(2012-09-01) Gamma Finspy Dissidents

*What they found was the widespread use of sophisticated, off-the-shelf computer espionage software by governments with questionable records on human rights. While the software is supposedly sold for use only in criminal investigations, the two came across evidence that it was being used to target political dissidents.

The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes. The two men said they discovered mobile versions of the spyware customized for all major mobile phones.

The software has been identified as Fin Spy, one of the more elusive spyware tools sold in the growing market of off-the-shelf computer surveillance technologies that give governments a sophisticated plug-in monitoring operation. Research now links it to servers in more than a dozen countries, including Turkmenistan, Brunei and Bahrain, although no government acknowledges using the software for surveillance purposes.

Fin Spy is made by the Gamma Group, a British company that says it sells monitoring software to governments solely for criminal investigations.

“This is dual-use equipment,” said Eva Galperin, of the Electronic Frontier Foundation (EFF), an Internet civil liberties group. “If you sell it to a country that obeys the Rule Of Law, they may use it for law enforcement. If you sell it to a country where the rule of law is not so strong, it will be used to monitor journalists and dissidents.”

Fin Spy gained notoriety in March 2011 after protesters raided EGypt’s state security headquarters and discovered a document that appeared to be a proposal by the Gamma Group to sell Fin Spy to the government of President Hosni Mubarak for $353,000. It is unclear whether that transaction was ever completed.

Mr. Marquis-Boire said a Turkmeni Stan server running the software belonged to a range of I.P. addresses specifically assigned to the ministry of communications. It is the first clear-cut case of a government running the spyware off its own computer system. Human Rights Watch recently called Turkmenistan one of the “world’s most repressive countries” and warned that dissidents faced “constant threat of government reprisal.” Ms. Galperin of the Electronic Frontier Foundation said, “Nobody in their right mind would claim it is O.K. to sell surveillance to Turkmenistan.” *

Nine months later (than Mar'2011)*, WikiLeaks published leaked Gamma Group brochures that summarized what Fin Spy could do: record e-mail, instant messages and Skype chats, spy on Web cameras and microphones, log keystrokes and circumvent 40 different antivirus systems — precisely the same functions of the spyware Mr. Marczak and Mr. Morgan-Boire discovered in Bahrain. The company says it is used by governments to track criminals.

But the apparent use of the spyware to spy on Bahraini activists — none of whom had any criminal history — suggested it had been used to focus on dissidents.

On Wednesday, the researchers announced one of their biggest discoveries yet. They discovered new mobile versions of the spyware that had been customized for Apple’s iOS, Google’s Android, Windows Mobile, Nokia’s Symbian and BlackBerry’s mobile operating systems... They said that the version of the spyware that focused on Nokia’s Symbian system infected phones through a fake software update... That Web site was registered by somebody by the name of JohnnyGeds, a name that had popped up once before. That name — Johnny Debs — was listed as Gamma Group’s sales contact on the Fin Spy proposal uncovered in the raid on Egypt’s security headquarters.*

May'2013: Taken together with our previous research, we can now assert that Fin Fisher Command & Control servers are currently active, or have been present, in 36 countries.