NSW Police is one of a number of international security and law enforcement agencies that has been named as a user of FinFisher "weaponised German surveillance malware", according to documents released today by Wikileaks.
Wikileaks released records claiming NSW Police has purchased a total of nine licenses for FinFisher monitoring and surveillance software (four of which have now expired); based on product price lists, Wikileaks estimates that the law enforcement agency spent upwards of €1 million in acquiring these product licenses.
According to a 'SpyFiles' release on the company, FinFisher "produces and sells computer intrusion systems, software exploits and remote monitoring systems" that can be used to intercept communications on a range of operating systems including Windows, OS X and Linux, as well as Android, iOS and Windows Mobile devices.
The company's suite of software includes FinSpy PC -- spyware that is "designed to be covertly installed on a Windows computer and silently intercept files and communications, such as Skype calls, emails, video and audio through the webcam and microphone", according to Wikileaks.
FinFisher also distributes FinFisher Relay and FinSpy Proxy, systems that collect data and route it "through an anonymizing chain in order to disguise the identity of its operators and the real location of the final storage".
By analysing requests made to the FinFisher support team, Wikileaks identified the individual product licenses obtained by NSW Police, six of which were for FinSpy software. This software was also obtained by the national police service in the Netherlands and private and state-run security services in Singapore and Hungary respectively.
Wikileaks claims FinFisher's software has been used by "intelligence agencies around the world to spy on journalists [and] political dissidents," while Wikileaks Editor in Chief Julian Assange said it was used by "abusive regimes":
FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher?
Under existing legislation in Australia, law enforcement and security agencies are able to obtain a warrant to gain access to individual Australians' telecommunications content data. According to the Telecommunications (Interception and Access) Act, in some casesis available to these agencies without the need for a warrant.
NSW Police has been contacted for comment.
Updated on September 16 at 10:10 a.m. AEST: A NSW Police spokesperson issued a statement to CNET, saying that "given this technology relates to operational capability, it's not appropriate to comment".