Phineas Fisher (also known as Phineas Phisher, Subcowmandante Marcos) is an unidentified

hacktivist In Internet activism, hacktivism, or hactivism (a portmanteau of '' hack'' and '' activism''), is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in h ...

and self-proclaimed anarchist revolutionary. Notable

hacks Hacks may refer to: Arts, entertainment, and media * ''Hacks'' (1997 film), a 1997 American comedy film * ''Hacks'' (2002 film), a 2002 independent American film * '' Hacks: The Inside Story'', a book by Donna Brazile * ''Hacks'' (TV series), ...

include the

surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...

company

Gamma International Gamma Group is an Anglo-German technology company that sells surveillance software to governments and police forces around the world. The company has been strongly criticised by human rights organisations for selling its FinFisher software to un ...

Hacking Team HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "''Remote Control Systems''" enable governments and corporatio ...

, the Sindicat De Mossos d'Esquadra (SME, union of the Catalonian police force) and the ruling Turkish

Justice and Development Party Justice and Development Party may refer to several political parties, the best-known ones being: * Justice and Development Party (Morocco) * Justice and Development Party (Turkey) Justice and Development Party may also refer to: * Justice and Dev ...

three of which were later made searchable by

WikiLeaks WikiLeaks () is an international Nonprofit organization, non-profit organisation that published news leaks and classified media provided by anonymous Source (journalism), sources. Julian Assange, an Australian Internet activism, Internet acti ...

. Typically, each public attack is followed by a communique containing information about the breach, technical information in a how-to format,

ASCII art ASCII art is a graphic design technique that uses computers for presentation and consists of pictures pieced together from the 95 printable (from a total of 128) characters defined by the ASCII Standard from 1963 and ASCII compliant chara ...

, poetry and

leftist Left-wing politics describes the range of political ideologies that support and seek to achieve social equality and egalitarianism, often in opposition to social hierarchy. Left-wing politics typically involve a concern for those in soci ...

and anarchist propaganda. In 2019, Fisher offered hackers a bounty of up to US$100,000 for successful

hacktivism In Internet activism, hacktivism, or hactivism (a portmanteau of ''hack'' and ''activism''), is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hack ...

and the following year claimed to have paid out US$10,000.

Hacks

Gamma International attack

In 2014,

, most known for the FinFisher malware was hacked and a 40

gigabyte The gigabyte () is a multiple of the unit byte for digital information. The prefix ''giga'' means 109 in the International System of Units (SI). Therefore, one gigabyte is one billion bytes. The unit symbol for the gigabyte is GB. This defini ...

dump of information was released detailing Gamma's client lists, price lists,

source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...

, details about the effectiveness of the FinFisher malware, user and support documentation and a list of classes/tutorials. Months later Fisher released the first document of the ''HackBack!'' series named ''HackBack!: DIY Guide for those without the patience to wait for whistleblowers'' which claimed responsibility for the Gamma International hack as well as giving detailed instructions aimed at beginners of how to repeat a similar attacks, intending to "Inform and inspire you to go out and hack shit". After the release, WikiLeaks rereleased it as part of SpyFiles 4.

Hacking Team attack

Fisher in 2015 claimed to have successfully breached

. In the communique, which was this time released in Spanish, Fisher claimed to have breached the network through a 0-day exploit from a bug found in a

SonicWall SonicWall is an American cybersecurity company that sells a range of Internet appliances primarily directed at content control and network security. These include devices providing services for network firewalls, unified threat management (UTM) ...

SSL-VPN embedded network device. The exploit was subsequently patched by SonicWall before it was made public by security researcher and ex

LulzSec LulzSec (a contraction for Lulz Security) was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed ...

member Darren 'Pwnsauce' Martyn who claimed "if you use these products is to unplug them, douse them in kerosene, and set them on fire. It is the only way to be safe from something seemingly developed with this level of negligence." After the release of the files, WikiLeaks rereleased the Hacking Team emails.

Mossos D'Esquadra union attack

On May 15, 2016, Phineas Fisher breached and leaked data from Sindicat De

Mossos d'Esquadra The ''Mossos d'Esquadra'' (; en, Squad), also known as the ''Policia de la Generalitat de Catalunya'' and informally as ''Mossos'', is the autonomous police force responsible for law enforcement in Spanish autonomous community of Catalonia. ...

(SME), the

police union A police union is a trade union for police officers. Police unions formed later than most other occupations, reflecting both a conservative tendency and relatively superior working conditions. The first police unions formed in the United States. Sh ...

of the Catalonian police force. Fisher uploaded a video to

YouTube YouTube is a global online video platform, online video sharing and social media, social media platform headquartered in San Bruno, California. It was launched on February 14, 2005, by Steve Chen, Chad Hurley, and Jawed Karim. It is owned by ...

of the attack and a link to a cache of personal data of officers such as full names, addresses, bank accounts and telephone numbers for more than five thousand officers, a quarter of the total force. The Minister of the Interior, Jordi Jané i Guasch stated that the leak "does not compromise the work or investigations of the agents, but does compromise their privacy". Fisher claimed that

Ciutat Morta ''Ciutat Morta'' (, "Dead City") is a 2013 Catalan documentary about the 4F case, directed by Xavier Artigas and Xapo Ortega. The film covers the repercussions of the events of February 4, 2006, when a Guàrdia Urbana de Barcelona, Guàrdia Urb ...

, a Catalan documentary investigating the 4F case inspired her to commit the attack. Fisher uploaded a thirty-nine minute video after the attack to

. The video consists of the attacker probing an SME website with publicly available

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

tools before using an

SQL injection In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL inj ...

to dump the data. Whilst the attacker waits they show the viewer images of people who have allegedly been victim to

police brutality Police brutality is the excessive and unwarranted use of force by law enforcement against an individual or a group. It is an extreme form of police misconduct and is a civil rights violation. Police brutality includes, but is not limited to, ...

at the hands of Mossos, a woman blinded at the 2012 Barcelona General Strike. The video is set to a soundtrack themed around

anti-police Anti-police sentiment refers to a social group or individual's attitude and stance against the policing system. By country Indonesia The anti-police sentiment has reported to be on the rise in Indonesia in recent years. In 2021, a police offic ...

and overtly 'revolutionary' English and Spanish language hip-hop.

Arrests

In early January 2017 the mossos in conjunction with the Policía Nacional raided and arrested at least four people, including a person in

Salamanca, Spain Salamanca () is a city in western Spain and is the capital of the Province of Salamanca in the autonomous community of Castile and León. The city lies on several rolling hills by the Tormes River. Its Old City was declared a UNESCO World Heritag ...

and two in the Sants district of

Barcelona Barcelona ( , , ) is a city on the coast of northeastern Spain. It is the capital and largest city of the autonomous community of Catalonia, as well as the second most populous municipality of Spain. With a population of 1.6 million within ci ...

under suspicion of the SME attack. A few hours after the raids were reported in the Spanish press

Vice Motherboard ''Vice'' (stylized in all caps) is a Canadian-American magazine focused on lifestyle, arts, culture, and news/politics. Founded in 1994 in Montreal as an alternative punk magazine, the founders later launched the youth media company Vice Media, ...

claimed that they had been in contact with an email address previously associated with Fisher who claimed to be free at the time of contact.

AKP hack

In 2016, Fisher claimed responsibility for breaching networks belonging to the Turkish ruling

(AKP) and stealing hundreds of thousands of emails and other files In solidarity with the Kurdish movement in Rojava and Bakur. The trove which became known as ''The AKP Emails'' are archived at

. Wikileaks caused issues with Fisher after the organization published the AKP emails despite Fisher directing them not to, potentially leaving operational and personal details vulnerable. Fisher also accused Wikileaks of saying they knew the emails were "all spam and crap." On 21 July, WikiLeaks tweeted a link to a database which contained sensitive information, such as the

Turkish Identification Number Turkish Identification Number ( tr, Türkiye Cumhuriyeti Kimlik Numarası or abbreviated as ''T.C. Kimlik No.'') is a unique personal identification number that is assigned to every citizen of Turkey. Foreigners residing in Turkey at least six mon ...

, of approximately 50 million Turkish citizens. The information was not in the files uploaded by WikiLeaks, but in files described by WikiLeaks as "the full data for the Turkey AKP emails and more" which was

archived An archive is an accumulation of historical records or materials – in any medium – or the physical facility in which they are located. Archives contain primary source documents that have accumulated over the course of an individual or ...

by Emma Best, who then removed it when the personal data was discovered. Most experts and commentators agree that Fisher was behind the attack.

Cayman Island National Bank and Trust hack

In November 2019, DDoSecrets published over 2 terabytes of data from the Cayman Island National Bank and Trust, dubbed the Sherwood files. The files were provided by Phineas Fisher, who was previously responsible for the hack and subsequent release of

Gamma Group Gamma Group is an Anglo-German technology company that sells surveillance software to governments and police forces around the world. The company has been strongly criticised by human rights organisations for selling its FinFisher software to und ...

and

documents and emails. The files included lists of the bank's politically exposed clients and was used for studies of how elites use offshore banking. The leak led to at least one government investigation.

Bug bounty

In Fisher's 2019 Cayman Bank hack communique, ''Hackback! Una guía DIY para robar bancos'' (''Hackback! A DIY guide to robbing banks''), Fisher offered hackers up to US$100,000 in either of the

Bitcoin Bitcoin ( abbreviation: BTC; sign: ₿) is a decentralized digital currency that can be transferred on the peer-to-peer bitcoin network. Bitcoin transactions are verified by network nodes through cryptography and recorded in a public distr ...

Monero Monero (; Abbreviation: XMR) is a decentralized cryptocurrency. It uses a public distributed ledger with privacy-enhancing technologies that obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses tradi ...

cryptocurrencies A cryptocurrency, crypto-currency, or crypto is a digital currency designed to work as a medium of exchange through a computer network that is not reliant on any central authority, such as a government or bank A bank is a financial i ...

to carry out acts of

that lead to public disclosure of documents, naming it the "Hacktivist Bug Hunting Program". In the communique, Fisher states that "this program is my attempt to make it possible for good hackers to earn a living in an honest way by revealing material of public interest, instead of having to go selling their work to the cybersecurity, cybercrime or business industries", going on to cite examples of companies to target such as extraction industries in

Latin America Latin America or * french: Amérique Latine, link=no * ht, Amerik Latin, link=no * pt, América Latina, link=no, name=a, sometimes referred to as LatAm is a large cultural region in the Americas where Romance languages — languages derived f ...

Private Military Contractors A private military company (PMC) or private military and security company (PMSC) is a private company providing armed combat or security services for financial gain. PMCs refer to their personnel as "security contractors" or "private military ...

including Blackwater and

Halliburton Halliburton Company is an American multinational corporation responsible for most of the world's hydraulic fracturing operations. In 2009, it was the world's second largest oil field service company. It has operations in more than 70 countries ...

and operators of

private prison A private prison, or for-profit prison, is a place where people are imprisoned by a third party that is contracted by a government agency. Private prison companies typically enter into contractual agreements with governments that commit pr ...

s such as

GEO Group The GEO Group, Inc. (GEO) is a publicly traded C corporation that invests in private prisons and mental health facilities in North America, Australia, South Africa, and the United Kingdom. Headquartered in Boca Raton, Florida, the company's f ...

and

CoreCivic CoreCivic, formerly the Corrections Corporation of America (CCA), is a company that owns and manages private prisons and detention centers and operates others on a concession basis. Co-founded in 1983 in Nashville, Tennessee Nashville is the ...

MilicoLeaks

In 2020, Fisher claimed to have paid US$10,000 out of the "Hacktivist Bug Hunting Program" to an anonymous hacker who leaked over two gigabytes of emails and documents from several email accounts belonging to

Chilean military The Chilean Armed Forces ( es, Fuerzas Armadas de Chile) is the unified military organization comprising the Chilean Army, Air Force, and Navy. The President of Chile is the commander-in-chief of the military, and formulates policy through the Mi ...

personnel. The archive was named MilicoLeaks by

Distributed Denial of Secrets Distributed Denial of Secrets, abbreviated DDoSecrets, is a non-profit whistleblower site for news leaks founded in 2018. Sometimes referred to as a successor to WikiLeaks, it is best known for its June 2020 publication of a large collection of ...

. The cache of documents included over three thousand emails and one thousand documents, some related to "intelligence, finance and international relations". The Chilean military confirmed the breach in an official document via Twitter.

Identity

The identity of Phineas Fisher is currently unknown. Fisher has been accused of being a Russian agent by tech journalist

Joseph Menn A fatal system error (also known as a system crash, stop error, kernel error, or bug check) occurs when an operating system halts because it has reached a condition where it can no longer operate safely (''i.e.'' where critical data could be l ...

in his book ''Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World''. The book also claims that this is also the assumption of the state department, quoting James Lewis, claims which Fisher strongly denied as well as Vice Motherboard claiming from a source that "US government is actually convinced Phineas Fisher is indeed a hacktivist." An Italian judge echoed this claim, saying " hineas Fisher’s motives werecertainly political and ideological.” Fisher has issued communiques which reference

Anarchism Anarchism is a political philosophy and movement that is skeptical of all justifications for authority and seeks to abolish the institutions it claims maintain unnecessary coercion and hierarchy, typically including, though not necessa ...

and anarchist related content such as the

Zapatista Army of National Liberation The Zapatista Army of National Liberation (, EZLN), often referred to as the Zapatistas (Mexican ), is a far-left political and militant group that controls a substantial amount of territory in Chiapas, the southernmost state of Mexico. Sin ...

as well as labeling herself an 'anarchist-revolutionary'. Phineas has also done an interview with Blackbird of the CrimethInc Ex-Workers Collective, an anarchist media collective based mostly in

the Americas The Americas, which are sometimes collectively called America, are a landmass comprising the totality of North America, North and South America. The Americas make up most of the land in Earth's Western Hemisphere and comprise the New World. ...

. The name "Phineas Fisher" is a play on the name of the

FinFisher FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc, which markets the spyware through law enforcement channels. FinFisher can be covertly installed on targets' computers by exploiting security lapses in t ...

malware developed by Gamma International. "Subcowmandante Marcos" is a word play on the former

spokesperson

Subcomandante Marcos Rafael Sebastián Guillén Vicente (born 19 June 1957) is a Mexican insurgent, the former military leader and spokesman for the Zapatista Army of National Liberation (EZLN) in the ongoing Chiapas conflict,Pasztor, S. B. (2004). Marcos, Subcomand ...

. The Cayman National Bank hack communique featured

of a cow with a pipe reminiscent of a famous image of Marcos and used the well-known Zapatista slogan "Para que nos vieran, nos tapamos el rostro" ("In order to be seen, we covered our faces").

References

{{DEFAULTSORT:Fisher, Phineas Anarcha-feminists Anarchists Hackers Hacktivists Internet activists Living people Unidentified criminals Unidentified people Vigilantes WikiLeaks Year of birth missing (living people)