Gamma International, a British-German surveillance company notorious for providing governments with surveillance tech known as FinFisher, has reportedly been hacked and had a trove of its data leaked.
The dump first appeared on Reddit, where new user "PhineasFisher" provided a link to a torrent of 40GB of data, which he/she says is from a successful hack into the company. The hacker has also set up a jokingly titled 'GammaGroupPR' twitter feed, which is showcasing some of the hack's highlights. German outlet Netzpolitik then sorted out some of the files and mirrored them, providing handy links to different parts of the data.
“I hacked in and made off with 40GB of data from Gamma's networks,” PhineasFisher wrote on Reddit. “I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB.”
Security researchers have suggested that Gamma International's technology is being used by oppressive regimes including Turkey, Egypt, Bahrain and Oman, and against journalists and activists, which has led to the company being named an 'Enemy of the Internet' by Reporters Without Borders. Privacy International claims that the company must know what their customers in these countries do with their products, because they not only sell the technology, but also provide training in how to use them. Gamma has previously denied that it has sold to countries like Bahrain.
The data dump seems to cover two main types of information: details on Gamma as a company, with updated brochures, product lists, and pricing, and more technical details about the products themselves. However, a large chunk of it is GPG encrypted, so it's unclear what else is hidden away in the data.
Looking at the information, there is no doubt that Gamma International's capabilities are stronger than ever.
“The documents released so far fit with the previous brochures and contracts we have seen from Gamma and FinFisher,” Kenneth Page, policy officer from Privacy International, told me. “A first look at the initially released documents suggests some improved capability and an evolution of their products from previously obtained brochures, including the ability to target people using all operating systems, smartphone types and even everyday products like Microsoft Word.”
As reported by the Register, one spreadsheet dated April 2014 shows how successful one of the company's products is at avoiding popular anti-virus software, and a customer's price list shows that the FinSpy set of tools, part of FinFisher, costs 1.4 million Euros.
FinFisher is a very powerful piece of kit. Once it has been delivered onto a computer, perhaps by a malicious file download, it can employ a broad slate of surveillance techniques. FinFisher can remotely switch on and record a computer's webcam feed, and log internet browsing sessions, or make a copy of Skype conversations. Due to its ease of use and clear interface, it allows someone with basic training to dig through another person's computer. Included in the dump is a screenshot of a license for FinSpy.
Although Gamma aren't in the business of discovering zero-day exploits—vulnerabilities that aren't known even to the developers of the software in question—they do sell those developed by Vupen, another surveillance company, according to a Frequently Asked Questions file in the dump and reported by Netzpolitik. There's also a selection of charts apparently detailing where visitors to Gamma International's support site came from.
On the more technical side, there is evidence of malware that is deployed by pretending to be an Adobe Flash player update. And the source code for FinFly Web, a piece of software included in the FinFisher suite, is allegedly being hosted on GitHub. It is unclear at the moment whether this code could be used to develop effective counter-surveillance tools against FinFisher, but it will no doubt allow researchers a better understanding of how it works.
“We've just scratched the surface of the released information on Gamma International and FinFisher, Page said. “We need to be very careful and critical as we examine these documents, given the volume and nature of the release. But as we pore through them, we would not be surprised to find additional egregious practices in line with Gamma's and FinFisher’s history.”
Gamma International did not respond to a request for comment.