Spy Program Lets Law Enforcement See Everything
Posted on 14th Aug 2012 @ 2:23 PM
When you think about being spied on my law enforcement, it sounds like something out of a movie, right? Well, this story proves that some things are a little more real than you might think.
FinFisher is a program that is made specifically for spying on others. It was developed by the Gamma Group, a British company that specializes in surveillance technology and products. According to their own company statement, the Gamma Group offers “world-class offensive techniques for information gathering.” FinFisher’s promotional materials claim that the spying program can be “used to access target systems, giving full access to stored information with the ability to take control of the target system’s functions to the point of capturing encrypted data and communications.”
A few security researchers took it upon themselves to full examine the capabilities of FinFisher. Their results found that FinFisher is extremely advanced and intrusive, being able to steal and transmit images of users’ computer screens, record their Skype chats, remotely turn on cameras and microphones, and log keystrokes. The Gamma Group says that FinFare was initially developed as a new tool for law enforcement. By using FinFare, law enforcement officers would be able to monitor the computer activity of suspects and newly-released convicts. However, a recent discovery shows that FinFare is being used in a much broader manner than previously thought.
FinFare first got some media coverage in March 2011, after several protestors in Egypt broke into the government’s security office. Upon entry and search, the protestors found an offer to buy FinFisher for 287,000 euros, or $353,000. Then in May of this year, pro-democracy Bahraini activists, one in London, another in Washington and one in the Bahraini capital, Manama, started receiving suspicious e-mails, which they passed to a Bloomberg reporter.
Bill Marczak, a computer science graduate student, and Morgan Marquis-Boire, a security researcher with the Citizen Lab of the Munk School of Global Affairs at the University of Toronto, analyzed the e-mails and found evidence that they contained FinSpy, part of the FinFisher spyware tool kit. The term “FinSpy” itself appeared in the malware’s code.
The findings, published last month, suggested FinFisher technologies were being used for surveillance beyond suspected criminal activity. Martin J. Muench, the managing director of Gamma International, who develops the FinFisher line of products from Munich, did not respond to a request for comment, and a Gamma Group representative did not respond to e-mailed questions. Mr. Muench told Bloomberg that his company did not sell FinFisher spyware to Bahrain, and said the malware might have been a stolen demonstration copy or reverse-engineered by criminals.
But last week, security researchers at Rapid7, a security firm, took the earlier findings a step further. They studied the communication structure of the spyware and found that when they probed the I.P. address of a FinFisher-infected machine with unexpected data, it responded with a unique message: “Hallo Steffi.”
Rapid7 scanned the Internet to see if any other I.P. addresses returned the same message and found 11 I.P. addresses in 10 other countries: Indonesia, Australia, Qatar, Ethiopia, the Czech Republic, Estonia, Mongolia, Latvia, the United Arab Emirates and the United States.
The I.P. address tied to FinFisher in the United States is hosted by EC2, Amazon’s cloud storage service. Amazon did not respond to a request seeking further information about which customer was using its service to disperse the spyware. As of Monday afternoon, the spyware was still active on Amazon’s service.