Security Experts:

Connect with us

Hi, what are you looking for?



WikiLeaks Names Customers of Controversial Surveillance Software

WikiLeaks today released new information on FinFisher, and a list of countries that have acquired licenses for the controversial suite of IT surveillance software.

WikiLeaks today released new information on FinFisher, and a list of countries that have acquired licenses for the controversial suite of IT surveillance software.

FinFisher, which until October 2013 was sold by the UK-based Gamma Group, is currently maintained by the independent German company FinFisher GmbH. The surveillance solution suite, which is said to be designed to intercept communications on most popular computer platforms, has often been condemned by human rights organizations because it has been sold to various totalitarian regimes around the world that use it to spy on their opponents.

Last month, a hacker claiming to have breached the systems of Gamma leaked a total of 40Gb of files stolen from the organization’s networks. By analyzing support requests contained in the leak, WikiLeaks managed to identify several entities that acquired what it calls “weaponised German surveillance malware.”

The list of customers includes Slovakia, Mongolia, South Africa, Pakistan, Bahrain, Vietnam, Estonia, Nigeria, Bangladesh, Bosnia and Herzegovina, Italy, Singapore and Belgium. Interestingly, law enforcement agencies in Australia, the Netherlands, and Hungary’s Secret Service are also on the list.

In Australia, for instance, the New South Wales (NSW) Police allegedly acquired a total of nine licenses for FinFisher and other surveillance products. A total of 16 licenses were purchased by Mongolia, the country that was named in May the chair of the Freedom Online Coalition.

Representatives of the NSW Police told SecurityWeek that “it’s not appropriate to comment” given that the technology in question relates to operation capability.

WikiLeaks has calculated that FinFisher has sold licenses worth roughly €100 million ($129 million). The amount includes licenses marked as “deleted,” but it does not include the profit made from the sale of FinFly ISP, a solution that’s deployed on the networks of Internet service providers.

“Consider that the FinFly ISP licenses were not taken into account as no price as provided, and that support and training costs were not included in this estimation. Therefore we could realistically expect a higher number,” WikiLeaks said.

In addition to the list of customers, WikiLeaks also published videos, brochures, manuals, and even copies of the actual software. The organization hopes that through the analysis of the programs, security and privacy researchers will be able to improve detection, and identify other countries where FinFisher solutions are currently being utilized.

“FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world,” said WikiLeaks Editor-in-Chief Julian Assange, who for the past two years has been taking refuge in Ecuador’s embassy in London. “The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...


A top U.S. intelligence official on Thursday urged Congress to renew sweeping powers granted to American spy agencies to surveil and examine communications, saying...