Gamma FinFisher hacked: 40 GB of internal documents and source code of government malware published

BoerenkoolMetWorst · Aug 6, 2014

A hacker claims to have hacked a network of the surveillance technology company Gamma International and has published 40 gigabytes of internal data. A Twitter account has published release notes, price lists – and source code. Malware researchers and human rights activists welcome the publication, Gamma itself refuses to comment.
Click to expand...

https://netzpolitik.org/2014/gamma-...-source-code-of-government-malware-published/

A remarkable part from their brochure:
"FinSpy PC proven in action
Internet cafes
A government was trying to reduce the crime rate in its poorest metropolitan area. FinSpy PC was
installed on several computer systems inside Internet cafes in this region in order to monitor them
for suspicious activity, especially international VoIP communication. Using the webcam, pictures of
the targets were taken while they were using the system. "
Doesn't really sound legal to me, they don't know who they're going to spy on and there's not even an important reason like 'national security' or whatever.

Still bypassing most AV's:
hxxps://netzpolitik.org/wp-upload/Anti-Virus-Results-FinSpy-PC-4.51.xlsm

noone_particular · Aug 6, 2014

If true, this is poetic justice at its finest.

Minimalist · Aug 10, 2014

An anonymous author who claims to be the hacker who penetrated controversial UK-based Gamma Group International and aired 40 gigabytes of its dirty laundry has published a how-to guide for other hacktivists.
Click to expand...

http://arstechnica.com/security/201...thor-claiming-role-in-breach-of-spyware-firm/

Dermot7 · Aug 15, 2014

The publishing of materials from a support server belonging to surveillance-industry giant Gamma International has provided a trove of information for technologists, security researchers and activists. This has given the world a direct insight into a tight-knit industry, which demands secrecy for themselves and their clients, but ultimately assists in the violation human rights of ordinary people without care or reproach.

Now for the first time, there is solid confirmation of Gamma's activities from inside the company's own files, despite their denials, on their clients and support provided to a range of governments.
Click to expand...

https://www.privacyinternational.org/blog/six-things-we-know-from-the-latest-finfisher-documents

lotuseclat79 · Aug 15, 2014

You Can Get Hacked Just By Watching This Cat Video on YouTube.

Many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites. People also think that the NSA and its international partners are the only ones who have turned the internet into a militarized zone. But according to research I am releasing today at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, many of these commonly held beliefs are not necessarily true. The only thing you need to do to render your computer’s secrets—your private conversations, banking information, photographs—transparent to prying eyes is watch a cute cat video on YouTube, and catch the interest of a nation-state or law enforcement agency that has $1 million or so to spare.

To understand why, you have to realize that even in today’s increasingly security-conscious internet, much of the traffic is still unencrypted. You might be surprised to learn that even popular sites that advertise their use of encryption frequently still serve some unencrypted content or advertisements. While people now recognize that unencrypted traffic can be monitored, they may not recognize that it also serves as a direct path into compromising their computers.[/uqote]

Related: Schrodinger’s Cat Video and the Death of Clear-Text.

Key Findings

Commercial network injection appliances are actively targeting Google’s YouTube and Microsoft’s Live services in order to install surveillance implants on targets across the globe.

Documents indicate that a prototype for targeted surveillance network injection appliances sold to the governments of Oman and Turkmenistan was designed by CloudShield Technologies, a US Department of Defense contractor.1 (See Footnote 1)

This report reveals never before seen documentation on the operation of Network Injection appliances from both Hacking Team and FinFisher and provides source code for an early prototype of FinFisher’s FinFly ISP product.
Click to expand...

-- Tom
Click to expand...

Minimalist · Aug 17, 2014

A new report form the Toronto-based internet watchdog Citizen Lab has shown cases of governments running network injection attacks that can deliver malware via any HTTP web connection.
Click to expand...

http://www.theregister.co.uk/2014/0...work_injection_attacks_documented_in_the_wild

siljaline · Aug 18, 2014

Wikipedia has some useful info on FinFisher.

CloneRanger · Aug 21, 2014

LOL ! Hackers get Hacked, i'm Very pleased.

FinFisher et al is/are easy to block. I tested it on here before & it's toast on my comp !

sysfu · Aug 23, 2014

@CloneRanger ; could you please point me to some instructions on how to test a system against the FinFisher malware?

Dogbiscuit · Aug 23, 2014

From the FinFisher Internal Newsletter, July 2011:

FinFly USB can now be converted to a bootable USB that is able to infect Target Systems during the boot process. This can now also be done using a CD-ROM.

Important: This infection technique works even when the Target System is switched off and full hard-disk encryption software like TrueCrypt or Bitlocker is used.
Click to expand...

http://www.propublica.org/documents...-newsletter-jul-2011.html#document/p5/a170859

siljaline · Aug 24, 2014

You may not, as an individual, be able to test against FinFisher but your AV | AS Vendor (hopefully) protects you from ESET named Trojan variant Win32/Belesak

Added reading:
Finfisher and the Ethics of Detection
http://www.welivesecurity.com/2012/08/31/finfisher-and-the-ethics-of-detection/

CloneRanger · Sep 3, 2014

@ sysfu

Do a search on here for my FF thread. Also i have an Anti EXE/SYS etc & Anti Keylogging etc HIPS App installed. These are a BIG help in preventing such nasties etc getting installed and/or running !

MrBrian · Sep 7, 2014

German Companies Are Selling Unlicensed Surveillance Technologies to Human Rights Violators – and Making Millions

BoerenkoolMetWorst · Sep 15, 2014

Wikileaks releases lots of info on FinFisher including weaponised FinSpy PC samples:
https://wikileaks.org/spyfiles4/index.html

siljaline · Sep 16, 2014

WikiLeaks posts 'weaponized malware' for all to download

Sometimes when we seek to understand the impact of a digital scenario, we recast it in meatspace and describe an analogous situation. In seeking to understand the most recent (and probably most epically irresponsible) WikiLeaks posting, the meatspace analogy will come in handy. [...]
Click to expand...

http://www.zdnet.com/astonishingly-...nized-malware-for-all-to-download-7000033716/

Dermot7 · Sep 22, 2014

Documents recently released by WikiLeaks have brought new evidence to the public eye that the intrusive surveillance spyware FinFisher may be in use by several members of the Freedom Online Coalition, including Mongolia, Netherlands, and Estonia.1

If this evidence is correct, it should rightly raise serious concerns around the world. FinFisher is notorious malware—software that allows those who use it to place programs, often called Trojans, remotely onto computers and devices operated by others, usually without the target's knowledge much less consent.
Click to expand...

https://www.eff.org/deeplinks/2014/09/statement-use-finfisher-members-freedom-online-coalition

Dermot7 · Oct 13, 2014

https://www.privacyinternational.or...nal-complaint-on-behalf-of-bahraini-activists

Privacy International today has made a criminal complaint to the National Cyber Crime Unit of the National Crime Agency, urging the immediate investigation of the unlawful surveillance of three Bahraini activists living in the UK by Bahraini authorities using the intrusive malware FinFisher supplied by British company Gamma.
Click to expand...

While it’s long been known that Gamma has provided surveillance capabilities to Bahrain, amongst other countries, the extent of Gamma’s complicity in Bahrain’s unlawful surveillance of individuals located abroad has only recently been confirmed. Two months ago, a number of internal Gamma documents were published revealing that Gamma is both aware of, and actively facilitating, the Bahraini regime’s surveillance of targets located outside Bahrain through the provision of intrusion technology called FinFisher to the Bahraini authorities.
Click to expand...

warpro · Oct 15, 2014

Just in case anyone wants to have a look

https://netzpolitik.org/wp-upload/finfisher.torrent

siljaline · Feb 26, 2015

Gamma's FinFisher caught in the wrong hands, once again.

• Synopsis -

FinFisher, the spyware sold to police and tyrants around the globe, has gained the dubious honor of becoming the first piece of software judged by the Organization for Economic Co-operation and Development to have trampled human rights. The OCED is an influential consortium of world powers. [...]
Click to expand...

http://www.theregister.co.uk/2015/0...rman_finfisher_spyware_violated_human_rights/

BoerenkoolMetWorst · Oct 16, 2015

Despite the large hack, lots of countries using FinFisher:

Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation

This post describes the results of Internet scanning we recently conducted to identify the users of FinFisher, a sophisticated and user-friendly spyware suite sold exclusively to governments. We devise a method for querying FinFisher’s “anonymizing proxies” to unmask the true location of the spyware’s master servers. Since the master servers are installed on the premises of FinFisher customers, tracing the servers allows us to identify which governments are likely using FinFisher. In some cases, we can trace the servers to specific entities inside a government by correlating our scan results with publicly available sources. Our results indicate 32 countries where at least one government entity is likely using the spyware suite, and we are further able to identify 10 entities by name. Despite the 2014 FinFisher breach, and subsequent disclosure of sensitive customer data, our scanning has detected more servers in more countries than ever before.
Click to expand...

https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/

Minimalist · Oct 18, 2015

The number of Governments using the FinFisher Spyware is increased

The experts at the Citizen Lab used the Zmap tool to reveal the existence of 135 servers (FinSpy Masters and Relays). As explained by the experts the master servers are usually deployed on the customer’s meanwhile proxy servers could be located elsewhere.
Click to expand...

http://securityaffairs.co/wordpress/41169/hacking/finfisher-spyware-new-customers.html

subhrobhandari · Oct 19, 2015

Even Bangladesh, I wasn't aware they could afford that.

Log in or Sign up

Gamma FinFisher hacked: 40 GB of internal documents and source code of government malware published

BoerenkoolMetWorst Registered Member

noone_particular Registered Member

Minimalist Registered Member

Dermot7 Registered Member

lotuseclat79 Registered Member

Minimalist Registered Member

siljaline Registered Member

CloneRanger Registered Member

sysfu Registered Member

Dogbiscuit Guest

siljaline Registered Member

CloneRanger Registered Member

MrBrian Registered Member

BoerenkoolMetWorst Registered Member

siljaline Registered Member

Dermot7 Registered Member

Dermot7 Registered Member

warpro Registered Member

siljaline Registered Member

BoerenkoolMetWorst Registered Member

Minimalist Registered Member

subhrobhandari Registered Member

Log in or Sign up

Gamma FinFisher hacked: 40 GB of internal documents and source code of government malware published

BoerenkoolMetWorst Registered Member

noone_particular Registered Member

Minimalist Registered Member

Dermot7 Registered Member

lotuseclat79 Registered Member

Minimalist Registered Member

siljaline Registered Member

CloneRanger Registered Member

sysfu Registered Member

Dogbiscuit Guest

siljaline Registered Member

CloneRanger Registered Member

MrBrian Registered Member

BoerenkoolMetWorst Registered Member

siljaline Registered Member

Dermot7 Registered Member

Dermot7 Registered Member

warpro Registered Member

siljaline Registered Member

BoerenkoolMetWorst Registered Member

Minimalist Registered Member

subhrobhandari Registered Member

Useful Searches