Crime by another name - The rise of political hacktivism

22 November 2019

Politically motivated hacking is on the rise, yet its dangers remain largely underestimated.

On Friday 15 November 2019, the vigilante hacker Phineas Fisher struck again releasing a huge data archive from the Cayman National Bank and Trust Company (“CNBT”), an offshore bank located on the Isle of Man, following a hack dated back to 2016. The hacker admitted to having stolen thousands of confidential documents, over 640,000 emails and a few hundred thousands of dollars, which had apparently been given away to charity.

Who is Phineas Fisher?

This is not the first time that Phineas Fisher has been conducting this type of cybercrime. On the contrary, Phineas Fisher is well known within the hacker community for conducting politically motivated hacks. For instance, the hacker is responsible for stealing data from GammaGroup - the company that produces the government spyware FinFisher; for breaching the servers of Hacking Team - the firm that makes hacking and surveillance software for law enforcement worldwide; and for stealing hundreds of emails and files from Turkey’s Justice and Development Party, also known as AK Parti.

The modus operandi of Phineas Fisher is that she – indeed, it is apparently a hacky lady behind the screen – publishes manifestos and detailed guides following each of her hacks in the interest of revealing the tools and methods used to carry out the said-hacks so that other hackers have the possibility to conduct similar hacks. The main objective behind such a strategy? Starting a political hacking movement.

According to Biella Coleman, professor at McGill University in Montreal, Phineas Fisher might actually be on track to achieve this goal. Coleman stresses, “with [their] rare, targeted, and almost surgical strikes, Phineas Fisher has a very good chance of inspiring a new generation of hacktivists and setting the stage for other hackers to follow in his footsteps”. Although such a cause would resonate with hacking collectives such as Anonymous, significantly, researchers have come to agree that Phineas Fisher’s methodology might be more efficient as the hacker is mainly acting alone.

Who is at risk?

In the manifesto revealing the hack of the CNBT, Phineas Fisher remarked that, as robbing a bank is a non-violent, less risky and more rewarding act in the digital age:

“why are only black hat hackers doing it for their personal benefit, and never hacktivists to finance radical projects? […] The big bank hacks are on the news every so often, such as the hacking of the Bank of Bangladesh, which was attributed to North Korea, or the hacking of banks attributed to the Carbanak group, which they describe as a very large and well organized group of Russian hackers, with different members who would be specialized in different tasks. But, it is not that complicated.”

Hence calling upon other politically motivated hackers to take part in her “bug hacktivist program”. Phineas Fisher goes on writing about her bug bounty program and the diverse yet very specific ways any individual with hacking skills can be rewarded for taking part in the project. She even offers to pay thousands of dollars for any hacker willing to use their skills to dig up information on companies and individuals deemed politically, financially and socially corrupt and harmful for general society. A list of potential targets is actually provided in the manifesto, including references to:

  • the mining, logging and livestock companies that plunder Latin America,
  • the companies involved in attacks on Rojava (the Autonomous Administration of North and East Syria),
  • surveillance companies such as the Israeli NSO Group,
  • war criminals such as Blackwater,
  • private penitentiary companies such as GeoGroup, and
  • corporate lobbyists such as the American Legislative Exchange Council.

Why is this hack different?

Interestingly, the hack of the CNBT was largely an opportunistic attack, meaning that Phineas Fisher did not plan to attack the Isle of Man bank specifically, but actually sought to hack any bank. The hacker was allegedly merely attracted to the name 'Cayman' when scanning the internet for vulnerable banking systems.

On the 18th of November, Cayman National Corporation – who wholly own CNBT – provided an official statement following the disclosure of the hack. The company acknowledged the data hack and assured that it only affected the Isle of Man’s systems, databases, client information and emails, and not the global clientele of the firm. Despite the damages being limited, a large number of the firm’s clients’ sensitive information remains in the wild. Indeed, the transparency collective Distributed Denial of Secrets (DDoS) got its hands on about 2.20 Terabytes of data that leaked from the hack and initiated their publication.

What can we learn from this?

The case of the CNBT is interesting for two reasons. First, it highlights the willingness of politically motivated hackers to conduct attacks against specific institutions and individuals. And secondly, it emphasises the ease with which these attacks can get hold of a company’s data, leak them to the world and create significant reputational damage to the said-company and the victims.

Perhaps this is a sign of things to come?

Receive our monthly newsletter

About the Author

Constance Armand

Analyst, Cyber

Constance is a (future) graduate in Crisis and Security Management, and currently specialising in both cyber security and intelligence

+44 (0)20 7034 9000
Our 24 hour number
+44 (0)20 7034 9000
Legal information

© 2021 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.