An Alarming Number of Governments are using FinFisher Malware: Report

According to a study carried out by the Citizen Lab (a research department at the University of Toronto), FinFisher is the most used spyware by many government agencies around the world.

Finfisher was developed by a German security company (FinFisher GmBH). The company has been selling this spyware to many law enforcement agencies from many different parts of the world.

FinFisher used in the past for illegal government surveillance:

This spyware is used illegally because it’s been sold to only law enforcements agencies in many states like Ethiopia and Bahrain have been found using the Spyware illegally. States like these have been using this spyware as a way of keeping the people who oppose the state’s policies quiet.

Image Source: Citizenlabs
Image Source: Citizen lab

Spyware’s way of working:

The spyware has a complete system by which it transfers all the information from the spied PC to the agencies. It all starts from the spyware picking up the information from the PC then sending data to a C&C server through proxies.

This works nearly the same way Tor system works but minus the complex encryptions.

Citizen lab, in the past, were unable to differentiate the FinFisher replays and C&C server, but they are now able to differentiate and also many FinFisher network all around the world.

 FinFisher spyware infrastructure:

According to Citizen Lab, FinFisher has reached 32 countries so far. 135 instances of the spyware have been observed (Including both the replays and servers).

The 32 countries that currently deploy FinFisher are as follows:

Screen Shot 2015-10-24 at 11.41.19 PM

Among the above-mentioned countries, Pakistan was the only one where civil society challenged the use of Finfisher spyware in the court.

Furthermore, Citizen Lab was also able to trace the IP addresses of C&C servers which belonged to 10 different agencies. What’s even worse is that the relay servers of different countries are located in other countries, which can allow one country’s agency to look into another’s.

The graph shows countries using FinFisher malware:

finfisher-malware-top-among-governments-4
Image Source: Citizen lab

“The market for intrusion software like FinFisher is challenging to track because of the key players, from government customers to software developers, have a strong interest in keeping transactions private,” said the Citizen Lab researchers.

2014 data breach helped the company gain more deals:

FinFisher GmBH was hacked in 2014 and some 40 GB data from the company was leaked. But, it wasn’t enough to find useful stuff regarding the widespread use of their spyware.

But, interestingly, it did increase the demand for the spyware as more countries demand for spying increase with each passing day. Wikileaks document also referred to this in its recent leaks.

Note:

While researching about FinFisher spyware we ended up reading how a researcher deleted this software from his system. You should go through it as a safety precaution.

 

Agan Uzunovic

Agan Uzunovic is a Bosnian journalist who is working for the country's largest newspaper. He has a keen interest in reporting on activism and hacktivism. He is also a contributor at U.S based Revolution News media. Agan reports and writes for HackRead on IT security related topics.