back to article Yawn, Wikileaks, we already knew about FinFisher. But these software binaries...

WikiLeaks is making the controversial FinFisher commercial spyware tool available for download as part of the latest in a series of leaks that have put the operations of the controversial business under the microscope. FinFisher, which was part of UK-based Gamma Group International until late 2013 before relocating to Germany …

  1. Destroy All Monsters Silver badge
    Thumb Up

    Nice work.

  2. Matt Bryant Silver badge
    Facepalm

    Re: Destroyed

    "Nice work." No, it is a very dumb move. All this has done is leave Wikileaks vulnerable to legal actions from FinFisher, who can sue them for loss of business and get them arrested for software piracy (yes, it's still software piracy if you give someone else's commercial product away for free). Potentially, this gives those three-letter agencies you love to hate the legal right to seize every Wikileaks employees' servers, PCs, storage devices and even smartphones. All for a product that had already been outed. Very, very dumb. The boys at the NSA probably can't stop laughing.

    1. Anonymous Coward
      Trollface

      Re: Destroyed

      Or they could just sue Wikileaks for distributing malware...;-)

    2. BlueGreen

      Re: Destroyed @Matt Bryant

      > All this has done is leave Wikileaks vulnerable to legal actions from FinFisher, who can sue them for loss of business and get them arrested for software piracy

      Mebbe. FinFisher isn't likely to be a high-profile company and is likely to want to stay that way. Court = streisand effect. If it's got any sense it'll just quietly let it blow over, especially as it is (supposed to be) knowedgeable about security. Basically it's been made to look a right tool having so much IP etc. snaffled.

      And we've previously gone over how some of us believe this power can be abused, whereas you didn't accept that. Well, "...include ‪Bahrain, where use of FinFisher‬ has been linked to the blackmail and imprisonment of human rights activists"

      Anyway, Matt, we come yet again to the problem of (questionable) morality and (possible) abuse of power. I wonder if you and I can ever find common ground in this.

      1. Matt Bryant Silver badge

        Re: BoringGreen Re: Destroyed @Matt Bryant

        "Mebbe. FinFisher isn't likely to be a high-profile company...." 1 - what have they got to lose, having already lost a lucrative line of business, and - 2 - they can simply dissolve and recreate themselves as a new company elsewhere. They are very likely to get a sympathetic ear from most Wesern legal systems.

        "....And we've previously gone over how some of us believe this power can be abused...." The morality of the users of FinFisher's products are irrelevant. For years your fellow handwringers have tried lawfare against arms manufacturers, claiming they are responsible for the atrocities that have been committed with their products, and in every case that argument has been rejected. All it would take would be for FinFisher to provide balancing evidence of their product being used for good (such as for catching Internet paedo gangs), plus they can quite easily argue that they did not have any specific knowledge of how their end users were using their products. Despite how you want to realign reality, the simple and legal facts are FinFisher made a legal product and distributed it legally with the knowledge and authorization of the German government, and Wikileaks are potentially liable for damaging their business by illegally distributing unauthorized copies of the FinFisher software. You really need to try some research for a change, starting with ACTA (in force across all 22 EU member states and the majority of the developed World) - http://en.m.wikipedia.org/wiki/Anti-Counterfeiting_Trade_Agreement

        ".....I wonder if you and I can ever find common ground in this." Unlikely given your continued denial of facts, laws, reason and logic.

        1. Mike VandeVelde
        2. BlueGreen

          Re: BoringGreen Destroyed @Matt Bryant

          you say

          > The morality of the users of FinFisher's products are irrelevant

          Are you saying, quite simply, that "the blackmail and imprisonment of human rights activists" by the users of FinFishers's products is irrelevant?

          In simple words, yes or no, please.

          1. ratfox

            Re: BoringGreen Destroyed @Matt Bryant

            I suspect he means, legally irrelevant. FinFisher is not in legal trouble because of this leak. It can go on selling its software to many a government except Russia.

          2. Matt Bryant Silver badge
            Stop

            Re: BoringGreen Destroyed @Matt Bryant

            ".... Are you saying, quite simply, that "the blackmail and imprisonment of human rights activists" by the users of FinFishers's products is irrelevant?....." Yes, because those actions are not FinFishers but those of the end use customers. You don't sue the axe maker when an axe murderer goes on a rampage, as you should have realised when the ridiculous suits against Caterpillar (for supplying Israel with bulldozers) were thrown out of court (http://www.theguardian.com/world/2007/sep/19/usa.israel). FinFisher could also wheel out customers that would testify to the 'good' done with the products, such as catching Iranian-funded Shia terrorists that planned bombing sprees in Bahrain (http://www.naharnet.com/stories/en/72266).

            1. BlueGreen

              Re: BoringGreen Destroyed @Matt Bryant

              Matt:to your 2nd point. You backed this up with a reference, which is good. It's difficult for me to evaluate the quality of this as the term terrorist simply means the use of force to oppose an established government. This may be due to there not being an alternative: "In 2011, Bahrain was criticised for its crackdown on the Arab spring uprising. In September, a government appointed commission confirmed reports of grave human rights violations including systematic torture" (<https://en.wikipedia.org/wiki/Bahrain#Human_rights>).

              If a govt can inflict 'systematic torture' on its people and there is no way for those people to effectively change it then they may see violence as the only way, and correctly they would then be termed terrorists. Whether this is bad is another matter - " Of all groups active in recent times, the ANC perhaps represents best the traditional dichotomous view of armed struggle. Once regarded by western governments as a terrorist group, it now forms the legitimate, elected government of South Africa, with Nelson Mandela one of the world's genuinely iconic figures" (<http://news.bbc.co.uk/1/hi/world/americas/4255106.stm>). Should so many of the blacks have put up with their oppression, or not? If not, what legal remedy was there for them?

              Should the bahrainis accept 'systematic torture' else be labelled terrorists merely because they don't like their government? Is this ok?

              As my time on the reg is nearing an end, I will tell you something you haven't realised. I'm partly middle eastern, part of a traditionally oppressed group. Those moslems you hate and fear? Just some relatives to me. Peaceful, decent people. And some of them have been arrested only for speaking out, put in terrible prisons and tortured. Yes, amnestly has files on at least one of them. People I've actually met. What is an acceptable abstraction for you is a sickening reality for me.

              --

              But mainly to your first point, then: "Yes, because those actions [blackmail and imprisonment of human rights activists] are not FinFishers but those of the end use customers. "

              Here we differ. I've always believed I'm responsible for my actions and the (reasonably predictable) consequences thereby arising. It's affected my employment prospects. That's a tradeoff I've always chosen to make and I've never regretted it. An axe has multiple uses and I know this because I know how to use an axe. As to FinFisher, in the balance I'd be aware of how easy it was to abuse and therefore how likely, so I would choose not to involve myself in it.

              I have been called stupid, to my face, for turning down work in an industry closely linked to weapons development. That's my choice. If it's not what you'd do, perhaps because you see others as solely responsible for the misuse of your work, then there fundamentally is where we depart. In that we cannot be reconciled. Goodbye and best of luck.

        3. Chris 244

          Re: ACTA @Matt Bryant

          Matt, you might want to have a look at that Wikipedia link you posted re:ACTA. "Effective: Not in force", as per your source.

          To be in force ACTA needs to be ratified by at least six signatories. So far only Japan has ratified.

          1. Matt Bryant Silver badge

            Re: ACTA @Matt Bryant

            ".....To be in force ACTA needs to be ratified by at least six signatories. So far only Japan has ratified." The EU has signed but not ratified the Agreement due to internal grumbling, but has also not made any move towards an Article 41 Withdrawal required to exit the Agreement. Ratification is proceeding in the rest of the World, meaning it is only a matter of time until ACTA is enacted, at which point the EU, having not come up with an alternative, will probably have to comply. Until then, there is existing German copyright and piracy legislation FinFisher can apply in Germany.

  3. Tom 38
    Devil

    Multiple platforms (Windows, Mac and Linux) and smartphone OSes (Android, BlackBerry and, yes, iOS) are supported by malware used by police and intelligence agencies around the world

    Typical, like everyone else they completely ignore the BSDs ;)

    1. Mike 16

      BSD

      Remind me again what kernel underlies OSX and IOS (not the Cisco one)?

      Not that I really disagree, since this almost certainly targets stuff well above the kernel. Stuff that has moved on since Next essentially forked Mach/BSD.

      Actually, it would be interesting if they targeted the Cisco IOS, since there are many of them, running over top of, e.g. QNX as well as Bare Iron.

      1. Tom 38

        Re: BSD

        Remind me again what kernel underlies OSX and IOS (not the Cisco one)?

        OS X runs on a kernel called XNU, iOS on a kernel called Darwin; both are derived from Mach. Not sure you know what your point is....

    2. Irony Deficient

      Multiple platforms

      Tom 38, it might not be an issue for FreeBSD, if not other BSDs as well.

  4. Roo
    Windows

    What a total bunch of Assanges.

    "FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world."

    Looks like Wikileaks has gone into the end of the weapons business, didn't see that one coming...

    The most likely net result of publishing "weaponised surveillance malware" at zero cost is going to be a few more innocent bystanders pwned. At a push it may put a dent in FinFisher's sales for a quarter - until their customers realize they need an update to keep it useful.

    1. h4rm0ny

      Re: What a total bunch of Assanges.

      A significantly more effective tactic by Wikileaks, imo, would be to publicize which AV companies if any, are whitelisting this software / co-operating. With the current climate of distrust of government surveillance, evidence and highlighting of this would be a significant hit to such companies.

      Especially if it were only some of them - the ones that hadn't co-operated would get a major credibility boost to people like myself - tech savvy and security conscious. We are also decision influencers for many more.

  5. 4ecks
    Black Helicopters

    Malware

    So which AV vendor will be the first to De-Whitelist this?

    1. Fatman

      Re: Malware

      So which AV vendor will be the first to De-Whitelist this?

      Not one of them, as "De-Whitelisting" this would revoke their "NSA certified" malware scanner status.

      1. Sanctimonious Prick
        Black Helicopters

        Re: Malware

        And when one fails NSA certification, this is what happens.

  6. Vociferous

    So now we'll find out if Wikileaks is immune to DMCA takedowns.

    And copyright lobbyists/lawyers. Pirate Bay wasn't.

  7. Terry 6 Silver badge

    Privatisation

    I shouldn't be shocked. But the idea that the world's biggest spy agencies buy in their spying tools does shock me. What next? M given the boot and 007 having to get his gadgets from Maplins? The CIA buying miniature cameras from the back of magazines?

  8. Anonymous Coward
    Anonymous Coward

    "...under the microscope"

    Poof. Ta Daa. Splash.

    This whole article is exactly what they want. Looks like WikiLeaks is becoming more desperate and more savvy. I'm left wondering who WikiLeaks is left caring for.

  9. Oh Homer
    Facepalm

    Copyright?

    Personally I think the moral imperative of exposing FinFisher's criminal spyware easily trumps such trivialities as copyright. Also, since the "IP" lobby seems to have lumbered us with this new "crime" called "facilitation", surely that should also apply to those who facilitate privacy violation, such as those who create software that exists for no other purpose than to violate privacy.

    But then I'm not an NSA apologist, so what do I know?

  10. T J

    Linux?

    How the hell do you install the Linux one? If you've got root anyway then it's game over.

  11. h4rm0ny

    >>"How the hell do you install the Linux one? If you've got root anyway then it's game over."

    Well there are a few ways. In principle this is no different to on Windows, btw (well, Vista onwards where the security model actually became good). Firstly, there are exploits for GNU/Linux and its software just as there are for Windows. If you check security advisories for the two systems you'll find they're comparable in number. The chief reason you're safer using GNU/Linux is that you're targeted far less due to (a) it being a minority system and thus less worthwhile and (b) the average level of technical knowledge in the GNU/Linux userbase being far higher making it even less worthwhile. But you can exploit vulnerabilities in GNU/Linux just as in Windows if you know what you're doing. So that's a possibility. I'd also suppose (though it's a minor counter-argument) that on average a GNU/Linux user might be more worth spying on than a Windows or Mac user (what with general paranoia or need to know the software is not compromised from source upwards).

    So there are direct exploits, but these are probably the smaller attack vector. On Windows, Gamma (the company that owns FinFinisher) has advertised exploits for XP (no surprise there) to get it installed but primarily it is a Trojan. That means tricking the user into agreeing to its install. That's equivalent to your post about "getting root" on GNU/Linux. Same principle. The only difference being that you're going to find a lot more Windows users who will fall for that than GNU/Linux users.

    But they can be very sneaky about this. They have HTTP intercept software (I think it's called FinFly) which can intercept your traffic to a site and fake signatures. So you think you're connected to http://debian.net/debian and that the signature of your latest package is good, but when was the last time you in Bahrain called up your friend in the USA by phone and read out key fingerprints to each other to check.

    So basically, you can get infected on GNU/Linux the same ways you can for Windows. But you're likely more secure because (a) you're a minority case in a more resistant community and thus less effort will have been put into compromising you and (b) it's possible that AV companies providing products for Windows are "whitelisting" this software. If that is the case, and Wikileaks wants to change things, the first thing they should do is publicize THIS as it would have a far greater effect.

    Anyway, as to your specific question as to why they would bother using this once they "gain root", because it's their end goal - they want easy manageable surveillance of you. If they get root on your box then of course they could wipe your files or change your terminal colours to black on black, but installing this stuff is what they actually [b]want[/b] to do.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like