FinFisher spyware, a spyware application used by government and law enforcement agencies for the purpose of surveillance, appears to have been hacked earlier this week and a string of files has been dumped on the Internet.
The highly secret surveillance software called “FinFisher” sold by British company Gamma International can secretly monitors computers by turning ON webcams, recording everything the user types with a keylogger, and intercepting Skype calls, copying files, and much more.
A hacker has claimed on Reddit and Twitter that they'd infiltrated the network of one of the world's top surveillance & motoring technology company Gamma International, creator of FinFisher spyware, and has exposed 40GB of internal data detailing the operations and effectiveness of the FinFisher suite of surveillance platforms.
The leaked information was published both on a parody Gamma Group Twitter account (@GammaGroupPR) and Reditt by the hacker that began publishing links to the documents and satirical tweets.
The leaked files includes client lists, price lists, source code of Web Finfly, details about the effectiveness of Finfisher malware, user and support documentation, a list of classes/tutorials, and much more.
The Reddit post Gamma International Leaked in self.Anarchism said, “a couple days ago [when] I hacked in and made off with 40GB of data from Gamma's networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lots of other stuff in that 40GB.”
The FinFisher files were first leaked on Dropbox as a torrent file and since have been shared across the internet, which means that it is now impossible to stop the information from being leaked.
One spreadsheet in the dump titled FinFisher Products Extended Antivirus Test dated April this year, details the anti-virus detection rates of the FinFisher spyware which German based Gamma Group sold to governments and law enforcement agencies.
It shows how FinFisher performed well against 35 top antivirus products. That means FinFisher would probably not be detected by a targeted users' security systems.
One more document also dated April this year has been identified that detailed release notes, for version 4.51 of FinSpy, show a series of patches made to the products including patch to ensure rootkit component could avoid Microsoft Security Essentials, that the malware could record dual screen Windows setups, and improved email spying with Mozilla Thunderbird and Apple Mail.
The file dump also reveals that FinFisher is detected by OS X Skype (a recording prompt appears), so the users of OS X Skype would be alerted to the presence of FinFisher by a notification indicating that a recording module was installed.
FinFisher cannot tap Windows 8 users, so rather the desktop client, the users should opt for the Metro version of Skype.
The dump also contains a fake Adobe Flash Player updater, a Firefox plugin for RealPlayer and an extensive (though still undetermined) documentation for WhatsApp.
“A price list, which appeared to be a customers' record, revealed the FinSpy program cost 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each,” the Reg. reported. “The document did not contain a date but it did show prices for malware targeting the recent iOS version 7 platform.”
About the author