Disclosed 40 GB of data of FinFisher government spyware related to alleged Gamma hack

Pierluigi Paganini August 08, 2014

A Hacker claims to have hacked the network of Gamma International firm and he has leaked docs related to the malware-for-government FinFisher.

Earlier this week the British company Gamma International appears to have been hacked and a collection of files from its systems have been leaked on the Internet. The security firm is popular because it designs spyware applications for law enforcement agencies and government entities, its most popular solution is FinFisher, a spyware that is able to secretly spy on target computers intercepting communications, recording every keystroke and taking the complete control of the host.
The news of the clamorous hack was spread via Twitter and Reddit, the hacker who has posted it claims to have successfully infiltrated the network Gamma Internationa and has exposed 40GB of internal data which includes details on the diffusion of the surveillance system FinFisher.

“And that’s the end of the story until a couple days ago when I hacked in and made off with 40GB of data from Gamma’s networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB Here’s a torrent of all the data. Please download and seed. Here’s a twitter feed where I’m posting some of the interesting stuff I find in there, starting off slow to build up rather than just publish all the worst shit at once.

I assumed the hacking would be the hard part and once I got the data it would just kinda go viral on it’s own or something. But it turn’s out without any media access or idea how that shit works, getting people to notice or care is actually kind of hard. Please share and seed the torrent!” is reported on the reddit post Gamma International Leaked.

The leaked documents include the source code of the Web Finfly solution, client lists, price lists, information about the effectiveness of Finfisher malware, user guide, tutorials and support documentation and many other documents.
The Register revealed that the cost for  the FinSpy solution is  1.4 million Euros, the price list details a lot of optional services offered by Gamma for FinFisher.

“A price list, which appeared to be a customers’ record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each. The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform. Support costs ranged from 2218 Euros for USB malware support to 331,840 for fifth year support for FinSpy.” reports the Register.

finfisher Gamma solution slide
The hacker has initially released the full package on Dropbox as a torrent file, in a short time it was spread on the Internet and several Tweets sent by security experts were referring with caution the event.
One of the documents, titled “FinFisher Products Extended Antivirus Test” and dated April 2014, provides an analysis of avoidance capabilities of FinFisher, listing the antivirus detection rates. FinFisher is able to elude the monitoring of principal 35 anti-virus products, evaluation that recognize the product ad very efficient surveillance tool.
The file dump includes many other characteristics of FinFisher, its rootkit component is able to avoid Microsoft Security Essentials but OS X Skype detect the presence of the malware showing a recording prompt to the victim.
According the document FinFisher is not able to spy on communications of Window 8 users, the dump reveals users should opt for the Metro version of Skype rather than the desktop client because it cannot be monitored by the spyware.
The leaked file includes a fake Adobe Flash Player updater, a Firefox plugin for RealPlayer and a detailed documentation for WhatsApp eavesdripping.

price list, which appeared to be a customers’ record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each,” the Reg. reported. “The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform.”

Stay Tuned for more detailed info!

Pierluigi Paganini

(Security Affairs –  FinFisher, spyware)  



you might also like

leave a comment