In August of 2014, a hacker shook the cybersecurity world by exposing the secrets of the infamous government surveillance vendor Gamma Group, the makers of the spyware FinFisher.
The hacker jokingly called himself Phineas Fisher, publicizing the hack and taunting the company on Twitter. He also wrote a detailed guide on how he breached Gamma—not to brag, the hacker wrote, but to demystify hacking and “to hopefully inform and inspire you to go out and hack shit.”
Then, Phineas Fisher went dark. For almost a year, his public profiles remained silent. Given that he had just upset a company that sold tools to dozens of spy and police all over the world, it seemed like a wise move.
“For politically minded hackers, Phineas is a legend already.”
Then, slightly less than a year later, Phineas Fisher came back with a bang. This time, he hacked into the computers of Gamma’s competitor Hacking Team, another company mostly known for selling spyware to questionable governments around the world.
“Gamma and [Hacking Team] down, a few more to go :),” he tweeted.
He followed the hack by taunting Hacking Team through the company’s own Twitter account, and then, once again, he went dark for months, until he revealed how he got into Hacking Team. Once again, he called others to action. “Hacking is a powerful tool. Let’s learn and fight!” he wrote.
On Twitter, he proclaimed on his profile that “our keyboard is our weapon.”
Last week, he hit his third victim, the union of the Catalan police Mossos D’Esquadra. Accompanying his new hack, he also released a 39-minute how-to video with anti-police songs playing in the background, in which he showed how he got the data.
While his latest victim seems like a small catch compared to FinFisher and Hacking Team, it’s in line with his political views as an “anarchist revolutionary,” and with his larger goal of inspiring other hacktivists to “hack back,” as he puts it in his guides.
“Everything doesn’t have to be big,” Phineas Fisher told me in an email. “I wanted to strike a small blow at the system, teach a bit of hacking with the video, and inspire people to take action.”
His plan might very well be working. With his rare, targeted, and almost “surgical” strikes, Phineas Fisher has a very good chance of inspiring a new generation of hacktivists and “setting the stage for other hackers to follow in his footsteps,” according to Biella Coleman, a professor at McGill University in Montreal who’s well-known for her study of hackers, hacktivism, and Anonymous.
“For politically minded hackers, Phineas is a legend already,” Coleman told me.
”I don’t want to be the lone hacker fighting the system. I want to inspire others to take similar action.”
Mustafa Al-Bassam, a security researcher and former LulzSec hacker, agreed, saying that the hacker’s “strategy and message bares resemblance to many past Anonymous operations, but he’s been arguably more effective at it doing it alone.”
Phineas Fisher is “one of the most intelligent hackers I’ve seen,” and “one of the most inspiring to people in the hacktivist community in recent times—possibly of all time,” Al-Bassam told me in an online chat.
Coleman said that unlike Anonymous and LulzSec-inspired hackers, Phineas Fisher has been better at choosing targets and justifying his actions with more rounded and sophisticated political and ethical views. For Coleman, the big challenge for the hacker now will be to balance his need not to get caught, with his goal of inspiring others to join his cause.
Phineas Fisher, on his part, seems not to be in a rush, though he’s been considerably more active online in the last few weeks.
“Hacking takes time to learn and get good at,” he said, revealing that he first got interested in it when he read an article http://www.rollingstone.com/culture/news/the-rise-and-fall-of-jeremy-hammond-enemy-of-the-state-20121207 on Anonymous and LulzSec hacker Jeremy Hammond in 2012. In any case, “it’s impossible to know yet” whether his call to hack back has been working, and actually, he doesn’t really want to start a “formal movement” a la Anonymous or LulzSec.
“But I don’t want to be the lone hacker fighting the system,” he told me. “I want to inspire others to take similar action, and try to provide the information so they can learn how.”