FinFisher Mobile Spyware Tracking Political Activists

Developer of spyware that can take over iPhone and BlackBerry devices draws fire after researchers spot the spyware in use against activists in Bahrain.

11 Security Sights Seen Only At Black Hat (click image for larger view and for slideshow)
Spyware developed and sold by U.K.-based Gamma Group can infect BlackBerrys, iPhones, and other mobile devices, and is being used to actively target dissidents in countries governed by autocratic regimes.
The capabilities of the spyware, known as FinFisher, include location tracking, remotely activating a built-in microphone and conducting live surveillance via silent calls, as well as the ability to monitor all forms of communication on the device, including emails and voice calls, according to a
study
released Thursday by the University of Toronto Munk School of Global Affairs Citizen Lab.
According to
The New York Times
, Google engineer Morgan Marquis-Boire and Ph.D. student Bill Marczak volunteered to help
tear down the spyware
, which had been sent to three activists in the Gulf state of Bahrain, and found that it was FinFisher.
According to their resulting analysis, the iOS version of the FinFisher spyware appears that it will run on iPhone 4, 4S, iPad 1, 2, 3, and iPod touch 3, 4 on iOS 4.0 and up, according to the Citizen Lab study. The software is signed by an Apple-generated developers certificate assigned to Martin Muench, who
The New York Times
has
reported
is managing director of Gamma International as well as head of its FinFisher product portfolio.
[ Learn more about new malware. Read
Java Zero-Day Malware Attack: 6 Facts
. ]
Meanwhile, the Citizen Lab said its also recovered versions of the spyware that target the BlackBerry OS, Windows Mobile, Nokias Symbian platform, as well as Android. It said that its seen structurally similar Android spyware communicating with command-and-control servers in the United Kingdom and the Czech Republic.
Earlier this year, a
study from Rapid7
identified FinSpy--the control software for FinFisher command-and-control servers--as being active in Australia, the Czech Republic, Estonia, Ethiopia, Indonesia, Latvia, Mongolia, Qatar, the UAE, and the United States.
We have identified several more countries where FinSpy command and control servers were operating, according to the Citizen Lab. Scanning has thus far revealed two servers in Brunei, one in Turkmenistans Ministry of Communications, two in Singapore, one in the Netherlands, a new server in Indonesia, and a new server in Bahrain. But according to news reports, some of those servers appear to have been taken offline in the wake of the report.
Gamma Groups business practices have been drawing scrutiny from human rights activists, especially after last year, when Egyptian protesters who took over state security headquarters purportedly found documents from Gamma Group
offering to sell FinFisher
to the Mubarak regime.
According to the Gamma Group website, the FinFisher product portfolio is solely offered to Law Enforcement and Intelligence Agencies. The company also claims that it doesnt sell software to the Gulf state of Bahrain, where the ruling regime has been accused of perpetuating a string of
human rights violations
, especially involving police forces putting down anti-government protests.
In the wake of the Citizen Labs report, Muench at Gamma Group
told Bloomberg
via email that the firm was investigating whether the spyware used by Bahrain was a stolen demonstration copy, saying it was likely that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere.
Gamma Group later issued a statement claiming that a sales demonstration server had been hacked into, and code stolen. The information that was stolen has been used to identify the software Gamma used for demonstration purposes, the release said. No operations or clients were compromised by the theft.
Security and privacy researcher Christopher Soghoian,
via Twitter
, likened the companys claim to being the dog ate my homework for surveillance tech vendors.
Security experts have criticized software firms that create and market software such as FinFisher, saying its too difficult to police how the software may be used. While the U.K. based software company behind FinFisher claims its merely helping law enforcement do their job, the potential for bad actors to co-opt the technology for their evil ends is all too real, said security researcher Cameron Camp at ESET in a
blog post
.
Consider what happened to DarkComet RAT which we looked at here on the blog a few months ago, he said. Like FinFisher, DarkComet RAT has extensive espionage capabilities and the author claims to have no malicious intentions. But the genocidal Assad regime in Syria was quick to use DarkComet RAT against Syrians seeking freedom from oppression.
Many security vendors, meanwhile, have responded to the FinFisher revelations by noting that their products will block any spyware products they know about and can detect, regardless of which government may have launched it. We detect all malware regardless its purpose&origin, said Kaspersky Lab chief Eugene Kaspesrky
via Twitter
But until researchers Marquis-Boire and Marczak found active samples of FinFisher in May, security firms hadnt managed to get their hands on a real copy of the spyware or create signatures to stop it.
Mobile employees data and apps need protecting. Here are 10 ways to get the job done. Also in the new, all-digital
10 Steps To E-Commerce Security
special issue of Dark Reading: Mobile technology is forcing businesses to rethink the fundamentals of how their networks work. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FinFisher Mobile Spyware Tracking Political Activists