CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

WikiLeaks Names Customers of Controversial Surveillance Software

WikiLeaks today released new information on FinFisher, and a list of countries that have acquired licenses for the controversial suite of IT surveillance software.

WikiLeaks today released new information on FinFisher, and a list of countries that have acquired licenses for the controversial suite of IT surveillance software.

FinFisher, which until October 2013 was sold by the UK-based Gamma Group, is currently maintained by the independent German company FinFisher GmbH. The surveillance solution suite, which is said to be designed to intercept communications on most popular computer platforms, has often been condemned by human rights organizations because it has been sold to various totalitarian regimes around the world that use it to spy on their opponents.

Last month, a hacker claiming to have breached the systems of Gamma leaked a total of 40Gb of files stolen from the organization’s networks. By analyzing support requests contained in the leak, WikiLeaks managed to identify several entities that acquired what it calls “weaponised German surveillance malware.”

The list of customers includes Slovakia, Mongolia, South Africa, Pakistan, Bahrain, Vietnam, Estonia, Nigeria, Bangladesh, Bosnia and Herzegovina, Italy, Singapore and Belgium. Interestingly, law enforcement agencies in Australia, the Netherlands, and Hungary’s Secret Service are also on the list.

In Australia, for instance, the New South Wales (NSW) Police allegedly acquired a total of nine licenses for FinFisher and other surveillance products. A total of 16 licenses were purchased by Mongolia, the country that was named in May the chair of the Freedom Online Coalition.

Representatives of the NSW Police told SecurityWeek that “it’s not appropriate to comment” given that the technology in question relates to operation capability.

WikiLeaks has calculated that FinFisher has sold licenses worth roughly €100 million ($129 million). The amount includes licenses marked as “deleted,” but it does not include the profit made from the sale of FinFly ISP, a solution that’s deployed on the networks of Internet service providers.

“Consider that the FinFly ISP licenses were not taken into account as no price as provided, and that support and training costs were not included in this estimation. Therefore we could realistically expect a higher number,” WikiLeaks said.

Advertisement. Scroll to continue reading.

In addition to the list of customers, WikiLeaks also published videos, brochures, manuals, and even copies of the actual software. The organization hopes that through the analysis of the programs, security and privacy researchers will be able to improve detection, and identify other countries where FinFisher solutions are currently being utilized.

“FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world,” said WikiLeaks Editor-in-Chief Julian Assange, who for the past two years has been taking refuge in Ecuador’s embassy in London. “The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers.”

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.