MassPrivateIAccording to a 2013 report from the Citizen Lab of the Munk School of Global Affairs at the University of Toronto, governments are using FinSpy and FinFisher, Gamma’s line of remote intrusion and surveillance software, to spy on political dissidents.
“Although touted as a ‘lawful interception’ suite for monitoring criminals, FinFisher has gained notoriety because it has been used in targeted attacks against human rights campaigners and opposition activists in countries with questionable human rights records,” the Citizen Lab report states.
This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher’s surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia used to target individuals linked to an opposition group. Additionally, it provides examination of a FinSpy Mobile sample found in the wild, which appears to have been used in Vietnam.
Summary of Key Findings
- We have found command and control servers for FinSpy backdoors, part of Gamma International’s FinFisher “remote monitoring solution,” in a total of 25 countries: Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam.
- A FinSpy campaign in Ethiopia uses pictures of Ginbot 7, an Ethiopian opposition group, as bait to infect users. This continues the theme of FinSpy deployments with strong indications of politically-motivated targeting.
- There is strong evidence of a Vietnamese FinSpy Mobile Campaign. We found an Android FinSpy Mobile sample in the wild with a command & control server in Vietnam that also exfiltrates text messages to a local phone number.
- These findings call into question claims by Gamma International that previously reported servers were not part of their product line, and that previously discovered copies of their software were either stolen or demo copies.
According to the Gamma Group’s website, the company has been supplying governments with “turnkey surveillance projects” since the 1990s.
https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/
Mozilla fights back after FinSpy found masquerading as Firefox:
http://threatpost.com/mozilla-fights-back-after-finspy-found-masquerading-as-firefox/100068
Internet domestic spying using FinFisher spyware spreads like the flu:
An American citizen born in Ethiopia claims in court that his native country covertly seized control of his computer and monitored his web activity through clandestine spyware – including email and Internet phone calls – and that dozens of others countries are doing the same thing.
John Doe, aka Kidane, sued the Federal Democratic Republic of Ethiopia in Federal Court, under the Wiretap Act.
Kidane says he believes an Ethiopian agent sent him an email with an infected Microsoft Word document attached.
“The attachment then caused another clandestine client program to be surreptitiously downloaded onto his computer,” Kidane claims in the lawsuit. “The downloaded clandestine client program then took what amounts to complete control over plaintiff’s computer. Afterwards, it began copying and sending some, if not all, of the activities undertaken by users of the computer, including plaintiff and members of his family to a server in Ethiopia.”
Kidane claims the programs infecting his computer are a computer wiretapping system called FinSpy, a surveillance tool developed by the European company Gamma Group.
According to the complaint, Gamma markets its monitoring programs to “governmental agencies only.”
According to a 2013 report from the Citizen Lab of the Munk School of Global Affairs at the University of Toronto, governments are using FinSpy and FinFisher, Gamma’s line of remote intrusion and surveillance software, to spy on political dissidents.
Kidane claims that five days after the Citizen Lab report was published, the FinSpy software was mysteriously uninstalled from his computer, though traces of it remained.
“The FinSpy installation on Mr. Kidane’s computer was active for at least four and a half months, from early November 2012 until the middle of March 2013,” the complaint states. “Plaintiff is informed and believes that throughout that period, Ethiopia had unlimited access to Mr. Kidane’s computer via the transmission of his activities to the Ethiopia server.”
During the period of infection, Kidane says, his Skype calls were monitored and recorded, along with his emails and web search history, including a web search of the history of sports medicine that his son conducted for his ninth-grade history class.
“This is a straightforward case challenging the wiretapping and invasion of privacy of an American citizen at his home in suburban Maryland,” Kidane says in the complaint.
He says Ethiopia violated the Wiretap Act and intruded upon and invaded his solitude and seclusion.
http://www.courthousenews.com/2014/02/19/65452.htm
http://massprivatei.blogspot.com/2014/02/domestic-spying-using-finfishers.html