15 July 2013
by Daniel G. J.
A form of of malware exists that could enable government agencies and others to use your own mobile devices to spy on you. The malware is called Finfisher or FinSpy, and it is actually marketed to law enforcement and intelligent agencies by a shadowy company called Gamma International.
Gamma markets Finfisher as an “IT intrusion” software; that’s a polite term for hacking. The scary thing about Finfisher is that a variant of it called FinSpy can actually take over smartphones, including both iPhones and phones running Windows Mobile.
Marketing Video for Government Hacking
A Gamma Group marketing video first uncovered by WikiLeaks and now dug up here on Storyleak shows an agent using a package of tools called the FinIntrusion Kit to use Wi-Fi to hack into email, social media, and other accounts. This relays all the information from the accounts, including Skype, to an operative at a police headquarters. The operative can also download all of the target’s files into a police computer.
The video also indicates that Gamma Group offers training for police in these techniques. The most frightening part of the video is the FinSpy Mobile product overview. The video shows that FinSpy Mobile can be used to take over a BlackBerry smart phone and relay all of the information from it back to headquarters. Checkout the video below:
Presumably this would let police turn on the phone’s camera and microphones and use them to transmit pictures or video of your activity back to the police. In other words, your mobile device could be turned into a bug. So could any computer with a microphone on it.
Oh, and to make hacking even easier, Gamma Group actually sells a USB device called FinUSBSuite that can transmit all the data from a computer back to agents. All a person has to do to hook it up is insert it in a computer.
In other words, somebody has paid big money to develop a suite of easy to use malware for intelligence agencies and law enforcement. Gamma Group itself is pretty scary; it’s described as a British company owned by a shell corporation in the British Virgin Islands. Nobody knows who actually owns Gamma Group, so it could be a front for an intelligence agency.
Malware for Sale to Oppressive Governments
Although some of Gamma Group’s customers have been identified, they included former Egyptian dictator Hosni Mubarak’s secret police force. When Egyptian dissidents stormed into secret police headquarters after Mubarak’s downfall, they reportedly discovered an invoice for a FinFisher license. The mercenaries at Gamma Group had no problem selling their products to oppressive governments.
Some of the other activities that Gamma Group is accused of engaging in are also pretty sleazy. The Wall Street Journal reported that the company was boasting of its ability to send out fake iTunes updates that can infect computers and other devices with surveillance software—in other words, malware.
A Major Threat to Privacy
FinFisher’s very existence is a serious threat to basic rights and privacy. Unfortunately, the FinFisher products are still for sale online; the product’s marketing website is still up and running. To make matters worse, FinFisher and Gamma Group could be the tip of the iceberg: The Wall Street Journal uncovered a whole catalog of such devices available for use by governments.
It looks like the threat to online freedom and overall communications privacy is far greater than we thought. Strong efforts need to be made to control and curtail the use of such technology.