After I opened the bit.tar.bz2 file with Ubuntu file manager and navigated to /bitcoinica_legacy/.git/logs/ and opened the HEAD file with gedit.
I confirm this. So the hacker had access to git even after 15th... So they didnt change password or this is an inside job.
or intersango/bitcoin consultancy simply think everyone on this forum is a moron.