WikiLeaks has confirmed South African law enforcement agencies are using FinFisher malware.
FinFisher is a suite of tools designed to compromise PCs and mobile devices, providing full access to the infected device. Gamma International, the parent company, sells only to government and law enforcement agencies, which use the malware to attack surveillance targets.
ITWeb previously reported on the likely use of FinFisher in South Africa, after command and control servers were identified on Telkom ADSL addresses in 2013. WikiLeaks' data, which includes customer support databases showing FinFisher licences, shows South African customers holding licences for many of the malware components, going back to at least 2009.
FinFisher has been the subject of much controversy. Its use by repressive regimes to spy on dissident citizens raises concerns among civil liberties advocates.
Despite Gamma's promise to sell only to legitimate government agencies, the availability of the malware on the black market raises worries about its use by criminal syndicates.
And now leaks of the firm's client database and source code highlight data privacy concerns: the firm was allegedly compromised recently, with 40Gb of source code, customer data and other information still available online. The hacker also set up a Twitter stream to post highlights of the malware's use.
Surveillance products for law enforcement are big business. Firms like Cellebrite and AccessData offer forensic tools capable of bypassing security mechanisms in mobile devices to recover data in seized mobile phones or hard drives, for a price.
WikiLeaks estimates the South African agencies listed have spent at least EUR2 million (almost R30 million) on FinFisher malware licences.
Share