Google engineer finds FinFisher spyware tracking political dissidents

Engineer and student discover spyware from UK company targeting political activists.

Spyware

Spyware developed and sold by a UK-based company has been used to snoop on dissidents in autocratic regimes, according to two security researchers.

The software, legitimately produced and sold by British firm Gamma International, has somehow managed to find its way into the hands of some of the most repressive governments in the world.

Advertisement - Article continues below

According to Google security researcher Morgan Marquis-Boire and Berkeley student Bill Marczak, the spyware was found in email attachments sent to several activists in Bahrain.

Their investigation found the spyware infected not just PCs but a range of devices running popular mobile operating systems, such as iOS, Android, RIM, Symbian, and Windows Phone 7.

The spyware boasts capabilities such as live surveillance via "silent calls" and location tracking. It also has the ability to track all forms of communication, including emails and voice calls as well as cameras and microphones.

A study carried out by University of Toronto Munk School of Global Affairs' Citizen Lab found an application that purports to be FinSpy, a piece of commercial spyware sold to countries for criminal investigations.

Gamma Group, the German parent of UK-based Gamma International, developed FinSpy. Gamma's managing director Martin Muench told Bloomberg that the company had no involvement whatsoever in selling the software to despotic regimes.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"We don't normally discuss our clients but given this unique situation it's only fair to say that Gamma has never sold their products to Bahrain," said Muench.

"It is unlikely that it was an installed system used by one of our clients but rather that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere."

Muench said his company could not confirm that software analysed by Citizen Lab was Gamma's product. He added that a modification would have been made to the software as "no message sent to our server when the demo product was used against a real target."

Marquis-Boire and Marczak told the New York Times that they found a connection to Gamma in these code samples. The spyware running on Symbian phones uses a certificate issued to Cyan Engineering, a website registered in the name of Johnny Geds.

Muench confirmed that Gamma employs someone of that name in sales but declined to make further comment.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

2 Mar 2020
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020