World Library  
My Account |  Register |  Help  
  
Flag as Inappropriate
Email this Article
 

FinFisher

FinFisher, also known as FinSpy,[1] is surveillance software marketed by Lench IT solutions PLC with a UK-based branch Gamma International Ltd in Andover, England, and a Germany-based branch Gamma International GmbH in Munich,[2][3] which markets the spyware through law enforcement channels.[1] Gamma International is a subsidiary of the Gamma Group, specializing in surveillance and monitoring, including equipment, software, and training services,[2] reportedly owned by William Louthean Nelson through a shell corporation in the British Virgin Islands.[4]

FinFisher can be covertly installed on targets' computers by exploiting security lapses in the

Infectious malware
Concealment
Malware for profit
By operating system
Protection
Countermeasures
Hacking in the 2010s
Incidents
Groups
Individuals
Malware
  • FinFisher official site
  • Gamma International official site
  • FinFisher promotional brochure at WikiLeaks
  • "The SmartPhone Who Loved Me: FinFisher Goes Mobile?"
  • "The SmartPhone Who Loved Me: FinFisher Goes Mobile?" by Morgan Marquis-Boire and Bill Marczak

External links

  1. ^ a b c d Nicole Perlroth (August 30, 2012). "Software Meant to Fight Crime Is Used to Spy on Dissidents". The New York Times. Retrieved August 31, 2012. 
  2. ^ a b c "Corporate Enemies: Gamma International", The Enemies of the Internet, Special Edition: Surveillance, Reporters Without Borders, 12 March 2013.
  3. ^ a b c Vernon Silver (July 25, 2012). "Cyber Attacks on Activists Traced to FinFisher Spyware of Gamma". Bloomberg. Retrieved August 31, 2012. 
  4. ^ Leigh, David; Harold Frayman; James Ball (November 28, 2012). "Nominee Directors Linked to Intelligence, Military". The International Consortium of Investigative Journalists ( 
  5. ^ a b Jennifer Valentino-Devries (2011-11-21). "Surveillance Company Says It Sent Fake iTunes, Flash Updates".  
  6. ^ a b c Christopher Williams (2011-11-24). "'"Apple iTunes flaw 'allowed government spying for 3 years.  
  7. ^ a b c Marcel Rosenbach (2011-11-22). "Firm Sought to Install Spyware Via Faked iTunes Updates".  
  8. ^ a b Marquis-Boire, Morgan (13 March 2013). "You Only Click Twice: FinFisher’s Global Proliferation". University of Toronto Citizen Lab. Retrieved 3 August 2014. 
  9. ^ John Leyden (2011-09-21). "UK firm denies supplying spyware to Mubarak's secret police: RATs nest found in Egyptian spook HQ".  
  10. ^ "American Sues Ethiopian Government for Spyware Infection". Electronic Frontier Foundation. February 18, 2014. Retrieved 2014-08-24. 
  11. ^ Andre Meister (August 6, 2014). "Gamma FinFisher hacked: 40 GB of internal documents and source code of government malware published". Netzpolitik.org. Retrieved August 6, 2014. 
  12. ^ "Portfolio". FinFisher IT Intrusion. Gamma Group. Retrieved August 31, 2012. Gamma addresses ongoing developments in the IT Intrusion field with solutions to enhance the capabilities of our clients. Easy to use high-end solutions and techniques complement the intelligence community’s knowhow enabling it to address relevant Intrusion challenges on a tactical level. 
  13. ^ "Portfolio". FinFisher IT Intrusion. Gamma Group. Retrieved August 31, 2012. The Remote Monitoring and Deployment Solutions are used to access target Systems to give full access to stored information with the ability to take control of target systems' functions to the point of capturing encrypted data and communications. When used in combination with enhanced remote deployment methods, the Government Agencies will have the capability to remotely deploy software on target systems. 
  14. ^ "Portfolio". FinFisher IT Intrusion. Gamma Group. Retrieved August 31, 2012. The IT Intrusion Training Program includes courses on both, products supplied as well as practical IT Intrusion methods and techniques. This program transfers years of knowledge and experience to endusers, thus maximizing their capabilities in this field. 
  15. ^ "News". Gamma Group. Retrieved August 31, 2012. 
  16. ^ a b Nicole Perlroth (August 13, 2012). "Elusive FinSpy Spyware Pops Up in 10 Countries" (blog by reporter). The New York Times. Retrieved August 31, 2012. 
  17. ^  
  18. ^ a b Kopstein, Joshua (March 10, 2014). "Hackers Without Borders". The Washington Post. Retrieved August 24, 2014. 
  19. ^ "Restrictions on freedom of communication". shorouknews.com (in Arabic). Sunrise Gateway. Retrieved 25 March 2014. 
  20. ^ Vernon Silver (July 27, 2012). "Gamma Says No Spyware Sold to Bahrain; May Be Stolen Copy". Bloomberg News. Retrieved August 31, 2012. 
  21. ^ Desmukh, Fahad (7 August 2014). "Bahrain Government Hacked Lawyers and Activists with UK Spyware".  
  22. ^ Andre Meister (16 January 2013). "Secret Government Document Reveals: German Federal Police Plans To Use Gamma FinFisher Spyware". Netzpolitik.org. Retrieved 19 July 2013. 
  23. ^ "FinFisher Mobile Spyware Tracking Political Activists", Mathew J. Schwartz, Information Week, 31 August 2012
  24. ^ "Researchers Find 25 Countries Using Surveillance Software", Nicole Perlroth, The New York Times, 15 March 2013
  25. ^ "For Their Eyes Only: The Commercialization of Digital Spying", Morgan Marquis-Boire with Bill Marczak, Claudio Guarnieri, and John Scott-Railton, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 1 May 2013
  26. ^ "Protecting our brand from a global spyware provider", Mozilla Foundation, April 30, 2013
  27. ^ June, Daniel, "Mozilla Fights Against Spyware Company and its Exploits"
  28. ^ a b Sara Yin (August 30, 2012). "Lessons Learnt From FinFisher Mobile Spyware".  
  29. ^ Cameron Camp (August 31, 2012). "FinSpy and FinFisher spy on you via your cellphone and PC, for good or evil?".  
  30. ^ David Harley (August 31, 2012). "Finfisher and the Ethics of Detection".  
  31. ^ Mathew J. Schwartz (August 31, 2012). "FinFisher Mobile Spyware Tracking Political Activists".  

References

See also

Other security vendors claim that their products will block any spyware they know about and can detect (regardless of who may have launched it), and Eugene Kaspersky, head of IT security company Kaspersky Lab, stated, "We detect all malware regardless its purpose and origin".[31]

According to announcements from ESET, FinFisher and FinSpy are detected by ESET antivirus software as "Win32/Belesak.D" trojan.[29][30]

In an article of PC Magazine, Bill Marczak (member of Bahrain Watch and computer science PhD student at University of California, Berkeley doing research into FinFisher) said of FinSpy Mobile (Gamma's mobile spyware): "As we saw with respect to the desktop version of FinFisher, antivirus alone isn't enough, as it bypassed antivirus scans".[28] The article's author Sara Yin, an analyst at PC Magazine, predicted that antivirus providers are likely to have updated their signatures to detect FinSpy Mobile.[28]

Detection

FinFisher is capable of masquerading as other more legitimate programs, such as Mozilla Firefox. On April 30, 2013, Mozilla announced[26] that they had sent Gamma a cease-and-desist letter for trademark infringement. Gamma had created an espionage program that was entitled firefox.exe and even provided a version number and trademark claims to appear to be legitimate Firefox software.[27]

Firefox masquerading

[25][24][23][3][2] On 12 March 2013

Reporters Without Borders

  • FinFisher's wide use by governments facing political resistance was reported in March 2011 after Egyptian protesters raided State Security Investigations Service and found letters from Gamma International UK Ltd., confirming that SSI had been using a trial version for five months.[19]
  • A similar report in August 2012 concerned e-mails received by Bahraini activists and passed on (via a [21] claimed that the leak of FinFisher data contained evidence suggesting that the Bahraini government was using the software to spy on opposition figures, highlighting communications between Gamma International support staff and a customer in Bahrain, and identifying a number of human rights lawyers, politicians, activists and journalists who had apparently been targeted.Bahrain Watch In August 2014 [20] A spokesman for Gamma claims no software was sold to Bahrain and that the software detected by the researchers was not a legitimate copy but perhaps a stolen, reverse-engineered or modified demonstration copy.[16][1]
  • According to a document dated 7 December 2012 from the Federal Ministry of the Interior to members of the Finance Committee of the German Parliament, the German "Bundesnachrichtendienst", the Federal Surveillance Agency, have licensed FinFisher/FinSpy, even though its legality in Germany is uncertain.[22]
  • In 2014, an America citizen sued the Ethiopian government for using FinSpy to recorded a vast array of activities conducted by users of the machine. Traces of the spyware inadvertently left on his computer show that information – including recordings of dozens of Skype phone calls – was surreptitiously sent to a secret control server located in Ethiopia and controlled by the Ethiopian government. FinSpy was downloaded on the plaintiff's computer when he opened an email with a Microsoft Word document attached. The attachment contained hidden malware that infected his computer.[18]

Use by repressive regimes

FinFisher has also been found to engage in politically motivated targeting. In Ethiopia, for instance, photos of a political opposition group are used to "bait" and infect users.[8]

In 2014, the Ethiopian government was found to have installed FinSpy on the computer of an American citizen via a fake email attachment that appeared to be a Microsoft Word document.[18]

The security flaw in iTunes that FinFisher is reported to have exploited was first described in 2008 by security software commentator Brian Krebs.[6][7][17] Apple did not patch the security flaw for more than three years, until November 2011. Apple officials have not offered an explanation as to why the flaw took so long to patch. Promotional videos used by the firm at trade shows which illustrate how to infect a computer with the surveillance suite were released by Wikileaks in December, 2011.[3]

A security flaw in Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs.[6][7] Gamma International offered presentations to government security officials at security software trade shows where they described how to covertly install the FinFisher spy software on suspects' computers using iTunes' update procedures.

FinFisher malware is installed in various ways, including fake software updates, emails with fake attachments, and security flaws in popular software. Sometimes the surveillance suite is installed after the target accepts installation of a fake update to commonly used software.[5] Code which will install the malware has also been detected in emails.[16] The software, which is designed to evade detection by antivirus software, has versions which work on mobile phones of all major brands.[1]

Method of infection

The suite is marketed in Arabic, English, German, French, Portuguese, and Russian and offered worldwide at trade shows which offer intelligence support system, ISS, training and products to law enforcement and intelligence agencies.[15]

In addition to spyware the FinFisher suite offered by Gamma to the intelligence community includes monitoring of ongoing developments and updating of solutions and techniques which complement those developed by intelligence agencies.[12] The software suite, which the company calls "Remote Monitoring and Deployment Solutions" has the ability to take control of target computers and capture even encrypted data and communications. Using "enhanced remote deployment methods" it can install software on target computers.[13] An "IT Intrusion Training Program" is offered which includes training in methods and techniques and in use of the company supplied software.[14]

Elements of the FinFisher suite

Contents

  • Elements of the FinFisher suite 1
  • Method of infection 2
  • Use by repressive regimes 3
  • Reporters Without Borders 4
  • Firefox masquerading 5
  • Detection 6
  • See also 7
  • References 8
  • External links 9

On August 6, 2014, FinFisher source code, pricing, support history, and other related data were retrieved from the Gamma International internal network and made available on the Internet.[11]

[10] In 2014, an American citizen sued the Ethiopian government for the surreptitious downloading of FinSpy on his computer, which was used to wiretap his private Skype calls and monitoring his entire family’s every use of the computer for a period of months.[9] reported they discovered a contract with Gamma International for €287,000 for a license to run the FinFisher software.Hosni Mubarak following the overthrow of Egyptian President Egypt's secret police dissidents who ransacked the offices of Egyptian [8]

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.