Gamma Group, a controversial Munich-based supplier of the FinFisher/FinSpy Internet surveillance software to governments and law enforcement agencies has been reportedly hacked, with some of its source code and files posted online.
The German site Netzpolitik.org has posted an English translation of two German reports on the attack, which resulted in a Twitter account publishing what it says are internal company documents. A person calling themselves PhineasFisher takes credit for the hack on that Anarchism blog on reddit.
“I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists,” the person wrote, “along with a whole lot of other stuff” in the 40GB he managed to obtain.
FinFisher software was mysteriously found on the servers of Toronto Web hosting provider SoftCom Inc. last year.
Citizen Lab, a branch of the University of Toronto’s Munk School of Global Affairs, has researched and written about FinFisher, most recently in April, 2013 when it tracked the software to servers in 36 countries. Some are western democracies including Canada, United States, Japan, the Netherlands and the U.K. Others are countries where minorities or dissent aren’t welcome.
Some of the alleged purloined documents appear to be user manuals and price lists.
It would, of course, be a supreme irony that a company that advises how to monitor the communications of others — whether for legitimate law enforcement reasons or not — let itself be stung.