WikiLeaks - Intelligence

Spy Files

Release 4


15 September, 2014


Today, 15 September 2014, WikiLeaks releases previously unseen copies of weaponised German surveillance malware used by intelligence agencies around ​the world to spy on journalists, political dissidents and others.


FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion ​systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux ​computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when ​WikiLeaks published documents detailing their products and business in the first SpyFiles release.


Since the first SpyFiles release, researchers published reports that identified the presence of FinFisher products in countries around the world and ​documented its use against journalists, activists and political dissidents.


Julian Assange, WikiLeaks Editor in Chief said: "FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of ​the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the ​Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher ​including by tracking down its command and control centers."


FinFisher Relay and FinSpy Proxy are the components of the FinFisher suite responsible for collecting the data acquired from the infected victims and ​delivering it to their controllers. It is commonly deployed by FinFisher's customers in strategic points around the world to route the collected data through ​an anonymizing chain, in order to disguise the identity of its operators and the real location of the final storage, which is instead operated by the FinSpy ​Master.



















WikiLeaks is also publishing previously unreleased copies of the FinFisher FinSpy PC spyware for Windows. This software is designed to be covertly installed ​on a Windows computer and silently intercept files and communications, such as Skype calls, emails, video and audio through the webcam and microphone ​(you can find more details on FinSpy in the first SpyFiles release). In order to prevent any accidental execution and infection, the following files have been ​renamed and compressed in password protected archives (the password is "infected"). They are weaponised malware, so handle carefully.















In order to challenge the secrecy and the lack of accountability of the surveillance industry, analyzing the internals of this software could allow security and ​privacy researchers to develop new fingerprints and detection techniques, identify more countries currently using the FinFisher spyware and uncover human ​rights abuses.


In addition, in this fourth iteration of the SpyFiles collection, WikiLeaks publishes the newly indexed material the same as the recent FinFisher breach (for ​which you can find the torrent file here), including new brochures and a database of the customer support website, that provide updated details on their ​productline and a unique insight into the company's customer-base.


In order to make the data more easily accessible and consumable, all the new brochures, videos and manuals are now available organized under the related ​FinFisher product name. The database is represented in full, from which WikiLeaks compiled a list of customers, their eventual attribution, all the associated ​support tickets and acquired licenses, along with the estimated costs calculated from FinFisher's price list.


WikiLeaks conservatively estimates FinFisher's revenue from these sales to amount to around €50,000,000. Within the full list of customers, it's worth ​noticing that among the largest is Mongolia, which has been recently selected as new Chair of the Freedom Online Coalition.


Together with the previous releases, the SpyFiles collection represents a unique and central resource where to find extensive and exclusive documentation ​about the global surveillance industry, also indexed and searchable through the WikiLeaks Search.




Release 3


4 September, 2013


Today, Wednesday 4 September 2013 at 1600 UTC, WikiLeaks released 'Spy Files #3' – 249 documents from 92 global intelligence contractors. These ​documents reveal how, as the intelligence world has privatised, US, EU and developing world intelligence agencies have rushed into spending millions on ​next-generation mass surveillance technology to target communities, groups and whole populations.


WikiLeaks' publisher Julian Assange stated: "WikiLeaks' Spy Files #3 is part of our ongoing commitment to shining a light on the secretive mass surveillance ​industry. This publication doubles the WikiLeaks Spy Files database. The WikiLeaks Spy Files form a valuable resource for journalists and citizens alike, ​detailing and explaining how secretive state intelligence agencies are merging with the corporate world in their bid to harvest all human electronic ​communication."


WikiLeaks' Counter Intelligence Unit has been tracking the trackers. The WLCIU has collected data on the movements of key players in the surveillance ​contractor industry, including senior employees of Gamma, Hacking Team and others as they travel through Azerbaijan, Bahrain, Brazil, Spain, Mexico and ​other countries.


Julian Assange, WikiLeaks' publisher, stated: "The WikiLeaks Counter Intelligence Unit operates to defend WikiLeaks' assets, staff and sources, and, more ​broadly, to counter threats against investigative journalism and the public's right to know."


Documents in Spy Files #3 include sensitive sales brochures and presentations used to woo state intelligence agencies into buying mass surveillance services ​and technologies. Spy Files #3 also includes contracts and deployment documents, detailing specifics on how certain systems are installed and operated.


Internet spying technologies now being sold on the intelligence market include detecting encrypted and obfuscated internet usage such as Skype, BitTorrent, ​VPN, SSH and SSL. The documents reveal how contractors work with intelligence and policing agencies to obtain decryption keys.


The documents also detail bulk interception methods for voice, SMS, MMS, email, fax and satellite phone communications. The released documents also ​show intelligence contractors selling the ability to analyse web and mobile interceptions in real-time.

Contracts and deployment documents in the release show evidence of these technologies being used to indiscriminately infect users in Oman with remote-​controlled spyware. The FinFly 'iProxy' installation by Dreamlab shows how a target is identified and malware is silently inserted alongside a legitimate ​download while keeping the intended download functioning as expected. The target identification methods mean that anybody connecting through the same ​network would be systematically and automatically intercepted and infected as well, even unintended targets.



Organisations to contact for comment:


Privacy International: https://www.privacyinternational.org/ - eric@privacy.org / mike@privacy.org

Bugged Planet: http://buggedplanet.info/ - mail@buggedplanet.info

Citizen Lab: http://citizenlab.org/ - info@citizenlab.org


Lead journalist: Sarah Harrison





Release 2


8 December, 2011


On Thursday, December 1st, 2011 WikiLeaks began publishing The Spy Files, thousands of pages and other materials exposing the global mass surveillance ​industry.




Release 1


1 December, 2011


On Thursday, December 1st, 2011 WikiLeaks began publishing The Spy Files, thousands of pages and other materials exposing the global mass surveillance ​industry.



Media Partners


Pagina 12 - Argentina

Publica - Brazil

Bivol - Bulgaria

El Telégrafo - Ecuador

Al-Masry Al-Youm - Egypt

Rue89 - France

NDR - Germany

Süddeutsche Zeitung - Germany

The Hindu - India

L'Espresso - Italy

La Repubblica - Italy

La Jornada - Mexico

Fairfax NZ News - New Zealand

Dagens Næringsliv - Norway

RT - Russia

Publico - Spain

CorpWatch - US

McClatchy - US

OWNI

Bugged Planet

Bureau of Investigative Journalism

Privacy International

ARD

The Washington Post


File Name

Product Name

MD5

File Size

FinFisher Relay v4.30

180caf23dd71383921e368128fb6db52

224K

FinSpy Proxy v2.10


3dfdac1304eeaaaff57cc11317768511


320K

FinSpy Master v2.10

03d93c49a536d149206f5524d87fa319


2.5M

File Name

Product Name

MD5

File Size

FinSpy PC

2d5c810035dc0f83036fb12e8775817a

224K

FinSpy PC

434b83eba7619cb706492ff019ade0d5

320K