The popular German engineered tool that governments around the world have been using to spy on, infect and illegally surveil journalists and activists worldwide has been leaked online by WikiLeaks.
To coincide with its ongoing Spyfiles series of leaks, WikiLeaks has released the front and back end systems of multiple government surveillance tools that we have witnessed agencies abuse over the years to spy on journalists, activists and many other targets. The popular tool known as, FinFisher, has targeted and attacked many high-profile personnel and has been found leaked online.
“FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release,” WikiLeaks wrote.
FinFisher is a deadly tool that can steal keystrokes, Skype conversations, spy on webcams, steal files from the computer, and do much more. It is essentially a Remote Administrative Tool (RAT) for the government.
While there is no complete list of every organization that may have purchased and utilized the software to date, an older list of FinFisher customers was also found leaked in the documents which included Slovakia, Mongolia, Qatar State Security, South Africa, Bahrain, Pakistan, Estonia, Vietnam, Australia NSW Police, Belgium, Nigeria, Netherlands KLPD, PCS Security in Singapore, Bangladesh, Secret Services of Hungary, Italy and Bosnia & Herzegovina Intelligence.
Julian Assange, WikiLeaks Editor in Chief said: “FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers.”
As users continue to dig through the trove of uncovered documents and malware, many have found that nearly every major anti-virus and anti-malware program are whitelisted by FinFisher. Meaning, top anti-virus providers are either begin required by law to dismiss the malware as harmful or FinFisher is consistently testing their products against popular anti-virus products. FinFisher published a full list of anti-virus programs the system can bypass by default.
Digging further through the FinFisher documentation, tools that can perform live forensics on the target’s system, record targets communications (such as email, chats, VoIP, Skype), spy on the target’s webcam, record the microphone, record information transmission, track the computer through nearly every country, bypass 40 well-known antivirus engines, integrate with current law enforcement monitoring functionality, and make use of anonymizing proxies to avoid public detection were also found detailed (PDF) in the FinFisher documentation.
The leak of the FinFisher source code is extremely important as the program is only sold privately to government agencies around the world. This is the first time any usable form of the FinFisher program has been leaked to the public with documentation, customers and a database of information.