Skip to main content



Today, 15 September 2014, WikiLeaks releases previously unseen copies of weaponised German surveillance malware used by intelligence agencies around the world to spy on journalists, political dissidents and others.

FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release.

Since the first SpyFiles release, researchers published reports that identified the presence of FinFisher products in countries around the world and documented its use against journalists, activists and political dissidents.

Julian Assange, WikiLeaks Editor in Chief said: "FinFisher continues to operate brazenly from Germany selling weaponized surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher?

This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers."

FinFisher Relay and FinSpy Proxy are the components of the FinFisher suite responsible for collecting the data acquired from the infected victims and delivering it to their controllers. It is commonly deployed by FinFisher's customers in strategic points around the world to route the collected data through an anonymizing chain, in order to disguise the identity of its operators and the real location of the final storage, which is instead operated by the FinSpy Master.

WikiLeaks is also publishing previously unreleased copies of the FinFisher FinSpy PC spyware for Windows. This software is designed to be covertly installed on a Windows computer and silently intercept files and communications, such as Skype calls, emails, video and audio through the webcam and microphone
(you can find more details on FinSpy in the first SpyFiles release).

DISCLAIMER : In order to prevent any accidental execution and infection, the following files have been renamed and compressed in password protected archives (the password is "infected").
They are weaponised malware, so handle carefully.

In order to challenge the secrecy and the lack of accountability of the surveillance industry, analyzing the internals of this software could allow security and privacy researchers to develop new fingerprints and detection techniques, identify more countries currently using the FinFisher spyware and uncover human rights abuses.

In addition, in this fourth iteration of the SpyFiles collection, WikiLeaks publishes the newly indexed material the same as the recent FinFisher breach (for which you can find the torrent file here), including new brochures and a database of the customer support website, that provide updated details on their productline and a unique insight into the company's customer-base.

In order to make the data more easily accessible and consumable, all the new brochures, videos and manuals are now available organized under the related FinFisher product name. The database is represented in full, from which WikiLeaks compiled a list of customers, their eventual attribution, all the associated support tickets and acquired licenses, along with the estimated costs calculated from FinFisher's price list.

WikiLeaks conservatively estimates FinFisher's revenue from these sales to amount to around €50,000,000. Within the full list of customers, it's worth noticing that among the largest is Mongolia, which has been recently selected as new Chair of the Freedom Online Coalition.

Together with the previous releases, the SpyFiles collection represents a unique and central resource where to find extensive and exclusive documentation about the global surveillance industry, also indexed and searchable through the WikiLeaks Search.

This is how it works

FinFisher - Customers

Through FinFisher's support and feedback platform, customers could provide feedback, open support request and obtain updates to the products they acquired.

The majority of customers are just identified by a 8 digits long alphanumeric username, the few recognizable usernames revealed names of third companies such as Cobham Surveillance GmbH in Germany, Dyplex Communications Ltd in Canada, Elaman GmbH in Germany and Trovicor GmbH in Germany. It's important to notice that none of them have product licenses associated with them, meaning they might be distribution partners, rather than actual customers.

Some customers were identified through the analysis of support requests and attached documents they provided to FinFisher support. This included Slovakia, Mongolia, Qatar State Security, South Africa, Bahrain, Pakistan, Estonia, Vietnam, Australia NSW Police, Belgium, Nigeria, Netherlands KLPD, PCS Security in Singapore, Bangladesh, Secret Services of Hungary, Italy and Bosnia & Herzegovina Intelligence.

Provided with the price list, we calculated an estimation of the profit FinFisher generated through the sale of surveillance products licenses. Applying the retail price to all the licenses available in the database, they amount to a total of €47,550,196, or €98,362,554 if we consider all the licenses marked as "deleted" too.
Consider that the FinFly ISP licenses were not taken into account as no price was provided, and that support and training costs were not included in this estimation. Therefore we could realistically expect a higher number.

In the following table you can browse through each customer record, read their support requests, see the licenses they acquired, whether they are customers at the time of this publication and an estimation of how much money was invested in the acquisition of such licenses.

E7549C72 South Africa 23


Software Start Expiration Estimated Cost Deleted
FinSpy 2009-09-02 00:00:00 2011-09-03 00:00:00 Base license + 100 targets + 3 agents
FinFly USB 2009-09-02 00:00:00 2011-09-03 00:00:00 €4620Yes
FinFly LAN 2009-09-10 00:00:00 2011-09-14 00:00:00 €32580Yes
FinUSB Suite 2010-06-22 00:00:00 2011-06-30 00:00:00 €13080Yes
FinFly LAN 2009-09-10 00:00:00 2011-09-14 00:00:00 €32580Yes
FinUSB Suite 2010-06-22 00:00:00 2011-06-30 00:00:00 €13080Yes
FinUSB Suite 2010-06-22 02:00:00 2013-01-11 01:00:00 €13080Yes
FinUSB Suite 2010-06-22 02:00:00 2013-01-11 01:00:00 €13080Yes
FinSpy 2009-09-02 02:00:00 2013-01-11 01:00:00 Base license + 100 targets + 3 agents
FinFly USB 2009-09-02 02:00:00 2013-01-11 01:00:00 €4620Yes
FinFly LAN 2009-09-10 02:00:00 2013-01-11 01:00:00 €32580Yes
FinIntrusion Kit 2012-03-17 01:00:00 2013-03-18 01:00:00 €30600Yes
FinIntrusion Kit 2012-03-17 01:00:00 2013-03-18 01:00:00 €30600Yes
FinFly LAN 2012-03-17 01:00:00 2013-03-18 01:00:00 €32580Yes
FinFly LAN 2012-03-17 01:00:00 2013-03-18 01:00:00 €32580Yes
FinIntrusion Kit 2012-03-17 01:00:00 2014-04-29 02:00:00 €30600
FinIntrusion Kit 2012-03-17 01:00:00 2014-04-29 02:00:00 €30600
FinFly USB 2009-09-02 02:00:00 2014-04-29 02:00:00 €4620
FinSpy 2009-09-02 02:00:00 2014-04-29 02:00:00 Base license + 100 targets + 3 agents
FinUSB Suite 2010-06-22 02:00:00 2014-04-29 02:00:00 €13080
FinUSB Suite 2010-06-22 02:00:00 2014-04-29 02:00:00 €13080
FinFly LAN 2012-03-17 01:00:00 2014-04-29 02:00:00 €32580
FinFly LAN 2012-03-17 01:00:00 2014-04-29 02:00:00 €32580
Total: €683340 (€2021400)


First Name Subject Description
E7549C72 FinSpy Mobile To whom it may concern

We are currently investigating the possibility of adding the FinSpy Mobile package to our cyber solution.

Brydon was always our contact person and he was in contact with our general manager, but he was moved to another structure. Can you please ask him to prepare a proposal and forward it to

ZAR Screensaver infection Hi,

In previous versions of Finspy, it was possible to embed the trojan into screensaver and the extension remains .scr. With V4.2 it changes the extension to .exe, any particular reason why this occurs.

ZAR FINSPY mobile Hi Sales,

We are considering purchasing the FinSpy Mobile Package.

Will you please supply us with a quotation as soon as possible.

We also had a demo a while ago, but you can supply us with the road map only.


Support Requests

Summary Product Description Attachment
Unable to update to 3.6 and wrong Machine ID with the licence key FinUSB Suite After I successfully imported the new licence it extended the validity period, but it does not upgrade to v3.6. It says there is no internet connection, but I am sure there is.

The licence key and the machine id does not match. See attached screenshot

29 DDCD64A2 Bahrain 7
30 0DBB5B36 7
31 0988BAEB 15 Yes
32 0DF6972B Pakistan 3
34 Dyplex1 0
35 DE8E0FCE 6
36 9145EC2C 5 Yes
37 73DAAD57 5
40 9772CC62 25 Yes
41 979A48A0 2
42 134918DA 44
43 B58616D2 6
44 D5D58215 8 Yes
45 AFE2D27D 4 Yes
46 54F83B4E 14 Yes
47 14ED6D84 Estonia 37 Yes
48 BEC8B100 Vietnam 3
49 88F3D306 Australia NSW Police 9 Yes
50 86BECF61 6 Yes
51 DBB3DED7 3
52 76026992 23 Yes
53 59763BFA 33 Yes
54 C5093EE3 3
55 3FED1144 5 Yes
56 49378CEF 8 Yes
57 CC1AC4B8 5
58 89EC5BB5 12 Yes
59 62CF12AD 9
60 3DF77708 2
61 70CD6D97 Belgium 13
62 79E95D1D 2
63 663F8B4D 3 Yes
64 1E198336 2 Yes
65 F9660CE4 Nigeria 6
66 CF770EB3 1 Yes
67 0917680A 9 Yes
68 20FEC907 Netherlands KLPD 16 Yes
69 B206FF8C Singapore PCS Security 19 Yes
70 82990EA6 6 Yes
71 6B9EDD58 Bangladesh 6 Yes
72 79A22210 3
73 0012A3F0 Hungary SSNS 5 Yes
74 36666677 11 Yes
75 7656ED4D 1
76 DA93FA7D 1
78 FB0C602B 12 Yes
79 22F984B0 5 Yes
80 EDD0F89C 1 Yes
81 7306871B Italy 4 Yes
82 7F425F82 Bosnia Herzegovina Intelligence 3 Yes
83 43A301F9 7 Yes
84 151D22D0 6 Yes
85 80C618D4 Italy 3
86 026B8822 10 Yes
87 C6FEB248 3 Yes
88 CC57BE53 18 Yes
89 2A167AC6 5 Yes
90 F547C8AC 3 Yes
91 F90ACE17 15 Yes
92 Geoff1 1
93 180018D8 7 Yes
94 613780C4 1 Yes
95 6B5CC6A2 1 Yes
96 FCFE2B79 6 Yes
97 C1D31255 7 Yes
98 72EDF7D3 2 Yes
99 78D08C85 10 Yes
100 DAF42FBC 8 Yes


Popular posts from this blog

PROOF ! South Africa Weather and Drought Manipulated!!

South Africa : The weather is weird !? Throughout the country , a profound sweeping glance that South Africa is in its lowest rainfall ever.. Dying cattle, dying people, all starving with no outcome, but in the Free State.. Say isn't this where Monsanto has made their first Debut??
Its Murder all round, the weather is manipulated, proof that weather manipulation is quite possible. Am I pointing fingers at Monsanto? You be the Judge  The global corporate Giant Killer GMO is lurking, quietly modifying the weather , feeding people lots of money to do what they want them to do, After all money makes people do many things.

Maybe Monsanto is Fixing it??


South Africa recorded the driest year in over a century
In 2015, South Africa experienced its driest year in over 100 years, with rainfall below the mean in each of the last four years.
This is according to the South African weather service, which compiled a dataset detailing the average rainfall…

Chemtrails in South Africa Too?? Weather Manipulation Money Station!!! Read Now!!

referal post :

Yes, the US Government Has Experimented With Controlling Hurricanes  and now Chemtrails are weather related? NASA Admit Spraying Poisonous Chemtrails – NASA have admitted to spraying lethal chemtrails into our atmosphere – saying that lithium being sprayed into the Earths ionosphere helps to treat people with manic depression or bi-polar disorder.  NASA personnel have come forward saying that lithium, along with other potentially harmful chemicals, are intentionally sprayed into our environment regularly. reports:
NASA Confesses to Dosing Americans with Air-borne Lithium & Other Chemicals
referral article:           referral article:

Proof that South Africa Has Been Subjected to Geoengineering via the "Rainfall Enhancement Program" It's …

Osiris Marduk and State Capture of South Africa

Daily Maverick ref article : South Africans have been bombarded with revelations of how the state has been hijacked to amass wealth for a connected power elite involving President Jacob Zuma and the Gupta family

An academic research partnership has consolidated all available information into a frightening compendium on state capture, mapping the deals, the key players and the modus operandi for commandeering control of state institutions and parastatals. Their report shows why it is necessary for a judicial inquiry and criminal prosecution for corruption, fraud, money laundering, racketeering and, possibly, treason. It also shows the danger of key enablers such as Zuma, Finance Minister Malusi Gigaba and Eskom CEO Brian Molefe remaining in their posts

Alternative Revelations 
South Africa has undergone a cataclismic shift since the death of Mandela, in this article see the following, crazy as …