Wikileaks Releases FinFisher ‘Weaponized Malware’ Customer List
The whistleblower website Wikileaks on Monday released portions of the FinFisher surveillance suite, along with a customer list which includes police in Australia and the Netherlands as well as security and intelligence agencies in 15 nations.
New South Wales Police and KLPD, the national police force of the Netherlands, are listed as customers for the weaponized German surveillance malware, which can be secretly installed on targeted computers by exploiting security lapses in update procedures of non-suspect software.
Wikileaks also named state security and intelligence agencies in 15 nations as FinFisher clients: Slovakia, Mongolia, Qatar, South Africa, Bahrain, Pakistan, Estonia, Vietnam, Belgium, Nigeria, Singapore, Bangladesh, Hungary, Italy and Bosnia and Herzogovina.
Based on the customer list it published, Wikileaks estimates FinFisher made as much as $127.2 million. According to a Wikileaks SpyFiles release, the company “produces and sells computer intrusion systems, software exploits and remote monitoring systems” which can intercept communications on operating systems including Windows, iOS, Android, OS X, Linux, Symbian, BlackBerry and Windows Mobile devices.
FinFisher’s software suite includes FinSpy PC, spyware “designed to be covertly installed on a Windows computer and silently intercept files and communications, such as Skype calls, emails, video and audio through the webcam and microphone,” according to Wikileaks.
Australia’s New South Wales Police purchased about $2.3 million in FinFisher software.
Under existing Australian law, police and state security agencies may obtain warrants to search individual telecommunications content data, CNet reports. Under the nation’s Telecommunications (Interception and Access) Act, warrantless metadata collection is permitted under certain circumstances.
An alleged support ticket from NSW Police reported by ZDNet states FinSpy experienced difficulties with OS X when a surveillance target was offline.
“When a Mac target is online, there is a configuration link which allows updating the configuration of the target and Trojan,” the ticket stated. “However, when the target is offline, there isn’t any configuration link. This only appears on a Mac target. Linux and Windows targets have configuration links when the target is both online and offline.”
Last month, Netzpolitik.org reported FinFisher was hacked, resulting in the publication of 40 gigabytes of internal data. The hack also resulted in the circulation of a file on BitTorrent which reportedly contained client and price lists, source code and other sensitive details regarding FinFisher software.
Wikileaks’ Australian founder, Julian Assange, said in a statement that the latest FinFisher release would lead to measures to protect users from the malware and to identify its command and control servers. Assange, who remains confined in the Ecuadorean embassy in London as a result of a two-year legal battle involving possible extradition to Sweden to face sex crimes charges, also claimed the German government is protecting FinFisher.
“FinFisher continues to operate brazenly from Germany, selling weaponized surveillance malware to some of the most abusive regimes in the world,” Assange’s statement said. “The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher?”
FinFisher has grown hugely popular in recent years, gaining powerful enemies along with countless fans. Last year, Mozilla sent the company a cease and desist letter after discovering its malware was impersonating Firefox in order to infect targets.