WikiLeaks names NSW Police as FinFisher malware customer

The NSW Police and Singapore's PCS Security Pte Ltd have been named as buyers of FinFischer malware, along with the intelligence arms of the Hungarian, Italian, and Bosnian governments.
Written by Chris Duckett, Contributor

WikiLeaks has today released parts of the FinFisher surveillance suite, as well as a customer list that it claims includes the police forces of the Netherlands and New South Wales, and the intelligence arms of the Hungarian, Qatari, Italian, and Bosnian governments.

Based on the price list it released, WikiLeaks has estimated that FinFisher licence sales brought in between €48 to €98 million, with total revenue said to be higher with FinFly ISP licences not being counted, nor the costs for support.

Of the customers listed, the NSW Police is listed as having purchased €1.8 million in FinFisher software, as well as submitting support requests relating to wanting to categorise keylogged conversations to avoid hot water by intruding on legal privilege, asking for reporting features to meet warrant requirements, and problems with FinSpy updates.

An alleged support ticket from NSW Police states that FinSpy had an issue with OS X when a surveillance target was offline.

"When a mac target is online, there is a configuration link which allows updating the configuration of the target and Trojan," the ticket said. "However, when the target is offline, there isn't any configuration link. This only appears on a mac target. Linux and Windows targets have configuration links when the target is both online and offline."

Singaporean company PCS Security is alleged to have parted with €3.2 million for FinFisher malware, which is claimed by WikiLeaks to be able to operate under all major desktop and mobile operating systems, namely Windows, OS X, Linux, Android, iOS, BlackBerry, Symbian, and Windows Mobile.

WikiLeaks also released copies of FinFisher Relay, FinSpy for Windows, FinSpy Proxy, and FinSpy Master software, a collection of brochures for FinFisher products, and the "full original" MySQL database for FinFisher customer support.

In August, the makers of FinFisher suffered a hack that resulting in a file circulated via BitTorrent that reportedly contained client lists, price lists, source code, details about the effectiveness of Finfisher malware, user and support documentation, and a list of classes/tutorials.

WikiLeaks founder Julian Assange said in a statement that this latest FinFisher release would allow tools to be built to provide protection from FinFisher and to track down the command and control servers used. Assange, who remains holed up in the Ecuadorian embassy in London after two years, further said that the German government is protecting FinFisher.

"FinFisher continues to operate brazenly from Germany, selling weaponised surveillance malware to some of the most abusive regimes in the world," he said. "The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher?"

Reports over the weekend have said that the Five Eyes group of nations — the United States, Australia, the United Kingdom, Canada, and New Zealand — had been using a global internet mapping program dubbed Treasure Map to spy on German telcos' networks, despite US government assurances that the program was not for surveillance purposes.

Assange is due to speak via video conference tonight at the Auckland Town Hall, on a bill that will include Edward Snowden, Kim Dotcom, and journalist Glenn Greenwald.

Greenwald has promised to provide information showing that New Zealanders have been the subject of mass surveillance by the New Zealand government, which, if true, may force Prime Minister John Key to make good on his promise to resign if mass surveillance had taken place.

Key, who called Greenwald "Dotcom's little henchman", said he will declassify documents to prove that he has been telling the truth. He said New Zealand's communications security agency GCSB looked into a plan for such mass surveillance after a series of cyber attacks, but that the plan was rejected and never implemented.

In response to queries from ZDNet, NSW Police said "given this technology relates to operational capabilility, it's not appropriate to comment."

Editorial standards