An infamous vigilante hacker known for their hits on surveillance companies is launching a new kind of bug bounty to reward hacktivists who do public-interest hacks and leaks.
The hacker, known as Phineas Fisher, published a new manifesto offering to pay hackers up to $100,000 in what they called the ‘Hacktivist Bug Hunting Program.” The idea is to pay other hackers who carry out politically motivated hacks against companies that could lead to the disclosure of documents in the public interest. The hacker said he will pay in cryptocurrency, such as Bitcoin or Monero. As an example of targets, the hacker mentioned mining and livestock companies in South America, Israeli spyware vendor NSO Group, and oil company Halliburton.
“Hacking to obtain and leak documents with public interest is one of the best ways for hackers to use their abilities to benefit society,” Phineas Fisher wrote in the manifesto. “I’m not trying to make anyone rich. I’m just trying to provide enough funds so that hackers can make a decent living doing a good job.”
To be clear, this is basically a bug bounty that incentivizes criminal activity. Most bug bounty programs are run by companies to encourage security researchers to find bugs in their software that they can then patch to make their services safer. Other bug bounty programs are run by third-party companies such as Zerodium, which pay hackers for bugs in software like iOS, Android, or Chrome that can then be resold to governments.
Phineas Fisher is one of the more influential and well-known hacktivists since the days of Anonymous and LulzSec. In 2014, the hacker stole internal data from the British/German surveillance vendor Gamma Group, which makes the controversial spyware FinFisher. A year later, Phineas Fisher came back and broke into the servers of Hacking Team, an Italian company that made hacking and surveillance software for police and intelligence agencies around the world, exposing all the company’s secrets. Then, the hacktivist hit a Spanish police union and Turkey’s ruling party in 2016. Their identity has never been made public. Even after an extensive investigation into the Hacking Team hack, Italian authorities admitted they have no idea who PhineasPhisher is.