Wikileaks outs latest FinFisher 'government spyware' that anti-virus can't spot

Berates Germany for allowing makers to operate

Wikileaks has released what it claims are previously unknown fourth-generation versions of the controversial 'government' FinFisher spyware, lambasting the German Government for allowing it to be sold to "some of the most abusive regimes in the world."

In a media announcement fronted with statements from Ecuadorian embassy refugee and editor in chief Julian Assange himself, Wikileaks offered the files for a number of the spyware's components, including Relay 4.3, Proxy 2.1, and Master 2.1, and zips containing 'weaponised' executables for the Windows FinSpy client used to monitor events such as a Skype conversation.

The organisation said its motivation for releasing the files was to "challenge the secrecy and the lack of accountability of the surveillance industry," a reference to the fact that this malware is legally used by a wide variety of governments, including repressive ones.

"FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world," wrote Assange.

"The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers."

Releasing files of malware looks more like a publicity stunt than a major help to the security industry, although it's unlikely that many or even any of them would have detected it. That said, even if they now do, the makers of FinFisher can simply produce a new iteration if they haven't already done so.

Also released by Wikileaks is a bundle of mostly old and known documents, including cheap-looking Videos, dull brochures and support details. However, one eye-catching one is a spreadsheet from April 2014 laid out like a perverse antivirus test where almost every single product fails on almost every single count. For these anti-testers, a failure happens when a program detects FinFisher.

This stands to underline how easy it now is to get past more or less any antivirus program going as long as the malware is new enough or the antivirus older. It is in fairness a tough job for security firms. FinFisher isn't like conventional malware in that it is directed against tiny numbers of people spread across the globe. Spotting malware this rare is a task.

Information taken from the cache also suggested that FinFisher had been used by 64 customers, with 171 licenses issued. That doesn't sound like a lot but this is a very very expensive piece of software and a license gives a lot of use. Wikileaks reckons that it has generated revenue of at up to $100 million and counting.

Governments it said had used it - identified through support requests - included Slovakia, Mongolia, Qatar, South Africa, Bahrain, Pakistan, Estonia, Vietnam, Belgium, Nigeria, Netherlands, PCS Security in Singapore, Bangladesh, Hungary, Italy, Bosnia & Herzegovina, and even Australia's NSW state Police, Wikileaks said.

Wikileaks describes Gamma International as being a German company but it's not entirely clear that it's that simple. The holding company, Lench IT solutions, has a UK subsidiary (where the company started), Gamma International Ltd, but also a German equivalent, Gamma International GmbH. Mysterious.

What we do know is that FinFisher is hugely popular. Too popular. It has also upset companies such as Mozilla which in 2013 sent the firm a cease and desist letter after discovering that the spyware was impersonating Firefox in order to infect targets.

Join the CSO newsletter!

Error: Please check your email address.

Tags skypesecurity

More about MozillaSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E. Dunn

Latest Videos

More videos

Blog Posts