Government spyware exposed after massive data breach

Gamma International Ltd - an Anglo-German company that makes and sells FinFisher spyware to various European, American and Asia Pacific governments and law enforcement agencies - has been bit by a big data breach, revealing hundreds of confidential documents.

Government spyware exposed after massive data breach
Government spyware exposed after massive data breach

An anonymous hacker claimed that he had compromised the company's network on Reddit and Twitter on Wednesday afternoon, and first posted links to a torrent file on Dropbox (it was later removed, but they can be found here instead), containing what is believed to be authentic client records, price lists, source code, the effectiveness of the spyware, support manuals and a list of classes and tutorials.

“Basically it's a European company that sells computer hacking and spying software to governments and police agencies,” read the hacker's post on community website Reddit.

“Two years ago their software was found being widely used by governments in the Middle East, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents.

“Gamma Group (the company that makes FinFisher) denied having anything to do with it, saying they only sell their hacking tools to 'good' governments, and those authoritarian regimes most [sic] have stolen a copy.”

After reportedly compromising the finsupport.finfinisher.com server, the hacker subsequently established a parody ‘GammaGroupPR' Twitter account to give more details on the torrent. He even added some humour too, saying that the firm was now selling the spyware to the general public as it had “run out of governments to sell to.”

One of the leaked spread sheets explained how FinFisher performed when tried to evade detection against the 35 top anti-virus (AV) products, while another document - from April - detailed how Gamma's 2014 patches ensured that version 4.51 of FinFisher (also known as FinSpy)  would include that its rootkit component would not be detected by Microsoft Security Essentials.

The dump further reveals how the malware can be used to record dual Windows screens at the same, and how it is better for email spying when the target is using Mozilla's Thunderbird or Apple's Mail. In addition, supporting documentation indicates that a recording prompt alerts victims to the presence of FinFisher when using Skype on Apple's OS X, and that FinFisher cannot tap Skype users on the 'Metro' version of Windows 8.

Gamma International - which is part of the UK-based Gamma Group - did not confirm the legitimacy of documents at time of publication or if they had been breached.

Information on the Gamma Group spy kit was first leaked to WikiLeaks in October 2011. The spyware has been used mainly is countries in the Middle East in order to spy on dissidents and journalists. 

Page 1 of 2