FinFisher is a spyware suite produced by FinFisher GmbH and sold to some of the most repressive regimes in the world. The software suite allows governments to monitor computers and smartphones, tracking locations, intercepting data and even reading encrypted files.
CitizenLab published the results of their study into which governments use this spyware suite, and the findings were chilling. The group scanned for FinFisher servers, which are installed in the locations where customers are using the software, according to the report.
The group found that there are thirty-two nations where “at least one government entity is likely using the spyware suite, and we are further able to identify 10 entities by name.”
The numbers revealed that the popularity of this spyware suite is increasing, and it’s been used to track journalists, dissidents and those who oppose oppressive political regimes.
Finding the Servers
The CitizenLab report details how the group was initially able to find FinFisher servers, but was not able to differentiate between the master servers and the anonymizing proxies used with the system. This time around, they were able to find the master servers.
The group published the results of their search, with some redactions. The redactions—which involve removing parts of the server IP addresses—were done to protect legitimate use of the software.
The list of nations that use FinFisher might not be completely surprising, given that many of them have atrocious human rights records and are well-known to persecute dissidents. The list includes:
- Bosnia and Herzegovina
- Czech Republic
- Saudi Arabia
- South Africa
Several of these nations were not previously known to be using the software.
Several of those nations are also widely-known for their invasive and abusive policies toward dissidents. There was also leaked information that Hacking Team, the government surveillance software manufacturer that famously got hacked and that was widely known for dealing with repressive regimes, was competing for business from some of FinFisher’s customers. In some cases, governments may have switched from one product to the other. From the report:
“We identified one IP address in Italy (2.228.65.xxx) which served as a FinFisher server from 2014 to present. Earlier in 2014, and before our publication of our report on Hacking Team, the same IP address instead matched our fingerprint for Hacking Team spyware servers. This might indicate an Italian government agency switching from Hacking Team to FinFisher.”
Catching the Fish
FinFisher can be installed on user’s computers by imitating legitimate software, through infected email attachments and in other ways.
If you are infected with FinFisher, your standard anti-virus programs might not detect it, though most should have updated their signatures by now to pick up the spyware.
As for overall security, the general rules apply. Be wary of email attachments, password protect your devices and use encryption whenever possible.
VPNs provide encryption for your Internet traffic, but make sure you follow other security procedures, as well. Patch your software, encrypt your files and don’t allow people you don’t absolutely trust to access your phone or your computer.
FinFisher is out there, and there are likely other hacking tools used by governments that no one knows about yet, as well. There’s clearly plenty of money to be made selling them
FinFisher GmbH, formerly known as Gamma International, has been named as one of the Corporate Enemies of the Internet by Reporters Without Borders for providing their products to regimes such as the UAE and Bahrain. As long as there’s more money out there to be made off of such governments, there will most certainly be more “digital mercenaries,” as Reporters Without Borders called them, looking to provide what those regimes need to invade people’s privacy and repress any and all dissent.