Update, 4PM: Hours after the news of the arrests and raids were reported, Phineas Fisher, using the same email address they had been using for the past few months, sent an email claiming they were still at large.
"I think the Mossos just arrested some people that retweeted the link to their personal info, or maybe just arrested some activisty/anarchisty people to pretend they are doing something," Phineas Fisher, or someone who is in control of their email address said, in an email shared by a source who asked to remain anonymous.
Phineas Fisher added that it'd be better to share this information "so there doesn't start a bunch of theories around my disappearance."
The original story follows below:
Police forces in Spain have raided several suspects linked to a cyberattack against the the union of the Catalan police Mossos D'Esquadra on Tuesday. That attack was carried out in May of last year by Phineas Fisher, a hacker who gained notoriety for exposing the secrets of spyware vendors FinFisher and Hacking Team.
Several Spanish newspapers reported news of the raids on early Tuesday. The Mossos D'Esquadra declined to comment as there was an ongoing investigation. But Motherboard was able to confirm that the cybercrime division of the Catalan Police Mossos D'Esquadra coordinated a series of raids and arrests all over the country.
As of Tuesday evening in Spain, according to the leading Spanish newspaper El Pais, there have been three arrests: a couple in Barcelona, suspected of being behind the attack, and one person in Salamanca, accused of distributing the data that Phineas Fisher stole from the police union, also known as SME (Sindicat de Mossos d'Esquadra).
In May of last year, Phineas Fisher announced he had hacked the SME using its own official Twitter account. The hacker also published the personal information of more than 5,000 police officers online. Hours after the attack, the hacker posted a detailed tutorial video on how he breached SME, while NWA's "Fuck the Police" was blasting in the background.
At this point it's unclear if the police really got the person behind the Phineas Fisher persona. The hacker did not respond to a message sent to their email address.
Phineas Fisher first surfaced in the summer of 2014, when he broke into the servers of the Anglo-German spyware vendor FinFisher, publicly mocking the company on Twitter and leaking internal data. After almost a year of complete silence, Phineas Fisher hit another notorious vendor of hacking and surveillance technology, the Italian company Hacking Team.
After this attack, the hacker, who identified as an "anarchist revolutionary," kept a more public profile, posting on a (now deleted) Twitter account. They also tried to encourage more hackers to join the cause and even encouraged people to email him to ask for help.
"I don't want to be the lone hacker fighting the system," Phineas Fisher told me at the time. "I want to inspire others to take similar action, and try to provide the information so they can learn how."
It's possible that the hacker made a mistake and revealed his or her identity or at least location in one of their public or private interactions.
"He was too vocal on Twitter or social media, so it's possible that he messed up," Mustafa Al-Bassam, a security researcher and former LulzSec hacker, told Motherboard.
Freddy Martinez, the director of the non-profit organization Lucy Parsons Labs, who had been in contact with Phineas Fisher in the past, said that one of the people arrested was really the hacker.
"I have not heard back from them in recent weeks. I think they've been trying to lay low," Martinez said in an online chat. "My assumption has long been it's someone from catalan based on their language use," referring to the fact that Phineas Fisher used English, Spanish, and Catalan in their online postings.
Martinez also launched a Twitter account called @FreePhineas.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.