C&C Servers of FinFisher Spying Software Identified in 11 New Countries

Citizen Lab releases new report on the commercialization of surveillance software

  Global distribution of FinFisher servers
Citizen Lab – the research and development lab at the Munk School of Global Affairs, University of Toronto, that has focused a lot of its work on the “legal surveillance software” FinFisher – has released a new report on the commercialization of spying solutions.

Citizen Lab – the research and development lab at the Munk School of Global Affairs, University of Toronto, that has focused a lot of its work on the “legal surveillance software” FinFisher – has released a new report on the commercialization of spying solutions.

Besides detailing the commercial market for offensive computer intrusion capabilities, the report also provides some new aspects regarding the Gamma International’s FinFisher.

According to experts, FinFisher command and control (C&C) servers have been identified in 11 new countries. These countries are Romania, Turkey, Hungary, Macedonia, Lithuania, Panama, Nigeria, South Africa, Pakistan, Bulgaria and Austria.

So far, a total of 36 countries have been appointed as hosting FinFisher servers at one point.

However, as Citizen Lab points out, the presence of C&C servers does not necessarily indicate the fact that the country’s law enforcement, intelligence or security agencies are operating the devices.

In March, Citizen Lab reported having identified FinFisher attacks aimed at individuals from Ethiopia and Vietnam.

More recently, they’ve identified a FinSpy sample that targets Malay speakers. The bait in these attacks is a document discussing the upcoming elections in Malaysia.

Similar to other FinSpy samples, the one that’s used against Malaysians uses the name of Mozilla Firefox to masquerade as legitimate software. Shortly after the report was released, Mozilla said it was determined to take action.

However, the Malaysian government denies using FinFisher to spy on its own citizens. The country’s media regulator has even threatened to pursue one publication which it accuses of false reporting.

“While we cannot make definitive statements about the actors behind the booby-trapped candidate list, the contents of the document suggest that the campaign targets Malay speakers who are interested in Malaysia’s hotly contested 5 May 2013 General Elections,” Citizen Lab’s report reads.

“This strongly suggests that the targets are Malaysians either within Malaysia or abroad. We trust that both domestic and international elections monitoring officials and watchdog groups will investigate to determine whether the integrity of the campaign and electoral process may have been compromised.”

In the meantime, civil rights group Privacy International has filed an application for judicial review of the UK’s HM Revenue & Customs (HMRC) after the latter refused to provide information regarding its investigation into Gamma Internationals export practices.

2 Comments