www.youtube.com/watch?v=QoSrjrYC3hI)

Edit: this was quite entertaining... felt like a kid watching lets-plays... we
need more such youtubers. Also, he (?) was very fluent all the time, except
the second tar cvf :) [https://xkcd.com/1168/](https://xkcd.com/1168/)

------
jfolkins
He sets the month and day correctly but gets the year wrong here.

[https://youtu.be/QoSrjrYC3hI?t=32m](https://youtu.be/QoSrjrYC3hI?t=32m)

Watch out kids. Typos happen to everyone. Hopefully it isn't the command that
dox's oneself.

~~~
jfolkins
screenshot [http://i.imgur.com/m3TPBIy.jpg](http://i.imgur.com/m3TPBIy.jpg)

------
peterwwillis
So YouTube becomes a new sort of interactive Phrack. Neat. I also wish more
online tutorials had great soundtracks like this; i'd probably watch more of
them.

~~~
medecau
Open two tabs?

~~~
peterwwillis
I'm not sure my system could take Firefox with two tabs open, I only have 4GB
of RAM.

~~~
emp_zealoth
motherfucking "modern web" ive bought two pc's with 16gb of ram in 8gb sticks
just so i can double it to handle even more retarded java/css/webscale cancer
#rant

------
gh-lfneu28
Amazing OC. Easy to follow, great ost, really punches in the fragility of the
modern web.

------
curiousgal
What do ya know, a blackhat with an agenda other than attention and money.

~~~
giancarlostoro
Wouldn't that be called a greyhat then?

~~~
scottshea
I have always thought of greyhats as hackers employed by governments to hack
political allies and opponents or by companies for corporate espionage

~~~
giancarlostoro
I guess it could be both... Greyhat is the in-between from white which I would
assume is anyone doing secure systems vs. blackhat which is full on attacks.
The greyhat sits somewhere in between, not specifically part of the
government. Elliot from Mr. Robot would of been a Greyhat in my book. Though
if they work for the government it depends on whom you tell and what the
hacker we're talking about is doing, some could easily consider them blackhat
government hackers... while others completely white, and of course you would
consider them gray.

------
exabrial
Targeting police? Really?

How about we start targeting the corrupt officials instead that employ them.
More Panama like leaks please.

~~~
josu
Like when he exposed governments worldwide using the services of Hacking Team
to unconstitutionally spy on their constituents?

>The pseudonymous hacker behind the catastrophic breach of notorious police
surveillance tool seller Hacking Team is now teaching others how to hack.

------
yagop
There are some mirrors posted on Hacker's Twitter:

[https://twitter.com/GammaGroupPR/status/733347252605947906](https://twitter.com/GammaGroupPR/status/733347252605947906)

------
snowwindwaves
Those tools are pretty amazing the way you give it an URL and it gives you a
database shell

------
curiousgal
Any idea why he renamed the final tar file to index.htm before wgeting it?

~~~
medecau
When looking through the logs index.htm will look like index.html and may be
missed.

But, I have no experience exfiltrating files or gaining access to servers I
don't own.

------
scorp1000n
anyone saved the video ? Please share. you tube pulled it down

~~~
ch3ll0v3k
360px 480px 720px

[https://cw009.tunefiles.com/files/videos/2016/05/19/14636711...](https://cw009.tunefiles.com/files/videos/2016/05/19/14636711761dbc6-360.mp4)

[https://cw009.tunefiles.com/files/videos/2016/05/19/14636711...](https://cw009.tunefiles.com/files/videos/2016/05/19/14636711761dbc6-480.mp4)

[https://cw009.tunefiles.com/files/videos/2016/05/19/14636711...](https://cw009.tunefiles.com/files/videos/2016/05/19/14636711761dbc6-720.mp4)

