The pseudonymous hacker behind the catastrophic breach of notorious police surveillance tool seller Hacking Team is now teaching others how to hack.
Phineas Fisher, who also goes by the handles Hack Back! and GammaGroupPR, has released a tutorial video showing would-be vigilantes one way of stripping data from target websites.
In this case, Phineas Fisher targeted a website of Sindicat De Mossos d'Esquadra (SME), or the Catalan police union. The data obtained, which was dumped by the hacker, appears to include names, bank details, and more personal details on police officers.
Most of the information, Phineas Fisher writes in the video’s description, is essentially public, but can be used to connect an officer to their badge number. The hacker also claimed to have temporarily defaced the police union's Twitter account.
The video lasts some 39 minutes, and blasts out NWA's “Fuck the Police,” and other hip hop songs. Using Kali Linux, a popular operating system that comes bundled with a host of hacking and penetration testing tools, Phineas Fisher walks through the steps of probing a site to see if it's vulnerable to a particular type of SQLi injection, before launching an attack and downloading the data.
"Hehe, mossos are probably too busy tear gassing protesters right now to pay attention to their server logs,” Phineas Fisher writes at one point. Throughout the video, the hacker displays images of people who have been on the receiving end of abuse from the Mossos d'Esquadra. (At the time of writing, SME's website is down).
In the video, Phineas Fisher points out that the date is May 15, "so it's likely the majority of Mossos were literally out on the streets at that moment harassing protestors out for Global Debout and the anniversary of 15M," referring to recent protests and the anti-austerity movement in Spain, they wrote in an email.
The point of this video is, naturally, to show others how to “hack back,” which follows Phineas Fisher's previous comments of encouraging others to follow suit.
“That's the plan,” the hacker told Motherboard in an email. “Like subverso says in the lyrics of the song at the end of the video, ‘el que comparte lo que aprende, es peligroso.’”
Or, “The one who shares what he learns, is dangerous.”
This story has been updated to add a comment from Phineas Fisher.