The organization that produces and sells the world’s most evasive cyber weapon, FinFisher spyware, has been compromised and a 40G file has been dumped on the web.
The monitoring software can remotely control any computer it infects, copy files, intercept Skype calls, log keystrokes, and now we realize it is capable of doing much, much more.
A hacker has released the news on Reddit and Twitter that they’d breached Anglo-German company Gamma International UK Ltd., manufacturers of FinFisher spyware marketed exclusively to governments and police organizations.
The file was linked both on Reddit and @GammaGroupPR Twitter account created by the hacker taking credit for the breach. The Twitter account remains slowly releasing information about the breach.
You can view the Reddit post Gamma International Leaked in self.Anarchism said,
Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents.
Gamma Group (the company that makes FinFisher) denied having anything to do with it, saying they only sell their hacking tools to ‘good’ governments, and those authoritarian regimes most [sic] have stolen a copy.
…a couple days ago [when] I hacked in and made off with 40GB of data from Gamma’s networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB.
The compromised FinFisher files were initially released as a torrent file on Dropbox and have been distributed throughout the internet, which means managing the information leak has become impossible.
One spreadsheet within the dump points out that FinFisher was able to bypass 35 top antivirus products, displaying how the advanced malware effectively beats detection.
The documents also reveal usage statistics by country.
The hacker released pictures of the statics via a Tweet and imgur link:
Recent release notes cover Gamma’s April 2014 patch to make certain its rootkit avoids Microsoft Security Essentials. Additionally, it describes that the malware records dual screen Windows setups, and reports better email interception with Mozilla Thunderbird and Apple Mail.