Six years after the hacking of the Mossos Union: Where is Phineas Fisher?

The hack caught everyone by surprise.

It was eleven o'clock at night on May 17, 2016. And suddenly, the Twitter profile of the Mossos d'Esquadra Union (SME) began to write surprising things.

“Mossos on strike!

We are tired of serving the powerful and fighting the people," read the first tweet.

Several of the same style followed, with a statement “refounding” the union.

At 11:23 p.m. the worst part of the computer attack was completed: the dissemination of the personal data of more than 5,400

.

Names, addresses, phone numbers and even bank numbers were made public.

Six years later, the investigation of the case has ended.

Three people, including two engineers, a man and a woman, who were a couple at the time, are one step away from the bench.

From Phineas Fisher, the

who claimed responsibility for the attack, there is still no trace.

“The only thing that has been proven is that they had a

” (a server that allows Internet browsing to be anonymized), criticizes lawyer Carlos Sánchez Almeida, who specializes in this type of case and defends the engineers.

These were installed in Barcelona and had a public

at home , so that anyone could use it to connect to the network.

In the complex case, the Mossos have proven at least two incursions into the SME server on May 8 and 16 from that

, before the

, produced on the 17th. "We condemn the attack and what it has entailed, but our clients are innocent," repeats Sánchez Almeida, who adds that after tapping their phones, detaining them and accessing all their computer devices, "no evidence was found that they communicated with Phineas Fisher”, nor any other information that directly incriminates them.

Various cyberattacks have been claimed under the pseudonym Phineas Fisher.

The one that brought the hacker to stardom had been that of the Italian company Hacking Team, a year earlier.

He then was dedicated to the sale of security programs to governments and companies.

Phineas Fisher also claimed responsibility for the attack on the Mossos union, and said that he did it after watching the

, about an alleged malpractice of the Barcelona Urban Guard in the arrest of some young people after a local policeman became quadriplegic when a blunt object fell on his head after an eviction.

The hacker also mentioned other controversial cases, such as that of Ester Quintana, mutilated in one eye by a Mossos ball, or that of businessman Juan Andrés Benítez, who died after being subdued by the Catalan police.

After the arrests of the three defendants, on January 31, 2017, Phineas Fisher wrote to various media outlets making it clear that he was still free.

And since then, several attacks have been committed again under his brand.

"We do not know if they are Phineas Fisher or not, but they had an active participation and knowledge of the facts," says the SME lawyer, Josep Lluís Ribera.

After the police who were exposed with the leak, the union was the main victim of the

.

"It was a blow to affiliation, to the prestige of the union and also expenses to restore computer security," says Ribera.

More than 200 agents are present in the case as a private prosecution, and some demand that the union be subsidiarily civilly liable for the violation of their personal data if there are finally no convicted in the case.

“The level of the

It was very high,” says Ribera, who maintains that the union reacted as well as it could.

The hacker did not access the entire server, but rather a campus-dedicated portion of the courses they offered.

And he argues that they had the “adequate” defenses.

"In a few minutes, control of the server was regained, from which they did not extract data," he alleges.

"Both of them lost their jobs," laments lawyer Simone Ordinas, also involved in defending the engineers.

The arrests and indictment turned their lives upside down.

And to this was added the uncertainty of an investigation that has lasted for six years.

"She was not even aware that a

was installed in her home, " laments the lawyer, who recalls that having a

is not a crime.

“It is a bit ridiculous and outrageous to sit two engineers on the bench for having a

", the Mint.

The lawyer also adds another complaint, about the third defendant: a Catalan man installed in Salamanca.

The Mossos investigation maintains that from his Twitter account, and through the IP of his house, a re-dissemination of the Mossos data was made.

In this case, in the search of their computer devices, the Police found child pornography.

Ordinas criticizes that the accusation for that crime is mixed with the rest.

"It intends to degrade the image of our clients," adds Sánchez Almeida.

The Prosecutor's Office is still pending to present its indictment, as well as the SME itself, which is finalizing it.

There are also other accusations in the case, such as that of the USPAC union, which filed it as a popular accusation.

And also that of dozens of

who individually demand compensation.

You can follow EL PAÍS Catalunya on