Pierluigi Paganini September 17, 2014

WikiLeaks has published copies of the criticized FinFisher surveillance software, claiming that the malware is sold to the most “abusive” regimes in the world.

Copies of the surveillance software “FinFisher” were made available for public scrutiny by WikiLeaks early this week. The international, online journalistic organization has decided to publish the public disclose the criticized software online to allow exponents of the security community to conduct a technical review of the spyware.

The malware is for law enforcement and government use, but it seems to be  preferred for those regimes that desire to monitor representatives of the opposition. FinFisher is considered powerful cyber espionage malware developed by Gamma Group that is able to secretly spy on victim’s computers intercepting communications, recording every keystroke and taking the complete control of the machine.

WikiLeaks published the information online last Monday, the organization has the explicit intent to neutralize the menace represented by Finfisher and any other surveillance software.

“Today, 15 September 2014, WikiLeaks releases previously unseen copies of weaponised German surveillance malware used by intelligence agencies around the world to spy on journalists, political dissidents and others.

FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release.”

WikiLeaks co-founder, Julian Assange, has criticized the German Government accusing the government to protect FinFisher while it is expressing concerns about privacy disappoint surveillance activities conducted by foreign government, including the US.

“FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers.” said Assange. 

Wikileaks has published the FinFisher Relay and FinSpy Proxy components of the FinFisher architecture. These modules are used to collect data syphoned from victim machines and send them back to the command and control servers. A network of C&C servers is deployed worldwide and is used by FinFisher, such as by other similar software, to anonymize the traffic and hide the identity of the bad actors.

Let me suggest to read a report published by the organization Citizen Lab, which revealed that capability of FinFisher to infect almost every mobile device.

WikiLeaks has also published other material related to Finfisher, including files related to the recent FinFisher. The leaked document includes brochures and a database of the customer support website.

“In order to make the data more easily accessible and consumable, all the new brochures, videos and manuals are now available organized under the related FinFisher product name. The database is represented in full, from which WikiLeaks compiled a list of customers, their eventual attribution, all the associated support tickets and acquired licenses, along with the estimated costs calculated from FinFisher’s price list. WikiLeaks conservatively estimates FinFisher’s revenue from these sales to amount to around €50,000,000. Within the full list of customers, it’s worth noticing that among the largest is Mongolia, which has been recently selected as new Chair of the Freedom Online Coalition.” reports the official announcement issued by Wikileaks.

The scientific community is divided on the decision of WikiLeaks to publish copies of FinFisher. Some experts disagree with Assange and argue that the choice could paradoxically increase the spread of malware in an uncontrolled manner because bad actors may be able to use it for illegal activities.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  FinFisher, Wikileaks )  

[adrotate banner=”12″]