Your Source for Leaks Around the World!

Gamma/FinFisher Hack: 40GB of Internal Docs/Source Code from Top Gov’t Spyware Company Leaked

In Archive, Gamma, Hacking, Malware, Surveillance on August 6, 2014 at 8:14 PM

Reddit:

Basically it’s a European company that sells computer hacking and spying software to governments and police agencies. Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents. Gamma Group (the company that makes FinFisher) denied having anything to do with it, saying they only sell their hacking tools to ‘good’ governments, and those authoritarian regimes most have stolen a copy.

And that’s the end of the story until a couple days ago when I hacked in and made off with 40GB of data from Gamma’s networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB.

Here’s a torrent of all the data. Please download and seed. Here’s a twitter feed where I’m posting some of the interesting stuff I find in there, starting off slow to build up rather than just publish all the worst shit at once.

I assumed the hacking would be the hard part and once I got the data it would just kinda go viral on it’s own or something. But it turn’s out without any media access or idea how that shit works, getting people to notice or care is actually kind of hard. Please share and seed the torrent!

The enormous file contains client lists, price lists, source code, details about the effectiveness of FinFisher malware, user and support documentation, a list of classes/tutorials, and much more.

Highlights discovered so far (h/t Netzpolitik):

———————————————————————————————————————————————————————————————

———————————————————————————————————————————————————————————————

FinFisher

Price list reveals the FinSpy program costs 1.4 million Euros and a variety of penetration testing training services priced at 27,000 Euros each.

One spreadsheet in the dump explains that FinFisher performed well against 35 top antivirus products, showing how the sophisticated malware efficiently defeats detection.

———————————————————————————————————————————————————————————————

FinSpy

———————————————————————————————————————————————————————————————

FinSploit

There is a zip archive “FinSploit Sales” with a text file and three videos.

The README contains those Frequently Asked Questions:

Q: Can you supply a list of the current exploits?
A: Yes but we need to do this individually for each request as the available exploits change on a regular basis.

Q: Can we name the supplier?
A: Yes you can mention that we work with VUPEN here

Q: How does the customer get the exploits?
A: They will get access to a web-portal where they can then always download the available exploits

Q: Can this be used to deploy other trojans than FinSpy?
A: Yes, any exe file can be sent

Q: Which Operating Systems do you cover?
A: Currently the focus is on Windows Vista/7. Some exploits for XP are also available. At the moment there are no 0 day exploits for OSX, Linux or mobile platforms.

This further proves the close collaboration between German/Swiss/British Gamma/FinSpy and the French exploit seller VUPEN.

Here are the three videos that show how vulnerabilities in three common software types are exploited:

This video shows a sophisticated Acrobat Reader 9 exploit with ASLR/DEP bypass and fully silent (no crash after executing the shellcode). In the video, the shellcode executes the Windows calculator (can be replaced by any other action).

Additionally, the exploit can be fully customized to create a new PDF or even infect any existing PDF document (in the video we included the exploit in the brochure of the ISS World Conference as an example).


This video shows another sophisticated exploit, this time targeting Adobe Flash which is installed on 99% of systems. Some exploits also target Java.
The exploit bypasses ASLR/DEP, and is fully silent (no crash after executing  the shellcode). In the video, the shellcode executes the Windows
calculator (can be replaced by any other action).


This video shows another sophisticated exploit, this time targeting Microsoft Office 2010 with two different codes. The first one is a Word (DOC) file and
the other is for Excel (XLS). The exploits launch the calculator and immediately close Office, however, we can adapt it to make it fully silence or launch
Office again and display a real document.


———————————————————————————————————————————————————————————————

FinFly

gamma-finfly

Source code of FinFly Web, which found its way on the code hosting platform GitHub.

See Also: FinFly company brochure/video ad published by WikiLeaks as part of the SpyFiles.

———————————————————————————————————————————————————————————————

Netzpolitik called the Munich telephone number on finfisher.com and asked them for comment. At first, they denied being FinFisher, but then admitted it, albeit refusing to comment.

Today they called them again, and again the answer was: “We don’t want to comment on this.” This time around, they greeted us with “FinFisher here” instead of denying it at first.

———————————————————————————————————————————————————————————————

Will update this post as more details emerge…

  1. […] Gamma/FinFisher Hack: 40GB of Internal Docs/Source Code from Top Gov’t Spyware Company Leaked – Basically it’s a European company that sells computer hacking and spying software to governments and … user and … […]

    Like

  2. […] Gamma/FinFisher Hack: 40GB of Internal Docs/Source Code from Top Gov’t Spyware Company Leaked – Basically it’s a European company that sells computer hacking and spying software to governments … along with a whole … […]

    Like

  3. […] Gamma/FinFisher Hack: 40GB of Internal Docs/Source Code from Top Gov’t Spyware Company Leaked – Basically it’s a European company that sells computer hacking … The enormous file contains client lists, price lists, … […]

    Like

  4. […] a British-German surveillance company that sells the spyware software FinFisher. He then went on to leak more than 40GB of internal data from the company, which has been long criticized for selling to repressive […]

    Like

  5. […] a British-German surveillance company that sells the spyware software FinFisher. He then went on to leak more than 40GB of internal data from the company, which has been long criticized for selling to repressive […]

    Like

  6. […] a British-German surveillance company that sells the spyware software FinFisher. He then went on to leak more than 40GB of internal data from the company, which has been long criticized for selling to repressive […]

    Like

  7. Hey are using WordPress for your site platform?
    I’m new to the blog world but I’m trying to get started and set up my own. Do you need any
    html coding knowledge to make your own blog? Any help
    would be really appreciated!

    Like

  8. […] not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I’m writing this to demystify hacking, to show how simple it is, and to hopefully inform and […]

    Like

  9. […] not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz it took to 0wn Gamma. I’m writing this to demystify hacking, to show how simple it is, and to hopefully inform and […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: