In 2013, the Australian government was accused of spying on Indonesia thanks to the documents leaked by Edward Snowden. Now, it looks like the Indonesians are taking revenge from the kangaroos.
Sydney has suddenly become the center of attention of all security experts since traces of the sophisticated software suite FinFisher, which is sold to government spy agencies, was allegedly found in a Sydney data center.
As per the report from ABC, the spyware’s origin was Indonesia and the Indonesian government is mainly utilizing it but the spyware is being used via the Australian data center. The data center reportedly is used to host the spyware’s proxy server.
Previously, news sources reported that two Indonesian government groups including the Lembaga Sandi Negara/National Encryption Body were among the customers of FinFisher and that agencies from more than 32 countries are using this spyware.
However, according to Bill Marczak, security research at Citizen Lab, a human rights security-oriented, a laboratory in Toronto, Indonesia seems to be among the largest customers of FinFisher spyware. Evidence confirm that many other government users are relying upon FinFisher in Indonesia apart from the National Encryption Body.
“I felt very concerned about the list of countries we had found. I think I would have felt far less concerned if the spyware was only turning up in countries which had a robust rule of law and oversight of intelligence and law enforcement.”
Marczak also confirmed that data and information that was infected by Indonesian department was passing through Australian server.
FinFisher is a powerful spyware that can remotely control any computer that it manages to infect. Alongside transferring information to its command and control server, it can copy files, log keystrokes, and intercept Skype conversations too. FinFisher was developed by the Munich-based FinFisher Gamma Group and it is being touted to
“help government law enforcement and intelligence agencies identify, locate and convict serious criminals.”
The company developed many malware and spyware like FinFisher to facilitate infiltration of various devices and platforms and providing spyware related services to businesses and governments.
In 2014, WikiLeaks disclosed that FinFisher surveillance suite customer list was quite extensive and even included the New South Wales Police. Also included in that leaked list were the Hungarian intelligence arms, Singapore-based PCS Security, Italian, Qatari and Bosnian governments and Netherlands police forces.
— WikiLeaks (@wikileaks) September 15, 2014
The NSW Police apparently purchased FinFisher software worth €1.8 million and also requested for categorized keylogged conversations for avoiding complications by interfering with legal privilege and also asked for help in resolving FinFisher spyware update related problems.
Allegedly, NSW Police also issued a support ticket stating that FinSpy encountered an issue with OS X at the time when a surveillance target went offline. The ticket read:
“When a mac target is online, there is a configuration link which allows updating the configuration of the target and Trojan. However, when the target is offline, there isn’t any configuration link. This only appears on a mac target. The Linux and Windows targets have configuration links when the target is both online and offline.”
However, NSW Police maintained that “given this technology relates to operational capability, it’s not appropriate to comment”.
About Sydney East Datacenter:
It is being stated that this spyware was discovered inside the Global Switch Sydney East data center in Ultimo. The data center was opened around two years back at a whopping AU$300 million cost. This particular data center is the second facility of the company Global Switch in Sydney. It was built in the close proximity of the Sydney West data center.
In late 2010, Global Switch announced about its plan to construct another data center as part of the £1 billion expansion plan of the company. The headquarter of Global Switch is situated in London and the company has already established data centers in Amsterdam, Frankfurt, London, Paris, Singapore, Hong Kong and Madrid. When contacted, Global Switch refused to respond.