In an act of hacktivism, a hacker has leaked everything from the Catalan Police Union website — Reason: Police brutality!

A couple of hours ago HackRead reported on a robin hood hacker going with the handles “Phineas Phisher” “Hack Back!” and “@GammaGroupPR” stealing Bitcoins and donating them to Kurdish groups. Yes, the same hacker who previously hacked Hacking Team and the developers of FinFisher malware. Now, he’s back with another hack and this time the target is the official website of Sindicat De Mossos d’Esquadra (SME) or the Catalan Police Union.

In a 39minute YouTube video, the hacker has demonstrated the entire attack on the server using Kali Linux, a hacking and penetration testing tools which show he had complete access to the police union’s server. The hacker also defaced the twitter account of the union. Here is a screenshot of the deface page showing several tweets from the hacker himself using the Union’s twitter account.

In-depth analysis of the leaked data:

Though the leaked data is available on Pastebin, HackRead relied on Hacked-DB‘s services on scanning the data. Upon scanning, we have found the data to be legit and highly confidential however, the hacker himself claims in the video that the data is essentially public but according to the Hacked-DB’s findings the data is pretty much sensitive and could lead to numerous attacks, including identity theft, impersonation, trafficking in information and gathering intelligence information on individuals.

There are more than 26,000 leaked email accounts along with the entire website files. The accounts include sensitive personal details e.g email, password, location, phone, mobile, police region, police unit, full name, sex, health insurance and much more.

According to one of the Hacked-DB analysts:

“In the security aspects, the compromised data could lead to numerous attacks, including identity theft, impersonation, trafficking in information and gathering intelligence information on individuals. The information was examined and it appears to be authentic, however, it was not verified with the users.”

Watch the video uploaded by hacker

[fullsquaread][/fullsquaread]

Leaked data Ghostbin 1 (English)

Leaked data Pastebin 2 (Spanish)

Why was the hack conducted?

In a Pastebin post, the hacker explained the reason behind the hack was brutality by the Mossos d’Esquadra (Troopers in English) who are the police force of Catalonia. The post further reveals that the Catalonia police have been involved in a violation of basic human rights such as putting people in prison for an anti-police rap song. However, the video uploaded by hacker contains NWA’s “Fuck the Police” rap song.

“In Spain, freedom of speech doesn’t exist, at least when it comes to criticizing the police. The rappers at 9:50 are facing fines and jail time over their anti-police lyrics! Puppeteers are facing terrorism charges over a play depicting police planting fake evidence to set someone up on terrorism charges. You get arrested and fined 400€ for saying “I’d be ashamed to be a police officer,” according to the hacker.

At the time of publishing this article, the Catalan Police Union website was down.

About Catalonia:

Catalonia is an autonomous community of Spain, located on the northeastern extremity of the Iberian Peninsula.