User:W1tchkr4ft 00/sandbox/PhinFisher

Phin Fisher Draft

Phineas Fisher (Phineus Phisher, Subcowmandante Marcos) is an unidentified anarchist hacktivist who is notable for having hacked targets in the surveillance software industry such as Hacking Team and Gamma International, the ruling party of Turkey, AKP as well as Cayman National Bank. She typically releases a communique with each hack containing information about the breach, technical information in a how-to format, ASCII art, poetry as well as leftist and anarchist propaganda.

The name Phineas Fisher is a play on the name of the spyware name FinFisher created by Gamma International.^[1]

AKP hack

PhinFisher claimed responsibility^[when?] for a Justice and Development Party (AKP) in solidarity with Rojava in the Kurdish–Turkish conflict. Releasing.

Mossos D'Esquadra union attack

In may 2016 Phineas Fisher breached and leaked data from Sindicat De Mossos d'Esquadra (SME), Catalonia's police union, uploading a thirty-nine minute video to YouTube of the attack and a link to a cache of personal data of officers such as full names, addresses, bank accounts and telephone numbers for more than five thousand officers, a quarter of the total force.^[2][3] The attacker also defaced and compromised the SME Twitter page with images of alleged police brutality and images from the documentary Ciutat morta which was claimed to be an inspiration for the attack.^[4]

The Minister of the Interior, Jordi Jané i Guasch, stated that the leak "does not compromise the work or investigations of the agents, but does compromise their privacy."^[5]

Arrests

In early January 2017 the mossos in conjunction with national police raided and arrested three people in suspicion of the attack, a man in Salamanca, Spain and two in the Sants district of Barcelona.^[6] A few hours after the raids were reported in the Spanish press Vice Motherboard reported that they had been in contact with an email address previously associated with Phineas who claimed to be free at the time of contact.^[7]f contact.^[7]

Mossos attack video: https://vimeo.com/167411059

Bug Bounty

In her 2019 Cayman Bank hack communique, Hackback! Una guía DIY para robar bancos (Hackback! A DIY guide to robbing banks) Phineas offered hackers up to US$100,000 in either of the Bitcoin or Monero cryptocurrencies to carry out acts of hacktivism that lead to public disclosure of documents 'of public interest' naming it the 'Hacktivist Bug Hunting Program'.^[8] In the communique Phineas states that "this program is my attempt to make it possible for good hackers to earn a living in an honest way by revealing material of public interest, instead of having to go selling their work to the cybersecurity, cybercrime or business industries.", citing examples of companies to targets such as extraction industries in the Americas, Private Military Contractors, mentioning Blackwater and Halliburton by name as well as operators of private prisons.^[9]

In 2020 Phineas claimed to have payed out US$10,000 of her 'Hacktivist Bug Hunting Program' to an anonymous hacker who leaked over two gigabytes of emails and documents from several email accounts belonging to Chilean military personnel, hosted under the name 'Milico Leaks' by Distributed Denial of Secrets.^[10] The cache of documents included over three thousand emails and one thousand documents, some related to 'intelligence, finance and international relations'.^[11] The Chilean military confirmed the breach in an official document via twitter.^[12]

Note2Self: Find link to Milico Leaks, ddossecrets link is down.

Identity

Here discuss the suspicions that Phin is spanish-catalan (likely, almost certain, but not confirmed with actual sources), Russian agent as the dumb yankees think, and other theories by reputable sources.

EOF

- the mining, logging and livestock companies that plunder our beautiful Latin America (and kill land and territory defenders trying to stop them)

- companies involved in attacks on Rojava such as Baykar Makina or Havelsan - surveillance companies such as the NSO group -

war criminals and birds of prey such as Blackwater and Halliburton -

private penitentiary companies such as GeoGroup and CoreCivic / CCA, and corporate lobbyists such as ALEC

Hackback! A DIY guide to robbing banks

https://www.vice.com/en/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies

'Hackback! A DIY guide to robbing banks' (Hackback! Una guía DIY para robar bancos) Communique released in spanish: Friday, 15 November 2019

https://limn.it/articles/the-public-interest-hack/ written by an interesting Prof. Should examine further

Hacking_Team#2015_data_breach

Taken from the Gamma Group page:

In 2014, Gamma Group was hacked and a 40 Gb dump of information was released detailing Gamma's 'client lists, price lists, source code, details about the effectiveness of FinFisher malware, user and support documentation, a list of classes/tutorials, and much more.'^[13] Further details about Gamma's capabilities can be found in the Surveillance Industry Index.^[14]

Despite this hack and the extent of negative publicity about Gamma's activities, FinFisher was reported to be gaining in popularity around the world with numerous governments.^[15]

Sources that can be used:

https://www.vice.com/en/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies Phin's bounty program released with the 'How to rob a bank' release.

https://www.vice.com/en/article/ne8p9b/offshore-bank-targeted-phineas-fisher-confirms-hack-cayman-national-bank Cayman National Hack.

https://www.schillingspartners.com/news-and-opinion/crime-by-another-name---the-rise-of-political-hacktivism 2019

Big Fish, Little Fish, Critical Infrastructure: AnAnalysis of Phineas Fisher and the ‘Hacktivist’Threat to Critical Infrastructure

Audio about Phin, Verified statement relating to the accusations of being a Russian Agent. (note: This accusation is common among the fucking yanks, it should always be taken with a pinch of salt.)

https://www.youtube.com/watch?v=BpyCl1Qm6Xs Viceland article with Her after FinFish and Hacking Team hacks as a 'legally distinct from Kermit' puppet.

Note: Check infosec stuff on bookshelf, but most is probably to old for anything substatial. Access newer books that reference her through libgen if possible.

https://www.ibtimes.co.uk/gamma-international-leaked-data-confirms-uk-spyware-export-bahrain-1460291 Gamma International hack . https://www.vice.com/en/article/78kwke/hacker-phineas-fisher-hacking-team-puppet The Puppet interview. Before AKP, I THINK.

https://www.vice.com/en_uk/article/vb5agy/phineas-fisher-offers-dollar100000-bounty-for-hacks-against-banks-and-oil-companies Bounty source 1.

https://www.vice.com/en_uk/article/wxeykb/phineas-fisher-says-they-paid-dollar10000-bounty-to-person-who-hacked-chilean-military Bounty source 2. another source wrt to bounty is Banks communique.

Communiques of Phin:

https://github.com/Alekseyyy/phineas-philes/blob/master/cayman-english.md - Hackback - A DIY guide to rob banks. - Ceyman hack, 2020.

https://dl.packetstormsecurity.net/papers/attack/hackback-bankrobbing.txt ^mirror2

TODO

• A paragraph of her attacks against the Spyware companies and fallout
• About anonymity, guesses as to identity, including farcical Russian accusations and the false claim as to arrested after the Calatlonian (?) Police hack.
• AKP hack and support for Rojava.
• Cayman hack
• Hackback documents.
• Write about her bounty program.
• Response from the 'infosec community'.

1. Franceschi-Bicchierai, Lorenzo (2016-07-20). "Hacker 'Phineas Fisher' Speaks on Camera for the First Time—Through a Puppet". www.vice.com. Retrieved 2021-02-24. That's a dumb name though, just the first play on FinFisher I could think of and I haven't hacked them in a while.
2. "Spanish Police Claim to Have Arrested Phineas Fisher - Hacking Team Hacker". BleepingComputer. Retrieved 2021-02-25.
3. Borràs, Enric (2017-02-01). "Els Mossos arresten tres persones per la filtració de dades personals 5.540 policies". Ara.cat (in Catalan). Retrieved 2021-02-25.
4. Borràs, Enric (2016-05-19). ""Vaig trobar 'Ciutat Morta' i em vaig animar a fer un senzill atac als Mossos"". Ara.cat (in Catalan). Retrieved 2021-02-25.
5. "Hackeado el Twitter del Sindicat de Mossos d'Esquadra". La Vanguardia (in Spanish). 2016-05-18. Retrieved 2021-02-25.
6. Borràs, Enric (2017-02-01). "Els Mossos arresten tres persones per la filtració de dades personals 5.540 policies". Ara.cat (in Catalan). Retrieved 2021-02-25.
7. "Notorious Hacker Phineas Fisher: I'm Alive and Well". www.vice.com. Retrieved 2021-02-25.
8. "Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies". www.vice.com. Retrieved 2021-02-25.
9. Marcos, Subcowmandante. "Hackback! Una guía DIY para robar bancos". {{cite web}}: soft hyphen character in |title= at position 18 (help)
10. "Phineas Fisher Says They Paid $10,000 Bounty to Person Who Hacked Chilean Military". www.vice.com. Retrieved 2021-02-25.
11. Mostrador, El (2019-12-14). "Ejército confirma hackeo a cuentas de correo e inicia peritaje para encontrar a los responsables". El Mostrador (in Spanish). Retrieved 2021-02-25.
12. "https://twitter.com/ejercito_chile/status/1205943017019981834". Twitter. Retrieved 2021-02-25. {{cite web}}: External link in |title= (help)
13. Blue, Violet (6 August 2014). "Top gov't spyware company hacked; Gamma's FinFisher leaked". ZDNet. ZDNet. Retrieved 13 September 2016.
14. "Surveillance Industry Index". sii.transparencytoolkit.org. Retrieved 2016-10-18.
15. Osborne, Charlie (19 October 2015). "In Hacking Team's wake, FinFisher spyware rises in popularity with government users". ZDNet. ZDNet. Retrieved 13 September 2016.