Phineas Fisher: “I’m wanted by much more powerful police forces than Catalonia’s and for much worse crimes”

An interview with the hacker who claims responsibility for computer attacks on a Mossos d'Esquadra trade union and espionage companies Hacking Team and Gamma Group

It's hard to know who is hidden behind the  @GammaGroupPR twitter account, which has claimed responsibility for the computer  attack on the Mossos d'Esquadra trade union and the leaking of personal details of 5,540 police officers, including their home addresses. The man, woman, or group behind this, who has used the pseudonyms Phineas Fisher and Hack Back, is also claiming to be behind the attacks on the computer espionage companies  Hacking Team and Gamma Group. These were two attacks that had strong international repercussions because they exposed strategies that some governments have used to spy on activists, journalists, and all sorts of people.

Although it is difficult to know what is hidden behind a Twitter account, two pseudonyms, and an anonymous email account, it's almost certain that they are responsible for hacking into the computer system of the the Catalan police union. The video that they published shows how it was done. The twitter account also released two documents detailing  how it penetrated the Hacking Team and  Gamma Group computer servers, although the explanations given are vague enough for the hacking world to remain unconvinced still. The group known as La 9 de Anon, one of the most active Anonymous groups in Spain, has told ARA that the explanation regarding the attack on Hacking Team sounds to them "quite fanciful". They believe that "a new concept or idea similar to Anonymous" is behind this claim, with a "quite diffuse" and "mocking" profile, probably consisting of more than one individual. There is no doubt, however, that it is the author of the attack on the Mossos.

Whoever is behind @GammaGroupPR, nobody other than him has claimed responsibility for any of the three attacks. Nobody has refuted him either, and no-one else has given explanations. In addition, to those who know how to find him, he has answered questions. And he explains things, despite the fact that perhaps you can't believe everything he says verbatim. He claims that he is not Catalan nor understands Catalan, and that the manifesto on the attack against the police union was written with an automatic translator. But what automatic translator would misspell words in Catalan? Whoever attacked the union of the Mossos d'Esquadra, here is what he has to say.

Was it you who carried out the attacks on Gamma Group, Hacking Team, and the  Mossos?
Yes.

Why did you leak the information from these two international espionage companies?
I read the reports from Citizen Lab about their abuses.

I’m assuming you know that the main police  involved in the "Ciutat Morta" case were not from the Mossos, but the Guàrdia Urbana, the city’s metropolitan police.
Rodrigo Lanza was also tortured by the Mossos. And I don't see much difference. The police are all the same. They serve the same interests and do the same things --the name of the force doesn't matter.

"I wanted to make a small strike against power, to show a little about hacking"


The attack coincided with the first day of the trial against three Anonymous activists in Spain. They weren't arrested by the Mossos, but did the trial have anything to do with that?
I usually do lots of reading and researching, and that's why I learned what I could about the events I mentioned, although I’m neither Catalan nor Spanish. But lately I've been hacking very much and reading very little, and the truth is that I had no idea about the Anonymous trial. The truth is that it was an unexpected coincidence.

What do you hope to achieve with the computer attack on the Union of the Mossos d'Esquadra? The two companies that you say you hacked are much more global.
Not everything has to be big. I wanted to make a small strike against power, to show a little about hacking with the video, and urge people to take action.

Don't you think it's dangerous to release personal information about 5,540 police officers at a moment when the anti-terrorist alert is at Level 4 out of 5?
I didn't see anything dangerous for them, nor do I understand the relationship between this and the anti-terrorist alert. I just see the usual propaganda of "terrorist" to justify or excuse anything.

Are you afraid that you'll be caught? What you did could be punished with up to seven years in prison.
I’m wanted by much more powerful police forces than Catalonia’s and for much worse crimes. This doesn't worry me very much.

Even La 9 de Anon, one of the most active Anonymous groups in Spain,  has distanced itself from your leak. "These are sensitive data; it's not our way", they tweeted.
Is their style more to disseminate information from department stores or anything that they can manage to hack at random? Or to make comparisons between the DDoS [distributed denial-of-service] attacks and the actions of Puig Antich [a 1970’s Catalan anarchist]? The truth is that I like their politics and what that they write, but they write a lot and hack very little...  I don't consider data sensitive if it can be found in a telephone book. And unfortunately their bank account numbers can only be used to send them money, not to steal any. The sensitive data that set off alarms were the TIPs (police badge numbers) that the leak linked to their names. I don't think that the police should be able to hide behind their badge and abuse people anonymously.

Were they protected enough by the Union's network and server?
No, I hacked them by exploiting very basic vulnerabilities. But the majority of the internet is like that, it wasn't out of the ordinary.

"I don't consider data sensitive if it can be found in a telephone book"


Are you sure that you're not Catalan? Hey, I thought you were because the manifesto that you published... it didn't seem like an automatic translation.
Google Translate works pretty well from Spanish to Catalan (not from English though). And after using the automatic translator I looked up a lot of stuff on Google to verify everything (if you look up a pair of words in Catalan between quote marks and there are no hits, it means that it's not a natural way of saying something, and you should look for another way). When I read this tweet saying that I speak Catalan better than the Mossos, I felt proud of myself.

On the video you used the name of Chema Alonso, I suppose as a joke.
Chema Alonso is, by far, the most well-known hacker in Spain. Even regular people know him and his famous hat he wore for so many TV interviews. He's very much a "white hat" hacker (the hackers who help with corporate security or to prevent intrusions), he works with the police, and wrote a petition to Spain’s Language Academy (RAE) to erase the Spanish phrase "piratas informáticos" [computer pirates] like me from the official Spanish dictionary. He likes to finish his interventions, ironically, with "Evil Greetings", and titled his blog "The evil side". That's why it seemed funny to use the name "chemaalonso@elladodelmal" and finish off with his "Evil Greetings” catchphrase. I never imagined that there would be people stupid enough to take it seriously and ask if he had anything to do with the hacking. I'd also like to say that even though he's a "white hat", I respect him and I've learned from his books.

More content