Phineas Fisher

Last updated

Phineas Fisher
Subcowmandante-Marcos.png
Subcowmandante Marcos
Other namesPhinFisher, Phineas Phisher, Subcowmandante Marcos
Known for Gamma International and Hacking Team breaches and leaks.
Notable workHackBack! 1–3
Style Hacktivism
Movement Anarchism, Antisec
Motive Social Justice, Activism
Criminal charge Cybercrime, Bank robbery
Details
VictimsHacking Team, Gamma International, AKP, Cayman Bank, Sindicat De Mossos d'Esquadra

Phineas Fisher (also known as Phineas Phisher, Subcowmandante Marcos) is an unidentified hacktivist and self-proclaimed anarchist revolutionary. Notable hacks include the surveillance company Gamma International, Hacking Team, the Sindicat De Mossos d'Esquadra (SME, union of the Catalonian police force) and the ruling Turkish Justice and Development Party three of which were later made searchable by WikiLeaks.

Contents

Typically, each public attack is followed by a communique containing information about the breach, technical information in a how-to format, ASCII art, poetry and leftist and anarchist propaganda. In 2019, Fisher offered hackers a bounty of up to US$100,000 for successful hacktivism and the following year claimed to have paid out US$10,000.

Hacks

Gamma International attack

In 2014, Gamma International, most known for the FinFisher malware was hacked and a 40 gigabyte dump of information was released detailing Gamma's client lists, price lists, source code, details about the effectiveness of the FinFisher malware, user and support documentation and a list of classes/tutorials. [1] Months later Fisher released the first document of the HackBack! series named HackBack!: DIY Guide for those without the patience to wait for whistleblowers which claimed responsibility for the Gamma International hack as well as giving detailed instructions aimed at beginners of how to repeat a similar attacks, intending to "Inform and inspire you to go out and hack shit". [2] [3]

After the release, WikiLeaks rereleased it as part of SpyFiles 4. [4]

Hacking Team attack

Fisher in 2015 claimed to have successfully breached Hacking Team. [5] In the communique, which was this time released in Spanish, Fisher claimed to have breached the network through a 0-day exploit from a bug found in a SonicWall SSL-VPN embedded network device. [6] [7] The exploit was subsequently patched by SonicWall before it was made public by security researcher and ex LulzSec member Darren 'Pwnsauce' Martyn who claimed "if you use these products is to unplug them, douse them in kerosene, and set them on fire. It is the only way to be safe from something seemingly developed with this level of negligence." [8] [9]

After the release of the files, WikiLeaks rereleased the Hacking Team emails. [10]

Mossos D'Esquadra union attack

On May 15, 2016, Phineas Fisher breached and leaked data from Sindicat De Mossos d'Esquadra (SME), the police union of the Catalonian police force. Fisher uploaded a video to YouTube of the attack and a link to a cache of personal data of officers such as full names, addresses, bank accounts and telephone numbers for more than five thousand officers, a quarter of the total force. [11] [12] The Minister of the Interior, Jordi Jané i Guasch stated that the leak "does not compromise the work or investigations of the agents, but does compromise their privacy". [13] Fisher claimed that Ciutat Morta, a Catalan documentary investigating the 4F case, inspired her to commit the attack. [14]

Fisher uploaded a thirty-nine minute video after the attack to YouTube. The video consists of the attacker probing an SME website with publicly available open-source tools before using an SQL injection to dump the data. Whilst the attacker waits they show the viewer images of people who have allegedly been victim to police brutality at the hands of Mossos, a woman blinded at the 2012 Barcelona General Strike. [15] The video is set to a soundtrack themed around anti-police and overtly 'revolutionary' English and Spanish language hip-hop. [16]

Arrests

In early January 2017 the mossos in conjunction with the Policía Nacional raided and arrested at least four people, including a person in Salamanca, Spain and two in the Sants district of Barcelona under suspicion of the SME attack. [17] [18] A few hours after the raids were reported in the Spanish press Vice Motherboard claimed that they had been in contact with an email address previously associated with Fisher who claimed to be free at the time of contact. [19]

AKP hack

In 2016, Fisher claimed responsibility for breaching networks belonging to the Turkish ruling Justice and Development Party (AKP) and stealing hundreds of thousands of emails and other files In solidarity with the Kurdish movement in Rojava and Bakur. [11] [20] [21] The trove which became known as The AKP Emails are archived at WikiLeaks. [11] [20] [22] Wikileaks caused issues with Fisher after the organization published the AKP emails despite Fisher directing them not to, potentially leaving operational and personal details vulnerable. [23] [24] Fisher also accused Wikileaks of saying they knew the emails were "all spam and crap." [23]

On July 21, WikiLeaks tweeted a link to a database which contained sensitive information, such as the Turkish Identification Number, of approximately 50 million Turkish citizens. [25] The information was not in the files uploaded by WikiLeaks, [26] but in files described by WikiLeaks as "the full data for the Turkey AKP emails and more" which was archived by Emma Best, who then removed it when the personal data was discovered. [27] [28]

Most experts and commentators agree that Fisher was behind the attack. [11] [20] [21] [29]

Cayman Island National Bank and Trust hack

In November 2019, DDoSecrets published over 2 terabytes of data from the Cayman Island National Bank and Trust, dubbed the Sherwood files. The files were provided by Phineas Fisher, who was previously responsible for the hack and subsequent release of Gamma Group and Hacking Team documents and emails. The files included lists of the bank's politically exposed clients and was used for studies of how elites use offshore banking. [30] [31] [32] The leak led to at least one government investigation. [33]

Bug bounty

In Fisher's 2019 Cayman Bank hack communique, Hackback! Una guía DIY para robar bancos (Hackback! A DIY guide to robbing banks), Fisher offered hackers up to US$100,000 in either of the Bitcoin or Monero cryptocurrencies to carry out acts of hacktivism that lead to public disclosure of documents, naming it the "Hacktivist Bug Hunting Program". [34] In the communique, Fisher states that "this program is my attempt to make it possible for good hackers to earn a living in an honest way by revealing material of public interest, instead of having to go selling their work to the cybersecurity, cybercrime or business industries", going on to cite examples of companies to target such as extraction industries in Latin America, Private Military Contractors including Blackwater and Halliburton and operators of private prisons such as GEO Group and CoreCivic. [35]

MilicoLeaks

In 2020, Fisher claimed to have paid US$10,000 out of the "Hacktivist Bug Hunting Program" to an anonymous hacker who leaked over two gigabytes of emails and documents from several email accounts belonging to Chilean military personnel. The archive was named MilicoLeaks by Distributed Denial of Secrets. [36] The cache of documents included over three thousand emails and one thousand documents, some related to "intelligence, finance and international relations". [37] The Chilean military confirmed the breach in an official document via Twitter. [38]

Identity

The identity of Phineas Fisher is currently unknown. Fisher has been accused of being a Russian agent by tech journalist Joseph Menn in his book Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World. The book also claims that this is also the assumption of the state department, quoting James Lewis, [39] claims which Fisher strongly denied [23] as well as Vice Motherboard claiming from a source that "US government is actually convinced Phineas Fisher is indeed a hacktivist." [40] An Italian judge echoed this claim, saying "[Phineas Fisher’s motives were] certainly political and ideological." [41]

Fisher has issued communiques which reference Anarchism and anarchist related content such as the Zapatista Army of National Liberation as well as labeling herself an 'anarchist-revolutionary'. [35] Phineas has also done an interview with Blackbird of the CrimethInc Ex-Workers Collective, an anarchist media collective based mostly in the Americas. [42] The name "Phineas Fisher" is a play on the name of the FinFisher malware developed by Gamma International. [43] "Subcowmandante Marcos" is a word play on the former Zapatista Army of National Liberation spokesperson Subcomandante Marcos. The Cayman National Bank hack communique featured ASCII art of a cow with a pipe reminiscent of a famous image of Marcos and used the well-known Zapatista slogan "Para que nos vieran, nos tapamos el rostro" ("In order to be seen, we covered our faces"). [35] [44]

See also

Further reading

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

Cryptome is an online library and 501(c)(3) private foundation created in 1996 by John Young and Deborah Natsios and closed in 2023. The site collected information about freedom of expression, privacy, cryptography, dual-use technologies, national security, intelligence, and government secrecy.

<span class="mw-page-title-main">Stratfor</span> American geopolitical advising firm

Strategic Forecasting Inc., commonly known as Stratfor, is an American strategic intelligence publishing company founded in 1996. Stratfor's business model is to provide individual and enterprise subscriptions to Stratfor Worldview, its online publication, and to perform intelligence gathering for corporate clients. The focus of Stratfor's content is security issues and analyzing geopolitical risk.

<span class="mw-page-title-main">Jeremy Hammond</span> American political activist and hacker

Jeremy Alexander Hammond, alias sup_g, is an American anarchist activist and former computer hacker from Chicago. He founded the computer security training website HackThisSite in 2003. He was first imprisoned over the Protest Warrior hack in 2005 and was later convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to WikiLeaks, and sentenced to 10 years in prison.

<span class="mw-page-title-main">WikiLeaks</span> News leak publishing organisation

WikiLeaks is a non-profit media organisation and publisher of leaked documents. It is funded by donations and media partnerships. It has published classified documents and other media provided by anonymous sources. It was founded in 2006 by Julian Assange, an Australian editor, publisher, and activist. Since September 2018, Kristinn Hrafnsson has served as its editor-in-chief. Its website states that it has released more than ten million documents and associated analyses. WikiLeaks' most recent publication of original documents was in 2019 and its most recent publication was in 2021. From November 2022, numerous documents on the organisation's website became inaccessible. In 2023, Assange said that WikiLeaks is no longer able to publish due to his imprisonment and the effect that US government surveillance and WikiLeaks' funding restrictions were having on potential whistleblowers.

<span class="mw-page-title-main">Anonymous (hacker group)</span> Decentralized hacktivist group

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

HBGary is a subsidiary company of ManTech International, focused on technology security. In the past, two distinct but affiliated firms had carried the HBGary name: HBGary Federal, which sold its products to the US Government, and HBGary, Inc. Its other clients included information assurance companies, computer emergency response teams, and computer forensic investigators. On 29 February 2012, HBGary, Inc. announced it had been acquired by IT services firm ManTech International. At the same time, HBGary Federal was reported to be closed.

WikiLeaks, a whistleblowing website founded by Julian Assange, has received praise as well as criticism from the public, hacktivists, journalist organisations and government officials. The organisation has revealed human rights abuses and was the target of an alleged "cyber war". Allegations have been made that Wikileaks worked with or was exploited by the Russian government and acted in a partisan manner during the 2016 U.S. presidential election.

<span class="mw-page-title-main">Barrett Brown</span> American journalist, essayist and activist (born 1981)

Barrett Lancaster Brown is an American activist, and a former journalist, essayist, and associate of Anonymous. He has described himself as an "anarchist revolutionary with a lust for insurgency" who "wanted to become famous for overthrowing things."

WikiLeaks began publishing emails leaked from strategic intelligence company Stratfor on 27 February 2012 under the title Global Intelligence Files. By July 2014, WikiLeaks had published 5,543,061 Stratfor emails. Wikileaks partnered with more than 25 world media organisations, including Rolling Stone, L’Espresso and The Hindu to analyse the documents.

On 5 July 2012, WikiLeaks began publishing what it called the Syria Files, a collection of more than two million emails from Syrian political figures and ministries and from companies including Finmeccanica and Brown Lloyd James dating from August 2006 to March 2012. The emails were hacked by Anonymous before being given to WikiLeaks for release.

HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.

Gamma Group is an Anglo-German technology company that sells surveillance software to governments and police forces around the world. The company has been strongly criticised by human rights organisations for selling its FinFisher software to undemocratic regimes such as Egypt and Bahrain.

The 2016 Democratic National Committee email leak is a collection of Democratic National Committee (DNC) emails stolen by one or more hackers operating under the pseudonym "Guccifer 2.0" who are alleged to be Russian intelligence agency hackers, according to indictments carried out by the Mueller investigation. These emails were subsequently leaked by DCLeaks in June and July 2016 and by WikiLeaks on July 22, 2016, just before the 2016 Democratic National Convention. This collection included 19,252 emails and 8,034 attachments from the DNC, the governing body of the United States Democratic Party. The leak includes emails from seven key DNC staff members dating from January 2015 to May 2016. On November 6, 2016, WikiLeaks released a second batch of DNC emails, adding 8,263 emails to its collection. The emails and documents showed that the Democratic Party's national committee favored Clinton over her rival Bernie Sanders in the primaries. These releases caused significant harm to the Clinton campaign, and have been cited as a potential contributing factor to her loss in the general election against Donald Trump.

"Guccifer 2.0" is a persona which claimed to be the hacker(s) who gained unauthorized access to the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event. Some of the documents "Guccifer 2.0" released to the media appear to be forgeries cobbled together from public information and previous hacks, which had been mixed with disinformation. According to indictments in February 2018, the persona is operated by Russian military intelligence agency GRU. On July 13, 2018, Special Counsel Robert Mueller indicted 12 GRU agents for allegedly perpetrating the cyberattacks.

In March 2016, the personal Gmail account of John Podesta, a former White House chief of staff and chair of Hillary Clinton's 2016 U.S. presidential campaign, was compromised in a data breach accomplished via a spear-phishing attack, and some of his emails, many of which were work-related, were hacked. Cybersecurity researchers as well as the United States government attributed responsibility for the breach to the Russian cyber spying group Fancy Bear, allegedly two units of a Russian military intelligence agency.

<span class="mw-page-title-main">Distributed Denial of Secrets</span> Whistleblowing organization

Distributed Denial of Secrets, abbreviated DDoSecrets, is a nonprofit whistleblower site founded in 2018 for news leaks. The site is a frequent source for other news outlets and has worked on investigations including Cyprus Confidential with other media organizations. In December 2023, the organization said it had published over 100 million files from 59 countries.

<span class="mw-page-title-main">Emma Best (journalist)</span> American journalist and whistleblower

Emma Best is an American investigative reporter and whistleblower. They gained national attention for their work with WikiLeaks and activist Julian Assange. Best is known for prolific filing of Freedom of Information Act (FOIA) requests on behalf of MuckRock and co-founding the whistleblower site Distributed Denial of Secrets (DDoSecrets).

References

  1. Blue, Violet. "Top gov't spyware company hacked; Gamma's FinFisher leaked". ZDNet. Archived from the original on December 4, 2020. Retrieved March 3, 2021.
  2. Fisher, Phineas (2014). "Hack Back – DIY Guide for those without the patience to wait for whistleblowers". Gist. Archived from the original on March 18, 2021. Retrieved March 3, 2021.
  3. "A Notorious Hacker Is Trying to Start a 'Hack Back' Political Movement". www.vice.com. May 23, 2016. Archived from the original on February 16, 2021. Retrieved March 3, 2021.
  4. "WikiLeaks - SpyFiles 4". wikileaks.org. Retrieved July 26, 2022.
  5. "Hacking Team, Bayelsa Govt's Internet Surveillance Contractor, Hacked". AllAfrica.com. July 6, 2015. ProQuest   1694585911. Hacking Team is yet to officially comment on the hack, 16 hours after the perceived attacker, Phineas Fisher, announced the attack on Twitter.
  6. "HackBack! 2". Gist. p. Section 5.3 - Technical Exploitation. Retrieved March 23, 2021. A 0day in an embedded device seemed like the easiest option, and after two weeks of work reverse engineering, I got a remote root exploit.
  7. Constantin, Lucian (April 18, 2016). "Hacker: This is how I broke into Hacking Team". CSO Online. Retrieved March 23, 2021.
  8. "Former LulzSec Hacker Releases VPN Exploit Used to Hack Hacking Team". www.vice.com. January 25, 2021. Retrieved August 2, 2021.
  9. "VisualDoor: SonicWall SSL-VPN Exploit". Darren Martyn. January 24, 2021. Retrieved August 2, 2021.
  10. "WikiLeaks - The Hackingteam Archives". wikileaks.org. Retrieved July 26, 2022.
  11. 1 2 3 4 Catalin, Cimpanu (January 31, 2017). "Spanish Police Claim to Have Arrested Phineas Fisher – Hacking Team Hacker". BleepingComputer. Archived from the original on November 12, 2020. Retrieved February 25, 2021.
  12. Borràs, Enric (February 1, 2017). "Els Mossos arresten tres persones per la filtració de dades personals 5.540 policies". Ara.cat (in Catalan). Archived from the original on March 18, 2021. Retrieved February 25, 2021.
  13. "Hackeado el Twitter del Sindicat de Mossos d'Esquadra". La Vanguardia (in Spanish). May 18, 2016. Archived from the original on July 25, 2016. Retrieved February 25, 2021.
  14. Ara (May 20, 2016). ""Phineas Fisher: Ciutat morta' em va animar a fer un senzill atac als Mossos", portada de l'ARA". Ara.cat (in Catalan). Archived from the original on March 18, 2021. Retrieved February 25, 2021. "'Ciutat morta' em va animar a fer un senzill atac als Mossos".
  15. Carranco, Rebeca (December 13, 2012). "Police chief resigns over woman who lost eye during strike demonstrations". EL PAÍS. Archived from the original on March 18, 2021. Retrieved February 25, 2021.
  16. Cox, Joseph (May 19, 2016). "A Notorious Hacker Just Released a How-To Video Targeting Police". www.vice.com. Archived from the original on February 16, 2021. Retrieved February 25, 2021.
  17. Borràs, Enric (February 1, 2017). "Els Mossos arresten tres persones per la filtració de dades personals 5.540 policies". Ara.cat (in Catalan). Archived from the original on March 18, 2021. Retrieved February 25, 2021.
  18. "Spain: 4 engineers investigated over 'Phineas Fisher' hack". phys.org. Archived from the original on November 11, 2020. Retrieved February 25, 2021.
  19. "Notorious Hacker Phineas Fisher: I'm Alive and Well". www.vice.com. January 31, 2017. Archived from the original on November 23, 2020. Retrieved February 25, 2021.
  20. 1 2 3 Uchill, Joe (January 31, 2017). "Report that Spanish police arrest hacktivist Phineas Fisher disputed". The Hill. Retrieved April 26, 2022.
  21. 1 2 "Notorious Hacker 'Phineas Fisher' Says He Hacked The Turkish Government". www.vice.com. July 21, 2016. Retrieved April 23, 2022.
  22. "WikiLeaks – Search the AKP email database". wikileaks.org. Archived from the original on July 19, 2016. Retrieved March 18, 2021.
  23. 1 2 3 "Vigilante Hacker 'Phineas Fisher' Denies Working for the Russian Government". www.vice.com. July 23, 2019. Retrieved April 11, 2021.
  24. Fisher, Phineas. Phineas Fisher AKP-WikiLeaks Statement.
  25. Tufekci, Zeynep (July 25, 2016). "WikiLeaks put Women in Turkey in Danger, for No Reason". The World Post. Retrieved December 3, 2016.
  26. Murdock, Jason (July 26, 2016). "WikiLeaks criticised for tweeting link to leaked database of millions of Turkish women". International Business Times UK. Retrieved March 12, 2017.
  27. Best, Emma (July 26, 2016). "The Who and How of the AKP Hack, Dump and WikiLeaks Release". Glomar Disclosure. Archived from the original on September 1, 2016. Retrieved July 30, 2016.
  28. "How 'Kind of Everything Went Wrong' With the Turkey Data Dump". July 28, 2016. Retrieved July 30, 2016.
  29. "The CyberWire Daily Briefing 07.22.16". The CyberWire. Archived from the original on December 5, 2020. Retrieved March 18, 2021.
  30. "Massive Hack Strikes Offshore Cayman National Bank and Trust". UNICORN RIOT. November 17, 2019. Retrieved February 17, 2021.
  31. Collin, Matthew (May 5, 2021). "The hacker, the tax haven, and what $200 million in offshore deposits can tell us about the fight against illicit wealth". Brookings. Retrieved May 6, 2021.
  32. Collin, Matthew (May 5, 2021). "What lies beneath: Evidence from leaked account data on how elites use offshore banking". Brookings. Retrieved May 6, 2021.
  33. "Tax authorities investigate new leaks incriminating Belgians". The Brussels Times. December 22, 2019. Retrieved May 23, 2021.
  34. "Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies". www.vice.com. November 17, 2019. Archived from the original on November 13, 2020. Retrieved February 25, 2021.
  35. 1 2 3 Marcos, Subcowmandante. "Hackback! Una guía DIY para robar bancos". Archived from the original on November 17, 2020. Retrieved February 25, 2021.
  36. Franceschi-Bicchierai, Lorenzo (March 26, 2020). "Phineas Fisher Says They Paid $10,000 Bounty to Person Who Hacked Chilean Military". www.vice.com. Archived from the original on February 21, 2021. Retrieved February 25, 2021.
  37. Mostrador, El (December 14, 2019). "Ejército confirma hackeo a cuentas de correo e inicia peritaje para encontrar a los responsables". El Mostrador (in Spanish). Archived from the original on March 18, 2021. Retrieved February 25, 2021.
  38. "Ejército de Chile – Comunicado Oficial". Twitter (in Spanish). December 14, 2019. Archived from the original on December 15, 2019. Retrieved February 25, 2021.
  39. Menn, Joseph (2019). "CHAPTER 11> MIXTER, MUENCH, AND PHINEAS". Cult of the Dead Cow : how the original hacking supergroup might just save the world (First ed.). New York: PublicAffairs. pp. Chapter 11. ISBN   978-1-5417-6238-1. OCLC   1056778895. Even without the relationship with WikiLeaks, an equally logical explanation would be that Phineas is a Russian intelligence project. Indeed, that was Washington's private conclusion. Within US intelligence, "it's generally assumed to be Russians," said Jim Lewis, a well-connected longtime senior State Department official and negotiator on global internet issues. "It's consistent with Russian activities in other areas."
  40. "Vigilante Hacker 'Phineas Fisher' Denies Working for the Russian Government". www.vice.com. July 23, 2019. Archived from the original on February 25, 2021. Retrieved March 17, 2021.
  41. "Hacking Team Hacker Phineas Fisher Has Gotten Away With It". www.vice.com. November 12, 2018. Retrieved March 18, 2021.
  42. "CrimethInc. : HackBack! Talking with Phineas Fisher : Hacking as Direct Action against the Surveillance State". CrimethInc. June 5, 2018. Archived from the original on November 25, 2020. Retrieved March 17, 2021.
  43. Franceschi-Bicchierai, Lorenzo (July 20, 2016). "Hacker 'Phineas Fisher' Speaks on Camera for the First Time—Through a Puppet". www.vice.com. Archived from the original on December 9, 2020. Retrieved February 24, 2021. That's a dumb name though, just the first play on FinFisher I could think of and I haven't hacked them in a while.
  44. Subcomandante Marcos (March 28, 1995). "La flor prometida". El País (in Spanish). ISSN   1134-6582. Archived from the original on December 31, 2020. Retrieved February 25, 2021. Y miren lo que son las cosas porque, para que nos vieran, nos tapamos el rostro; para que nos nombraran, nos negamos el nombre; apostamos el presente para tener futuro; y para vivir... morimos.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.