• United States




Wikileaks posts FinFisher customers

Sep 16, 20142 mins

There has been a lot of talk over the last couple years about government surveillance programs all over the world. The group CitizenLab has done extensive research in this area. In 2012 the company Rapid7 published a report in which they identified the command and control systems for this surveillance software called FinFisher. It turned out to be a product that was offered for sale by the company Gamma International Ltd.  CitizenLab further analyzed this software and determined the following features were present,

Promotional literature describes this product as providing: Recording of common communications like Voice Calls, SMS/MMS and Emails Live Surveillance through silent calls File Download (Contacts, Calendar, Pictures, Files) Country Tracing of Target (GPS and Cell ID) Full Recording of all BlackBerry Messenger communications Covert Communications with Headquarters

At the time that these reports were published in 2012 no one was entirely certain who were FinFisher (or Finspy) customers. On Monday September 15, 2014 the site Wikileaks released the list of customers. From Wikileaks:

Some customers were identified through the analysis of support requests and attached documents they provided to FinFisher support. This included Slovakia, Mongolia, Qatar State Security, South Africa, Bahrain, Pakistan, Estonia, Vietnam, Australia NSW Police, Belgium, Nigeria, Netherlands KLPD, PCS Security in Singapore, Bangladesh, Secret Services of Hungary, Italy and Bosnia & Herzegovina Intelligence.

The site provides a table of invoice records that you can browse and see what countries such as Italy, Belgium and Australia, amongst many others, are spending on intercept software.

(Image used under CC from qubitsu)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author