A Statement from Emsisoft on WikiLeaks and the FinFisher malware

WikiLeaks Truck cc by 2.0

Last week, WikiLeaks took a stand against the so-called lawful interception malware. This is malware bought by governments, in order to surveil citizens. If you’ve never heard of this type of malware, check out this article, and also this one from 2011. If you want the short of it, well, lawful interception is controversial. It involves private software developers selling surveillance technology to governments around the world. Sometimes these governments use this technology to stop criminals. Other times, these governments are oppressive and use them to monitor innocent citizens. Still other times, lawful interception isn’t used by governments at all – many have suggested that the companies who create it will sell it to the highest paying bidder.

There are a number of companies that produce lawful interception malware. WikiLeaks’ most recent statement calls out FinFisher, a German-based developer accused of selling malware to a number of oppressive regimes. WikiLeaks’ statement also makes a direct challenge to the German government:

The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher?

In an effort to combat the distribution of FinFisher’s creations, WikiLeaks has obtained copies of the surveillance software and posted them on their website for free download. They have also posted a number of FinFisher documents, including customer lists, training manuals, and marketing materials. This publication has taken place in the hope that security researchers around the world will study the malware and discover better ways to protect people from infection.

As an anti-malware company with German roots, Emsisoft is not unaffected by these events. For this reason, we’d like to let all of you know that we do not “whitelist” FinFisher or any other type of lawful interception malware. We will not do so unless we are compelled by law – and if that ever happens we will immediately notify our users. It is our opinion that malware is malware, no matter who’s creating it and no matter who’s using it.

So, have a nice malware-free day.

–Your Emsisoft Team

Notes:

1. If you attempt to navigate to wikileaks.org to read the official statement, Emsisoft Web Protection will prevent access by default. This is a safety measure, to prevent accidental download of the malware hosted there. To gain access, simply create a new Web Protection rule granting access to the website – but please, only do so with caution.
2. After downloading and testing the FinFisher samples provided in the latest WikiLeaks publication, Emsisoft Lab concluded that all Emsisoft products successfully detect the malware with our Behavior Blocking technology.