Spain’s Policia Nacional, in late January and early February, arrested three suspected hackers for hacks that targeted two spyware-for-hire companies. Both companies, Hacking Team and Gamma International created and sold malware, spyware, and communication interception tools to law enforcement—exclusively—for years on end. In 2015 and 2014, a hacker breached both companies. One hacker, Phineas Fisher, claimed responsibility for the hacks and data dumps. After local media started publishing news of the arrest, rumours spread that one of the arrested individuals was none other than Phineas Fisher.
The National Police arrested two individuals in Barcelona, Spain, and one 33-year-old man in Salamanca. News outlets in Spain quickly reported that the man from Salamanca was Phineas Fisher, the hacker behind both the Hacking Team and Gamma International breaches.
According to the former front page of the Gamma Group’s website, the company offers services to national and state intelligence:
“The Gamma Group of companies, established in 1990, provides advanced technical surveillance, monitoring solutions, and advanced government training, as well as international consultancy to national and state intelligence departments and law enforcement agencies.”
Gamma International sells one of the most advanced forms of government-used interception sites on the market today: FinFisher Suite. The site of hacking tools contains Trojans capable of infecting an entire internet cafe to scope out every user connected to the network. The malware installed by the FinFisher Suite is though, if not impossible to remove one it’s logged its way into both mobile devices and desktop computers.
Like many pieces of malware today, including those used in and by the general public, the code deployed by FinFisher allows remote access and control over the infected user’s machine. According to surveillance.rsf.org:
“The software is said to be able to bypass common methods and anti-virus detection. It can listen in to Skype talks, chats and encrypted emails and is even able to turn on a computer’s microphone or webcam remotely. With FinFisher technology, it is even possible to gain access to encrypted files on a hard drive. Those Finfisher-features are promoted by the firm in different advertising videos.”
One of the programs, pulled straight from the company’s own hotfix PDF, went into even greater detail:
“[FinSpy] Collects information about the Wireless Networks in the area. The module can be configured to turn on the Wireless Network card installed in the system if it’s turned off, collect the data and turn it off again. If configured on the Master, the core system can make online lookups to associate the collected Wireless Network information with Polar coordinates and display them on the map.”
Phineas Fisher leaked information from the Hacking Team in 2015 but the breach carried a less significant impact. Gamma International, at the time of the 2014 breach, already faced scrutiny from the media and non-cooperative law enforcement.
Just hours after the arrest and claims made by local news outlets, an entity using Phineas Fisher’s email address sent an email to an unnamed source who, in turn, sent the email to Motherboard. The entity wrote, “I think the Mossos just arrested some people that retweeted the link to their personal info, or maybe just arrested some activist/anarchist people to pretend they are doing something.” Presumably, according to news updates across the web, Fisher is alive and well—and free. Only time will tell.