Disclosed 40 GB of data of FinFisher government spyware related to alleged Gamma hack

August 8, 2014  By Pierluigi Paganini


A Hacker claims to have hacked the network of Gamma International firm and he has leaked docs related to the malware-for-government FinFisher.

Earlier this week the British company Gamma International appears to have been hacked and a collection of files from its systems have been leaked on the Internet. The security firm is popular because it designs spyware applications for law enforcement agencies and government entities, its most popular solution is FinFisher, a spyware that is able to secretly spy on target computers intercepting communications, recording every keystroke and taking the complete control of the host.
The news of the clamorous hack was spread via Twitter and Reddit, the hacker who has posted it claims to have successfully infiltrated the network Gamma Internationa and has exposed 40GB of internal data which includes details on the diffusion of the surveillance system FinFisher.

“And that’s the end of the story until a couple days ago when I hacked in and made off with 40GB of data from Gamma’s networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB Here’s a torrent of all the data. Please download and seed. Here’s a twitter feed where I’m posting some of the interesting stuff I find in there, starting off slow to build up rather than just publish all the worst shit at once.

I assumed the hacking would be the hard part and once I got the data it would just kinda go viral on it’s own or something. But it turn’s out without any media access or idea how that shit works, getting people to notice or care is actually kind of hard. Please share and seed the torrent!” is reported on the reddit post Gamma International Leaked.

The leaked documents include the source code of the Web Finfly solution, client lists, price lists, information about the effectiveness of Finfisher malware, user guide, tutorials and support documentation and many other documents.
The Register revealed that the cost for  the FinSpy solution is  1.4 million Euros, the price list details a lot of optional services offered by Gamma for FinFisher.

“A price list, which appeared to be a customers’ record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each. The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform. Support costs ranged from 2218 Euros for USB malware support to 331,840 for fifth year support for FinSpy.” reports the Register.

finfisher Gamma solution slide
The hacker has initially released the full package on Dropbox as a torrent file, in a short time it was spread on the Internet and several Tweets sent by security experts were referring with caution the event.
One of the documents, titled “FinFisher Products Extended Antivirus Test” and dated April 2014, provides an analysis of avoidance capabilities of FinFisher, listing the antivirus detection rates. FinFisher is able to elude the monitoring of principal 35 anti-virus products, evaluation that recognize the product ad very efficient surveillance tool.
The file dump includes many other characteristics of FinFisher, its rootkit component is able to avoid Microsoft Security Essentials but OS X Skype detect the presence of the malware showing a recording prompt to the victim.
According the document FinFisher is not able to spy on communications of Window 8 users, the dump reveals users should opt for the Metro version of Skype rather than the desktop client because it cannot be monitored by the spyware.
The leaked file includes a fake Adobe Flash Player updater, a Firefox plugin for RealPlayer and a detailed documentation for WhatsApp eavesdripping.

price list, which appeared to be a customers’ record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each,” the Reg. reported. “The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform.”

Stay Tuned for more detailed info!

Pierluigi Paganini

(Security Affairs –  FinFisher, spyware)  



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

WordPress and Drupal websites Vulnerable to DoS attack which can make them completely inaccessible

 The popular expert Nir Goldshlager has discovered an XMLRPC vulnerability which affects millions WordPress and Drupal...