Tweet
According to a report by Citizen Lab the intrusive and surveillance software FinSpy sold to governments to spy on their citizens has been found in 25 countries. The investigation was launched based on analysis of a suspicious email that was targeting Bahraini activists.
Summary of Key Findings
- We have found command and control servers for FinSpy backdoors, part of Gamma International’s FinFisher “remote monitoring solution,” in a total of 25 countries: Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam.
- A FinSpy campaign in Ethiopia uses pictures of Ginbot 7, an Ethiopian opposition group, as bait to infect users. This continues the theme of FinSpy deployments with strong indications of politically-motivated targeting.
- There is strong evidence of a Vietnamese FinSpy Mobile Campaign. We found an Android FinSpy Mobile sample in the wild with a command & control server in Vietnam that also exfiltrates text messages to a local phone number.
- These findings call into question claims by Gamma International that previously reported servers were not part of their product line, and that previously discovered copies of their software were either stolen or demo copies.
This is not the first time that Gamma International, owners of FinFisher and thus FinSpy, has been under scrutiny for violating the rights of activists. Privacy International leveled a complaint against Gamma to the Organization for Economic Cooperation and Development (OECD)
The complaints contend that, if it is confirmed that the companies have supplied spyware to Bahrain, then they may be guilty of complicity in (“aiding and abetting”) human rights abuses perpetrated by Bahraini authorities. The right to privacy, and freedom from torture and arbitrary arrest find recognition in several international human rights instruments, including the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and the Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment, all of which are ratified by Bahrain. In addition, these rights are recognized in the Constitution of Bahrain.
Private companies helping governments violate human rights is nothing new (see Blackwater), but to have firms engaging in hacking on this scale is unprecedented. It also provides another opportunity for the charge of hypocrisy as governments, including the United States, contract with private companies that are engaging in criminal hacking while charging political dissidents and private individuals with major felonies for the same activity.
Maybe if Aaron Swartz or Matthew Keys worked for a private security firm all would be well.
8 Comments
Support this site!
Subscribe to the newsletter
Advertise on Firedoglake
Send
us your tips
Make us your homepage
About FDL News Desk
No surprise here.
That the government is hiring private (foreign) companies to spy on American citizens?
et tu Facebook?
I would have been surprised– before my eyes were opened to the enormity of the worldwide, hyper-fascist corporate survellance state!!
We no longer live in a world that is governed by states. We are ruled by a worldwide fascist corporate survellance state (like T79 said). They will continue to pass laws that ensure if we get out of line we will be tossed into prison. Jay walk-go to prison if you have irritated one of the powerful.
I think it is worse than we know, I fear it is worse than we even can know.
I have followed Chomsky (and Zinn) for a very long time, now from him I find the work of Thomas Ferguson which puts things in yet another perspective.
There are many platitudes one can employ. Too many actually.
But I am tempted so I’ll say my personal favorite (if that is the right word) is the one attributed to the arch Robber Baron Jay Gould:
With the advance of technology it would take far, far less than one-half to do the dirty deed.
And now we have drones.
People also need to know that your smart phone is the spy’s best friend if they can get you to download their spyware without you knowing it. Beside being able to get all the data out of your phone they can also turn on the camera and microphone to spy on you in real time. (listed under 4-a )
Confirmed.