Cyber Incident Victim: Sindicat de Mossos d'Esquadra

On May 20, 2016, the hacker known as Phineas Fisher targeted the Sindicat de Mossos d’Esquadra, the police union representing Catalonia’s regional law enforcement officers. Fisher executed a multi-faceted attack involving website defacement, server compromise, data exfiltration, and social media account takeover. He accessed and published sensitive personal information belonging to police officers, including badge numbers, exposing their identities publicly. The union’s Twitter account was hijacked and used to disseminate messages aligned with Fisher’s ideological motives. As part of the intrusion, Fisher recorded his entire attack process and released it as a tutorial video, explicitly framing it as educational material to encourage similar hacktivist activities. This mirrored his April 2016 release of detailed technical documentation explaining his breach of Hacking Team’s systems, which he had justified as an act of social justice advocacy.

The attack was motivated by Fisher’s opposition to alleged misconduct by Catalan police, with published evidence purporting to document unlawful behavior by officers. No containment measures or responses from the union or law enforcement were detailed in available reporting. Fisher’s actions formed part of a broader pattern: two weeks prior, he had stolen €10,000 in Bitcoin from unidentified victims and donated it to a crowdfunding initiative supporting Rojava, an autonomous region in Syria he praised for its revolutionary ideals. The breach caused operational disruption through website and social media compromises, reputational harm via data leaks, and potential security risks to exposed officers. The public release of attack methodologies amplified concerns about copycat incidents inspired by Fisher’s techniques.