The FinFisher surveillance software is being used around the world to target people, including many activists, for detailed and invasive monitoring, according to a report released today by researchers at the Citizen Lab of the Munk School of Global Affairs at the University of Toronto.
I previously reported on FinFisher when the FBI issued a warning to Android users about the threat posed by the software, which is incidentally heavily marketed directly to the US government.
The UK has been asked to investigate Gamma International, the firm behind the software, though nothing has come of that yet.
One of the most interesting aspects of the March 13 report is the discovery of command and control servers for FinSpy backdoors, part of the company’s “remote monitoring solution,” in 25 countries, including Western nations.
The countries include, “Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, [and] Vietnam,” according to the report.
FinSpy capabilities include: covert communication with headquarters, full Skype monitoring (calls, chats, file transfers, video and contact list), recording of email, chat and Voice-over-IP (VoIP), live surveillance through webcam and microphone, country tracing of target, silent extracting of files from target’s hard drive, a “process-based key-logger” for faster analysis of key strokes, live remote forensics on the target system, advanced filters to record only the important information and it is capable of being deployed on Windows, Mac OSX and Linux, according to promotional materials…..