[BreachExchange] 3 Arrests Over Breach Claimed by 'Phineas Fisher' Hacker

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jan 31 19:09:34 EST 2017


*https://www.nytimes.com/aponline/2017/01/31/world/europe/ap-eu-spain-hacking-arrest.html
<https://www.nytimes.com/aponline/2017/01/31/world/europe/ap-eu-spain-hacking-arrest.html>*

Spanish police have arrested three people over a data breach linked to a
series of dramatic intrusions at European spy software companies — feeding
speculation that the net has closed on an online Robin Hood figure known as
Phineas Fisher.

A spokesman with Mossos d'Esquadra, Catalonia's regional police, said two
men and a woman were arrested Tuesday in Salamanca and Barcelona on
suspicion of breaking into the website of the Mossos labor union in May,
hijacking its Twitter feed and leaking the personal data of more than 5,500
officers. No more arrests are expected, he added, speaking on condition of
anonymity in line with force policy.

The arrests sent rumors flying online because the breach had been claimed
by Phineas Fisher, a hacker who first won notoriety in 2014 for publishing
data from Britain's Gamma Group — responsible at the time for spyware known
as FinFisher. The hacker, or group of hackers, cemented their reputation by
claiming responsibility for a breach at Italy's Hacking Team in 2015 — a
spectacular dump which exposed the inner workings of government espionage
campaigns — and appearing as a hand puppet in an unusual interview in 2016.

The Andover, England-based Gamma Group did not immediately return messages
left after hours. Neither did FinFisher, the Munich-based company which now
sells the eponymous intrusion tool. Hacking Team spokesman Eric Rabe said
he had "no special insight" into the arrests but declined to comment on
whether his company was in touch with Spanish authorities.

Toni Castejon, the general secretary of the Catalan police union that was
hit, said the language used by the hijacked Twitter account led him to
doubt Phineas Fisher had been involved. The tweets were written "by
somebody with perfect knowledge of a very informal kind of Catalan
(language) that would have been impossible to achieve through online
translation," he said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170131/a36d960c/attachment.html>


More information about the BreachExchange mailing list