Today, 15 September 2014, WikiLeaks releases previously unseen copies of weaponised German surveillance malware used by intelligence agencies around the world to spy on journalists, political dissidents and others.
FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release.
Since the first SpyFiles release, researchers published reports that identified the presence of FinFisher products in countries around the world and documented its use against journalists, activists and political dissidents.
Julian Assange, WikiLeaks Editor in Chief said: "FinFisher continues to operate brazenly from Germany selling weaponized surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher?
This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers."
FinFisher Relay and FinSpy Proxy are the components of the FinFisher suite responsible for collecting the data acquired from the infected victims and delivering it to their controllers. It is commonly deployed by FinFisher's customers in strategic points around the world to route the collected data through an anonymizing chain, in order to disguise the identity of its operators and the real location of the final storage, which is instead operated by the FinSpy Master.
(you can find more details on FinSpy in the first SpyFiles release).
DISCLAIMER : In order to prevent any accidental execution and infection, the following files have been renamed and compressed in password protected archives (the password is "infected").
They are weaponised malware, so handle carefully.
In addition, in this fourth iteration of the SpyFiles collection, WikiLeaks publishes the newly indexed material the same as the recent FinFisher breach (for which you can find the torrent file here), including new brochures and a database of the customer support website, that provide updated details on their productline and a unique insight into the company's customer-base.
In order to make the data more easily accessible and consumable, all the new brochures, videos and manuals are now available organized under the related FinFisher product name. The database is represented in full, from which WikiLeaks compiled a list of customers, their eventual attribution, all the associated support tickets and acquired licenses, along with the estimated costs calculated from FinFisher's price list.
WikiLeaks conservatively estimates FinFisher's revenue from these sales to amount to around €50,000,000. Within the full list of customers, it's worth noticing that among the largest is Mongolia, which has been recently selected as new Chair of the Freedom Online Coalition.
Together with the previous releases, the SpyFiles collection represents a unique and central resource where to find extensive and exclusive documentation about the global surveillance industry, also indexed and searchable through the WikiLeaks Search.
This is how it works
FinFisher - Customers
Through FinFisher's support and feedback platform, customers could provide feedback, open support request and obtain updates to the products they acquired.
The majority of customers are just identified by a 8 digits long alphanumeric username, the few recognizable usernames revealed names of third companies such as Cobham Surveillance GmbH in Germany, Dyplex Communications Ltd in Canada, Elaman GmbH in Germany and Trovicor GmbH in Germany. It's important to notice that none of them have product licenses associated with them, meaning they might be distribution partners, rather than actual customers.
Some customers were identified through the analysis of support requests and attached documents they provided to FinFisher support. This included Slovakia, Mongolia, Qatar State Security, South Africa, Bahrain, Pakistan, Estonia, Vietnam, Australia NSW Police, Belgium, Nigeria, Netherlands KLPD, PCS Security in Singapore, Bangladesh, Secret Services of Hungary, Italy and Bosnia & Herzegovina Intelligence.
Provided with the price list, we calculated an estimation of the profit FinFisher generated through the sale of surveillance products licenses. Applying the retail price to all the licenses available in the database, they amount to a total of €47,550,196, or €98,362,554 if we consider all the licenses marked as "deleted" too.
Consider that the FinFly ISP licenses were not taken into account as no price was provided, and that support and training costs were not included in this estimation. Therefore we could realistically expect a higher number.
In the following table you can browse through each customer record, read their support requests, see the licenses they acquired, whether they are customers at the time of this publication and an estimation of how much money was invested in the acquisition of such licenses.
|49||88F3D306||Australia NSW Police||9||Yes|
|69||B206FF8C||Singapore PCS Security||19||Yes|
|82||7F425F82||Bosnia Herzegovina Intelligence||3||Yes|