The controversial surveillance software FinSpy has been deployed by more that 25 countries around the world, lumping together “democracies” like the US, Canada, the UK and Germany with some of the world’s most repressive and dubious regimes, such as Turkmenistan, Bahrain, Ethiopia and Vietnam.
According to researchers at The Citizen Lab, command and control servers for the highly sophisticated ‘spy’ software were discovered at locations across the world after investigations into a suspect email sent to political activists in Bahrain.
We first reported on the existence of FinSpy, which is licensed by the British firm Gamma Group International, last summer, when it was revealed that Bahrain’s government was using the software to monitor anti-government protestors. That might not be too alarming by itself (after all, we all know that governments, especially repressive ones, like to spy on their own citizens), but the issue with FinSpy is that it’s only sold on the understanding that it’ll be used by law enforcement agencies to track down criminals – not by governments intent on cracking down on dissenters.
FinSpy’s capabilities are as repressive as they are impressive – the software is delivered onto target computers in much the same way as standard malware is, and one installed has the ability to monitor all kinds of communications, including Skype chats and conversations, emails, instant messages, social media and more. Other ‘features’ of the software include giving ‘hackers’ a real-time view of the user’s computer screen, allowing them to grab screenshots at will, log keystrokes and even switch on the user’s camera and recording devices without their knowledge.
Meanwhile, Gamma Group have made extensive efforts to render FinSpy undetectable, ensuring that it’s always one step ahead of anti-virus programs like Symantec, Kasperksy and Norton. There’s even a mobile version of the software available, which can infect smartphones to spy on users in exactly the same way.
Gamma Group insists that FinSpy is also marketed to law enforcement agencies and is not to be used by governments to target opposition groups and activists, but sadly that appears to be exactly what’s happening, according to The Citizen Lab’s latest report. One of the problems is that the marketplace for this kind of software is basically unregulated, meaning that any government can purchase FinSpy and use it for spying or to carry out cyberattacks.
For its part, Gamma Group is claiming that the product Citizen Lab’s researchers have traced is actually a stolen copy of an older version of the software. However, The Citizen Lab turned round and questioned this defense, saying that their are strong links between known FinSpy servers and the software strain in question.
The Citizen Lab identified servers in Australia, Bahrain, Bangladesh, Brunei, Canada, the Czech Republic, Estonia, Ethiopia, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, the Netherlands, Qatar, Serbia, Singapore, Turkmenistan, the UAE, the US, the UK and Vietnam. While server locations are not definite proof of specific countries using FinSpy, the fact that Gamma Group only sells the software to governments suggests that this must be the case.
FinSpy attacks computers in sophisticated ways, via fake software update prompts, or by sending users fake image files that appear to be relevant to them. Given the worryingly high level of sophistication that this tool employs to spy on people, and the fact that Gamma Group has admitted that at least one copy of the software has been stolen, the dangers posed by FinSpy are a big cause for concern for governments, organizations and individual alike.