The commercial intrusion and monitoring kit favoured by governments around the world, is FinFisher, a surveillance tool developed by UK-based Gamma International. It comprises a Command & Control structure and an agent called FinSpy.
FinSpy is used to infiltrate the target’s system by infection through an email attachment, a drive-by download or through physical access to the device. The installation requires user interaction and pretends to be either a software update, or recently, a version of the Firefox browser. Firefox has demanded that FinSpy stop masquerading as their browser.
FinSpy has the following capability:
– Take remote control of the target PC
– Capture encrypted data and communications
– Take screenshots and key log
– Full Skype monitoring (calls, chats, file transfers, video, contact list)
– Silent extract of files from hard drive
– Live, remote forensics on target system
– Remove activation if the webcam and microphone
– Install software on the target
Up to now, FinSpy has generally escaped detection from antivirus signature scanning. A mobile version of FinSpy is also available for Android, iPhone, BlackBerry and Symbian, which has the following capability:
– Recording of voice calls, SMS/MMS and emails
– Live surveillance through silent calls
– File download (contacts, calendar, pictures, files)
– Covert communication with the C&C server
The software escapes ratification of the iPhone App Store by being installed through iTunes.
So far, 11 countries with FinFisher C&C servers have been published: Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria and Austria. The software has also been picked up in Bahrain and the UAE.
There are accusations that Gamma are digital mercenaries and their product used by repressive governments to violate human rights and freedom of information. Journalists in repressive countries have been targeted with FinSpy attachments in emails.
If repressive governments use the tool for repression, what about governments not generally known for repression? Will democratic countries, known to generally apply the rule of law, resist the temptation to spy on citizens who oppose or may embarrass them? I believe most would not. It appears that most governments cannot resist spying on people such as courageous journalists and whistle-blowers to cover-up and suppress information which may expose them in bad light.
Last week, I spotted the covert intelligence section of a government agency snooping around with one of my personal files. The small country in question is generally understood to be non-repressive and respecting of the rule of law. However they did repress this information for a two-year period until a court lifted the gag. As the content of the file could be embarrassing to that government, I suspect their purpose last week was to consider somehow repressing the information once again.
Also last week, Dutch police announced they are seeking powers to snoop in people’s computers. Antivirus companies have said they will not co-operate and will not stop alerting users if government spy software is found on their system. As Mikko Hypponen, CTO of security company F-Secure, put it: “If the police hack into your systems, the public need to know”.
Society needs to be very cautious about the ever-present desires and growing capabilities of Big Brother, lest there are further erosions in the rule of law and curtailment of freedom of speech. No governments should be trusted to use these powerful tools appropriately.