Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies (Nov 17, 2019)
Phineas Fisher has released a manifesto which provides details on their previous hacks as well as offering to pay hackers up to $100,000 if they can hack organisations in a Hacktivist Bug Hunting Program. The organisations that Phineas is keen for hackers to leak from are; mining, logging and livestock companies, Baykar Makina, Havelsan, surveillance companies such as the NSO group, Blackwater and Halliburton, GeoGroup, CoreCivic / CCA, and corporate lobbyists such as ALEC.
Recommendation: The manifesto published by Phineas Fisher is a novice guide to infiltrating organisations and exfiltrating data. Useful to the hacktivist and more politically motivated actors, it will appeal to the younger and more naive who may want to join in. Organisations listed in the manifesto under the proposed hacktivist bug bounty, should take extra care to be vigilant for any uptick in malicious activity. Phineas Fisher talks to the lack of security controls at the companies she has previously targeted. Organisations can do much to prevent similar intrusions by implementing appropriate controls (such as two-factor authentication).
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.