WikiLeaks publicly disclosed copies of FinFisher surveillance software

WikiLeaks has published copies of the criticized FinFisher surveillance software, claiming that the malware is sold to the most “abusive” regimes in the world.

Copies of the surveillance software “FinFisher” were made available for public scrutiny by WikiLeaks early this week. The international, online journalistic organization has decided to publish the public disclose the criticized software online to allow exponents of the security community to conduct a technical review of the spyware.

The malware is for law enforcement and government use, but it seems to be  preferred for those regimes that desire to monitor representatives of the opposition. FinFisher is considered powerful cyber espionage malware developed by Gamma Group that is able to secretly spy on victim’s computers intercepting communications, recording every keystroke and taking the complete control of the machine.

Wikileaks FinFisher spywareWikileaks FinFisher spyware

WikiLeaks published the information online last Monday, the organization has the explicit intent to neutralize the menace represented by Finfisher and any other surveillance software.

“Today, 15 September 2014, WikiLeaks releases previously unseen copies of weaponised German surveillance malware used by intelligence agencies around the world to spy on journalists, political dissidents and others.

FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release.”

WikiLeaks co-founder, Julian Assange, has criticized the German Government accusing the government to protect FinFisher while it is expressing concerns about privacy disappoint surveillance activities conducted by foreign government, including the US.

FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers.” said Assange. 

Wikileaks has published the FinFisher Relay and FinSpy Proxy components of the FinFisher architecture. These modules are used to collect data syphoned from victim machines and send them back to the command and control servers. A network of C&C servers is deployed worldwide and is used by FinFisher, such as by other similar software, to anonymize the traffic and hide the identity of the bad actors.

Let me suggest to read a report published by the organization Citizen Lab, which revealed that capability of FinFisher to infect almost every mobile device.

WikiLeaks has also published other material related to Finfisher, including files related to the recent FinFisher. The leaked document includes brochures and a database of the customer support website.

“In order to make the data more easily accessible and consumable, all the new brochures, videos and manuals are now available organized under the related FinFisher product name. The database is represented in full, from which WikiLeaks compiled a list of customers, their eventual attribution, all the associated support tickets and acquired licenses, along with the estimated costs calculated from FinFisher’s price list. WikiLeaks conservatively estimates FinFisher’s revenue from these sales to amount to around €50,000,000. Within the full list of customers, it’s worth noticing that among the largest is Mongolia, which has been recently selected as new Chair of the Freedom Online Coalition.” reports the official announcement issued by Wikileaks.

The scientific community is divided on the decision of WikiLeaks to publish copies of FinFisher. Some experts disagree with Assange and argue that the choice could paradoxically increase the spread of malware in an uncontrolled manner because bad actors may be able to use it for illegal activities.

 

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  FinFisher, Wikileaks )  

[adrotate banner=”12″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

INTERPOL announced that a joint operation code-named Operation Secure took down 20,000+ malicious IPs/domains tied…

3 hours ago

Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited

A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting…

13 hours ago

A flaw could allow recovery of the phone number associated with any Google account

A vulnerability could allow recovery of the phone number associated with a Google account by…

18 hours ago

Texas Department of Transportation (TxDOT) data breach exposes 300,000 crash reports

Hackers breached Texas DOT (TxDOT), stealing 300,000 crash reports with personal data from its Crash…

1 day ago

SAP June 2025 Security Patch Day fixed critical NetWeaver bug

SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch…

1 day ago

U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws…

1 day ago