Table of Links
IV. PHINEAS FISHER
Phineas Fisher is a pseudonym [15], that identifies as female [5], who has claimed and verified responsibility for many high profile intrusions and data leaks. In 2014, Fisher targeted Gamma Group [16]. Gamma Group sells surveillance software to governments and police forces around the world, many of which have been criticised by human rights organisations [17]. After releasing Gamma Group’s client list, source code, and private details, Fisher published a step by step guide [18] on how she compromised their systems.
One year later in 2015, Fisher compromised, then published the details and source code for another surveillance company called Hacking Team [19], [20], accompanied with another write up of her methods [21].
In May 2016, she hacked the Catalan police union website [22], defacing it, then leaked personal information of around 5,000 police officers. Fisher created a video recording of the steps taken in the hack, which showed simple vulnerabilities in their systems. In response to this hack, the police force carried out raids on social centres and hacker lab[2], where they claimed they had arrested Fisher. Shortly thereafter Fisher communicated with the media, and agreed to give an interview to Vice News [15].
On the 19th of July 2016, Fisher compromised the Turkish Justice and Development Party (AKP) network [23], and was collecting data to handover to Wikileaks. While Fisher specifically [24] told them not to release the data, this was ignored. This hack was not accompanied by a walkthrough guide, and subsequently, Fisher became inactive for a time [25].
In November 2019, Fisher leaked the internal emails of the Cayman Bank and Trust Company located on the Isle of Man [26]. Along with this leak, she also stole a large sum of money from the bank. This theft has been confirmed, and took place in 2016 [27]. As with the other attacks she published a postmortem [5], and also offered a 100,000USD bounty to hack banks and oil companies that could lead to the disclosure of documents in the public interest. To this day no one appears to have been able to identify who Phineas Fisher is, and the Italian investigation into the Hacking Team hack was closed without answers [28]. While there is some speculation that Phineas Fisher might be a government operation, it is widely believed that she is a hacktivist [29]. Fisher’s primary message is to start a revolution of hackers, who will hack for the social good, and target companies that are deemed ‘evil and corrupt’. By publishing her post-mortem documents, she has shown the simple techniques needed to break into these systems. In the case of critical infrastructure such as Industrial Control System (ICS), it is therefore valuable to identify how much of a threat these systems might be from hacktivists like Phineas Fisher.
Authors:
(1) Peter Maynard, Centre for Secure Information Technology, Queen’s University Belfast, UK (p.maynard@qub.ac.uk);
(2) Kieran McLaughlin, Centre for Secure Information Technology, Queen’s University Belfast, UK (kieran.mclaughlin@qub.ac.uk).
This paper is available on arxiv under CC0 1.0 license.
[p] lace for technology hobbyist and enthusiasts to meet. Not related to illegal activities.