For Their Eyes Only: The Commercialization of Digital Spying

Citizen Lab – by Morgan Marquis-Boire,  Bill Marczak, Claudio Guarnieri & John Scott-Railton

Citizen Lab is pleased to announce the release of “For Their Eyes Only: The Commercialization of Digital Spying.”

Read the Report [PDF]

The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies.  

Our new findings include:

  • We have identified FinFisher Command & Control servers in 11 new Countries. Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria, Austria.
  • Taken together with our previous research, we can now assert that FinFisher Command & Control servers are currently active, or have been present, in 36 countries.

Locations of FinFisher Command & Control Servers Found To Date:  Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam.

  • We have also identified a FinSpy sample that appears to be specifically targeting Malay language speakers, masquerading as a document discussing Malaysia’s upcoming 2013 General Elections. Click here for a plain-language summary of our findings from Malaysia, as well as background on FinFisher.
  • We identify instances where FinSpy makes use of Mozilla’s Trademark and Code. The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest. This behavior is similar to samples discussed in some of our previous reports, including a demo copy of the product, and samples targeting Bahraini activists.

Map showing installations of FinFisher worldwide

FinFisher’s Global Proliferation: Updated Map (Click to enlarge)

Our previous research uncovered evidence that FinFisher (commercial network intrusion malware) developed by UK-based company Gamma International was targeting activists in Bahrain. It analyzed mobile variants of the FinFisher suite.  It also exposed the use of commercial surveillance malware developed by Italy-based company Hacking Team to target a dissident in the United Arab Emirates.  Most recently, we documented the global proliferation of FinFisher command and control servers.

This research is one of the first extended projects to attempt to map out the operation and prevalence of commercial surveillance software.  Our work opens a window into this space, but it remains crucial that the nature and impact of the commercial surveillance market be better understood. Technical research in this field has only just begun, but it is already clear that the stakes are high. We hope this report will contribute to discussions on this issue in technical, civil society, and policy making communities.

This research represents the joint work of Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri, and John Scott-Railton.

https://citizenlab.org/2013/04/for-their-eyes-only-2/

2 thoughts on “For Their Eyes Only: The Commercialization of Digital Spying

  1. No money for schools, roads, or even to feed people for that matter, but everyone is jumping into the surveillance and enforcement business for the endless dollars our government is willing to spend on spying on its own citizens and locking them up whenever possible.

  2. Isn’t it funny how these digital surveillance programs are always developed by the UK (The country that has more cameras in their cities than anywhere in the world) and then they spread over to the U.S. and so on?

Join the Conversation

Your email address will not be published. Required fields are marked *


*