Yawn, Wikileaks, we already knew about FinFisher. But these software binaries...
Latest Assange leakgasm includes full copies of spyware
WikiLeaks is making the controversial FinFisher commercial spyware tool available for download as part of the latest in a series of leaks that have put the operations of the controversial business under the microscope.
FinFisher, which was part of UK-based Gamma Group International until late 2013 before relocating to Germany, develops and sells computer intrusion systems, software exploits and remote monitoring systems that can be used to spy on people using desktops and smartphones.
Multiple platforms (Windows, Mac and Linux) and smartphone OSes (Android, BlackBerry and, yes, iOS) are supported by malware used by police and intelligence agencies around the world to spy on political dissidents, journalists and others.
FinFisher Relay and FinSpy Proxy are the components of the FinFisher suite designed to collect data from infected victims and deliver it to surveillance operators, respectively. WikiLeaks has published both alongside previously unreleased copies of the FinFisher FinSpy PC spyware for Windows. This software is designed to be surreptitiously installed on a Windows computer before being used to silently intercept files and communications, such as Skype calls, emails, video and audio.
A copy of the code for FinSpy Master, which is used to control data collection, has also been published by Julian Assange's whistleblowing site.
WikiLeaks argues that publishing the code will help security researchers to track down more FinFisher control nodes.
Assange, WikiLeaker in chief, said: "FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers."
Privacy and human rights activists, including WikiLeaks and Citizen Lab, have been documenting FinFisher's business and technology since 2011.
WikiLeaks latest leaks include copies of the vendor's invoices and support tickets, which unmask the names of many of its clients and how much they've paid for the controversial technology. Among the largest customers is Mongolia, which has been recently selected as new chair of the Freedom Online Coalition.
Other notable customers in the list include Bahrain, where use of FinFisher has been linked to the blackmail and imprisonment of human rights activists. Lawyers in the Middle Eastern kingdom also have governments and police forces in Western countries also make the client list: among them are Australia (NSW Police), Belgium, the Netherlands, Singapore, Hungary and Italy.
FinFisher's sales peg out at least €50m ($64.7m), according to WikiLeaks.
WikiLeaks' latest release organises documents obtained after an anonymous hacker, who goes by the handle of PhineasFisher, broke into the corporate network of the controversial firm and swiped its customer support database as well as brochures and other marketing collateral and documents back in August. All the whistleblowing site is doing here is cataloguing and indexing previously exposed information on FinFisher's clients rather than releasing anything new, as WikiLeaks itself explains. ®
Sponsored: Global DDoS threat landscape report