FinFisher
Database SQL dump from FinFishers support website
Background
- on Twitter
- on netzpolitik.org
- more sources and chronology (mostly German) in our wiki: 0zapftis
Content
Inhaltsverzeichnis
- 1 Customers
- 1.1 0DF6972B
- 1.2 6B9EDD58
- 1.3 7F425F82
- 1.4 0012A3F0
- 1.5 14ED6D84
- 1.6 20FEC907
- 1.7 22F984B0
- 1.8 43A301F9
- 1.9 70CD6D97
- 1.10 88F3D306
- 1.11 89EC5BB5
- 1.12 0988BAEB
- 1.13 4599A7D0
- 1.14 7678CCD6
- 1.15 49378CEF
- 1.16 82990EA6
- 1.17 559458B5
- 1.18 613780C4
- 1.19 76026992
- 1.20 B206FF8C
- 1.21 B58616D2
- 1.22 BEC8B100
- 1.23 C1D31255
- 1.24 CAFA6A1F
- 1.25 CC57BE53
- 1.26 D5D58215
- 1.27 DDCD64A2
- 1.28 E0AD6E22
- 1.29 E5C0C644
- 1.30 E7549C72
- 1.31 F9660CE4
- 1.32 F378934F
- 1.33 Cobham1
- 1.34 Dyplex1
- 1.35 Elaman1
- 1.36 Trovicor1
Customers
Sorted by customer UID from the table customer_license. Includes customers that have received a gpg-encrypted product file and/or customers that have been identified by their gpg-key, or that have identified themselves as per the feedback or support tables.
Courtesy of @GammaGroupPR: http://pastebin.com/kZQ5J0js
0DF6972B
Khalid from Pakistan
6B9EDD58
Arefin from Bangladesh
7F425F82
Sanjin Custovic, Intelligence-Security Agency (OSA/OBA) of Bosnia and Herzegovina
0012A3F0
Peter Balogh and Zoltan ... , SSNS - NBSZ hungary secret service
14ED6D84
Estonia, probably police
20FEC907
Jochen van der Wal, engineer at KLPD (Korps landelijke politiediensten), identified by PGP-Key that encrypted the product download.
22F984B0
43A301F9
70CD6D97
Wim Bordeyne, private email: wim.bordeyne@telenet.be, gives work e-mail of h.isrd@skynet.be; names Pierre and Lucian mentioned
88F3D306
Cliff Harris (identified through metadata in word document)
89EC5BB5
0988BAEB
Hiwunet (name given in feedback table)
4599A7D0
Nasser Alnuaimi, Qatar state security bureau
7678CCD6
49378CEF
82990EA6
559458B5
Mongolia, and their email odmagnai@gmail.com appears in this whois record: http://wq.apnic.net/apnic-bin/whois.pl?searchtext=MAINT-MN-NITSYSTEM&form_type=advanced mail.mn is referenced, email addresses given: Future Mongolia info@future-mongolia.com, altan_edu@yahoo.com, nkhzrg@yahoo.com
613780C4
76026992
B206FF8C
PCS Security Pte Ltd (metadata in a word document attached to a support request), Singapore.
B58616D2
USB on Fire <usbonfire@gmail.com>, PGP-Key on keyserver
BEC8B100
Vietnam
C1D31255
CAFA6A1F
campo@campinator.com, PGP-Key on keyserver
CC57BE53
"In our location, Avast free Antivirus is one of the top used Antivirus solution if not no. 1. So we are not happy about that." also mentions taiwan-produced ALFA wifi cards also posted a pic (AA970B9C.png) in feedback with slovak W7+avast
D5D58215
DDCD64A2
the Bahraini group, in support requests they ask for help setting up a website targetting activists in 14 Feb, and in another support request they attach their C&C server logs. The names of people with admin access to the FinSpy server are in the server logs, grep for "user name:" Abdulla Husain, Ahmad, Abdulla Al Eid, Yousif Al Sadiq, Rizwan Saleem, Sayed Ansar Husain, Humayun, and Mohammed Al Majed
E0AD6E22
Rostislav Psota
E5C0C644
E7549C72
a folder in a screenshot within a word document attached to a support request is named "Sanyang new" (Sanyang being a company in Taiwan and a village in the Gambia), a text file is called "france"; the email address used for correspondence is cyberiakicksass@gmail.com; the computer used is a laptop, with a time difference of two hours between laptop clock (10h) and MS Word (08h); customer is not an English native speaker ("licence")
F9660CE4
Nigeria
F378934F
First name "Nazar" is given, mail.ru is mentioned
Cobham1
probably Cobham Surveillance GmbH, 91126 Schwabach, Germany, http://buggedplanet.info/index.php?title=COBHAM . Has an account but no licenses, feedback or support requests. Involved is a character called Holger Buge, could be the Holger mentioned in this Estonian, this and this Bahraini ticket.
Dyplex1
probably Dyplex Communications Ltd., Toronto, Ontario, Canada. Has an account but no licenses, feedback or support requests.
Elaman1
Elaman GmbH Germany Security Solutions, Baierbrunner Str. 15, 81379 Munich: http://buggedplanet.info/index.php?title=ELAMAN (same addres as Gamma International http://buggedplanet.info/index.php?title=GAMMA#Gamma_International_GmbH_.28DE.29 )
Involved is a character called Holger Günther Rumscheidt, could be the Holger mentioned in this Estonian, this and this Bahraini ticket.
Trovicor1
trovicor GmbH, Machtlfinger str 7, 81379 Munich, Germany. According to: http://buggedplanet.info/index.php?title=TROVICOR "Trovicor was originally the "Intelligence Solutions" branch of SIEMENS Voice and Data Recording (VDR)". Has an account with FinFisher but no licenses, feedback or support requests.
