The notorious hacktivist Phineas Fisher said they paid a bounty of $10,000 to another hacker who obtained and leaked Chilean military emails.
Phineas Fisher told Motherboard that this was the first payment part of the controversial bounty they announced last year called the “Hacktivist Bug Hunting Program.” The money went to the person responsible for stealing around 3,500 emails from several email accounts belonging to Chilean military personnel, a hack dubbed “Milico Leaks” by the leaking platform Distributed Denial of Secrets.
The Chilean Army disclosed the hack in a tweet from its official account in December, which included a press release on the breach of “six emails accounts belonging to the @ejercito.cl domain.”
The press release blamed “an organization of cyber criminals,” and downplayed the incident, saying it only affected accounts managed by an external provider. Those accounts were used to interact with providers and companies that regularly work with the Army, according to the press release.
Have a tip about a hack or a security incident? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
The Army did not respond to a request for comment.
The hacker stole 3,474 emails, 1,340 documents, and 401 images, according to a news report.
Motherboard was not able to speak directly to the hacker responsible for the leak. Phineas Fisher is a longtime source of Motherboard's who has regularly proven that they perpetrated the hacks they've claimed to. In this case, though they said they paid out the bounty, they did not show us a receipt for the payment.
Phineas Fisher said that the hacker did not submit this hack and leak as part of the bounty program. Phineas Fisher said they offered to pay after they saw the leak and “liked it.”
“This was a much smaller hack with a much smaller impact. But this hack was an excellent choice of target, at an important moment in the social struggle,” Phineas Fisher said in an email. “And they got some interesting things in the leaked emails, so it absolutely qualifies for a bounty.”
The hacker who claimed responsibility for the hack and leak of the Chilean military email released a short manifesto at the time of the hack.
“Freedom for the political prisoners in Chile! Justice for those who have been mutilated and murdered by the Chilean state!” reads the manifesto. “We are tired, angry, but more united than ever. We are those who are left over, the forgotten, we are legion. See you on the streets.”
Phineas Fisher said that this was an important leak because it showed that some agents of Chilean dictator Augusto Pinochet were released after serving just a short time in prison despite having long sentences for human rights crimes. The hacker also highlighted the timing of the leak, which came as the country was rocked by widespread protests.
“Millions said ¡ya basta! and took to the streets and a couple hackers said ¡ya basta! and sat down at their computers, and produced pacoleaks and milicoleaks,” Phineas Fisher said.
“Millions said ¡ya basta! and took to the streets and a couple hackers said ¡ya basta! and sat down at their computers, and produced pacoleaks and milicoleaks.”
Phineas Fisher said that they have yet to receive a submission for their Hacktivist Bug Hunting Program.
“Maybe it's the things that are hardest to quantify and measure that are actually the most important in life. So you could say that with hacktivism almost nothing has happened and it's a failure,” Phineas Fisher said. “I think it just means that me and others are focusing on other parts of life. But there's a time for everything, a time to hack will come.”
Subscribe to our new cybersecurity podcast, CYBER.