It is one of the more elusive commercial cyberespionage tools available.
It is marketed as a way for governments to spy on criminals. And for over a year, virus hunters unsuccessfully tried to track it down. Now it is popping up across the globe, from Qatar to an Amazon server in the United States.
FinFisher is a spyware product manufactured by the Gamma Group, a British company that sells surveillance technology. It says its spyware offers “world-class offensive techniques for information gathering.” According to FinFisher’s promotional materials, the spyware can be “used to access target systems, giving full access to stored information with the ability to take control of the target system’s functions to the point of capturing encrypted data and communications.”
Security researchers who studied the spyware last month said it can grab images of users’ computer screens, record their Skype chats, remotely turn on cameras and microphones, and log keystrokes. The Gamma Group markets FinFisher as a way for government law enforcement and intelligence agencies to keep track of criminals, but the researchers’ findings suggested that it was being used more broadly.
The spyware first attracted attention in March 2011 after protesters in Egypt raided the country’s state security headquarters and found an offer to buy FinFisher for 287,000 euros, or $353,000. Then in May of this year, pro-democracy Bahraini activists, one in London, another in Washington and one in the Bahraini capital, Manama, started receiving suspicious e-mails, which they passed to a Bloomberg reporter.
Bill Marczak, a computer science graduate student, and Morgan Marquis-Boire, a security researcher with the Citizen Lab of the Munk School of Global Affairs at the University of Toronto, analyzed the e-mails and found evidence that they contained FinSpy, part of the FinFisher spyware tool kit. The term “FinSpy” itself appeared in the malware’s code.
The findings, published last month, suggested FinFisher technologies were being used for surveillance beyond suspected criminal activity. Martin J. Muench, the managing director of Gamma International, who develops the FinFisher line of products from Munich, did not respond to a request for comment, and a Gamma Group representative did not respond to e-mailed questions. Mr. Muench told Bloomberg that his company did not sell FinFisher spyware to Bahrain, and said the malware might have been a stolen demonstration copy or reverse-engineered by criminals.
But last week, security researchers at Rapid7, a security firm, took the earlier findings a step further. They studied the communication structure of the spyware and found that when they probed the I.P. address of a FinFisher-infected machine with unexpected data, it responded with a unique message: “Hallo Steffi.”
via New York Times – NICOLE PERLROTH
The Latest Streaming News: Spyware updated minute-by-minute
Bookmark this page and come back often