https://afritechnet..com/2016/04/hacking-team-attacker-reveals-secrets.html

An individual purporting to be the attacker behind the breach of the Italian cyber outfit 'Hacking Team' has released a blog posting detailing his modus operandi. Here are some of the most revealing points:

Anonymity
Use a VM (virtual machine) and route traffic via TOR – TOR hides the IP address and provides a sense of anonymity. A VM allows the user to keep personal files separate.
A good hacker will use new servers and domain names, registered to new email addresses and make any payments with bitcoin (using new addresses). They will also use tools that are publicly available or brand new, specifically created for that particular breach so as to avoid leaving a forensic footprint.

Exploit weak passwords
Companies should use strong passwords and ensure that data/system admins take password management seriously. System admins are critical, they have access to the various servers. The Hacking Team's system admin's (Pizzo) weak password (P4ssword) made spying on him easier than it should have been. Domain admin passwords lead to email access and for passwords to be reset on the mail server.

Social Engineering
Employee information for a targeted phishing campaign can be found via Google, LinkedIn, Data.com and may sometimes be found in file metadata. Metagoofil extracts files from websites.
Spear phishing continues to be successful for many organizations, particularly larger entities. Smaller, security focused outfits are less likely to fall for such a ploy.

Malware/Zero Day Exploits
Large companies often have compromised computers within their networks. Bots diligently working quietly in the background, gathering information.
Rather than immediately announce a coding flaw, malicious hackers prefer to keep their knowledge secret and stealthily hide within the network like a cyber sleeper cell. Most companies are woefully poor at detecting when the have been breached – as per Verizon’s Data Breach Investigation Report 2013. 92% the time it is a contractor, customer or law enforcement who discovers the breach.

https://afritechnet..com/2016/04/hacking-team-attacker-reveals-secrets.html

netafric:
https://afritechnet..com/2016/04/hacking-team-attacker-reveals-secrets.html

An individual purporting to be the attacker behind the breach of the Italian cyber outfit 'Hacking Team' has released a blog posting detailing his modus operandi. Here are some of the most revealing points:

Anonymity
Use a VM (virtual machine) and route traffic via TOR – TOR hides the IP address and provides a sense of anonymity. A VM allows the user to keep personal files separate.
A good hacker will use new servers and domain names, registered to new email addresses and make any payments with bitcoin (using new addresses). They will also use tools that are publicly available or brand new, specifically created for that particular breach so as to avoid leaving a forensic footprint.

Exploit weak passwords
Companies should use strong passwords and ensure that data/system admins take password management seriously. System admins are critical, they have access to the various servers. The Hacking Team's system admin's (Pizzo) weak password (P4ssword) made spying on him easier than it should have been. Domain admin passwords lead to email access and for passwords to be reset on the mail server.

Social Engineering
Employee information for a targeted phishing campaign can be found via Google, LinkedIn, Data.com and may sometimes be found in file metadata. Metagoofil extracts files from websites.
Spear phishing continues to be successful for many organizations, particularly larger entities. Smaller, security focused outfits are less likely to fall for such a ploy.

Malware/Zero Day Exploits
Large companies often have compromised computers within their networks. Bots diligently working quietly in the background, gathering information.
Rather than immediately announce a coding flaw, malicious hackers prefer to keep their knowledge secret and stealthily hide within the network like a cyber sleeper cell. Most companies are woefully poor at detecting when the have been breached – as per Verizon’s Data Breach Investigation Report 2013. 92% the time it is a contractor, customer or law enforcement who discovers the breach.

https://afritechnet..com/2016/04/hacking-team-attacker-reveals-secrets.html

As for anonymity, very often, even when using anonymizers (VPN, proxy, etc.) the actual IP address of the user is visible. That is why it is necessary to make verification of the anonymity efficiency using online services. Personally I use this service https://2ip.io/privacy/