Whistleblowing website Wikileaks has released part 4 of its Spyfiles, shedding light on German weaponised malware vendor FinFisher and its suite of products of the same name.
FinFisher used to be part of the UK’s Gamma group. As part of the leaks, Wikileaks has released copies of the vendor's invoices and support tickets with many client names unmasked to show the extent of spying.
Mongolia, the recently elected chair of the Freedom Online Coalition, is one of FinFisher’s larger customers with 16. Its predecessor in the coalition, Estonia, was also one of the largest customers with 37 FinFisher licences.
Many of the clients names remains masked. In many cases the code name is unmasked when the client raises a tech support ticket complete with a description and screenshot of the problem.
For instance, customer 559458B5 was unmasked as Mongolia easily from its support tickets. Indeed one ticket complained to FinFisher that an infected payload aimed at future-mongolia.com was getting blocked. In what may make some breathe a sigh of relief for its show of incompetence, the attacker used his Gmail account, which was of the same name as his FinFisher login name and his real name. Gmail blocks executable payloads from being sent.
On the other hand, customer B206FF8C Singapore, was much more professional - and even raised a support ticket in the wake of the SSL Heartbleed bug to ensure that the FinFisher software and laptops themselves were updated to avoid leaking any information.
Other countries in the region that were identified include Vietnam, Pakistan and Australia’s New South Wales police.
Wikileaks also released copies of the actual FinFisher software in the hope that security analysts can “challenge the secrecy and unaccountability of the company by analysing its internals to come up with detection techniques”. New product brochures were also made available for download.
Julian Assange, WikiLeaks Editor in Chief said, "FinFisher continues to operate brazenly from Germany selling weaponized surveillance malware to some of the most abusive regimes in the world.
“The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers.”
Previously when news of state-sponsored malware first broke, Kasperksy Labs told TelecomAsia, “As a private company, Kaspersky Lab does not have political ties to any governments; it openly shares its knowledge and technical findings with the world’s security community and publishes its research for the wider public to foster collaborative security practices and increased international cooperation.
“As an industry leader in anti-malware protection, Kaspersky Lab’s purpose is to detect and neutralize all forms of malicious programs, regardless of their origin or purpose. The company’s goal is to keep its customers secure and mitigate the risk of future attacks.
“So, Kaspersky Lab’s products do detect and block FinFisher as Backdoor.Win32.Finfish.”