The details about the citizen labs complete analysis and a list of countries having finfisher servers can be found in this report, for their eyes only. The citizen lab report describes two cyberespionage campaigns that eset detailed in reports published in september and december 2017. Finfisher also offers a mobile version of its spying system so that authorities can spy on data and communications from mobile phones, even when encrypted the report comes. Citizen lab, a digital research unit at the university of toronto, says that servers running notorious finfisher software have been found in eleven new countries over the past year, bringing the total number of states where servers have been detected to 36. Finfisher offers a strategic widescale interception and monitoring solution that is device independent. Previous citizen lab research found that in 2011 he was targeted with finfisher spyware, and in 2012 with hacking team spyware. Sophisticated, persistent mobile attack against highvalue. The finfisher spyware is specifically engineered to elude antivirus software made by kaspersky lab, symantec, fsecure and others. An alarming number of governments are using finfisher. Citizen lab research on hacking team and finfisher surveillance.
Finfisher, spy software used by governments, has been found on two ip addresses registered to telkom. Research on hacking team and finfisher highlighted in motherboard. Cyber attacks on activists traced to finfisher spyware of. The use of the comic sans font is due to the attackers font selection. In 20, the software company mozilla sent a ceaseanddesist letter to the company after a report by the citizen lab showed that a spywareinfected version of the firefox browser manufactured by. It can secretly take remote control of a computer, copying files. Advocates challenge use of finfisher surveillance software. Gamma international first entered the spotlight in april of 2011. Between 2010 and 2012, bahrains government used finfisher to monitor some of the countrys top law firms, journalists, activists, and opposition political leaders.
Apparently, at least according to a video promoting finfisher, the software uses apples popular itunes in order to load snooping software onto the computers of the intended suspects. Mozilla furious as disguised spyware used against pro. The citizen lab is an interdisciplinary laboratory based at the munk school of global affairs at the university of toronto, canada. Once it has infected your computer, finfisher is not detected by antivirus or anti spyware software. In this report citizen lab security researcher morgan marquisboire and bill marczak provide analysis of several pieces of malware targeting bahraini dissidents, shared with us by bloomberg news. Finfishers global proliferation, in which researchers conducted a global internet scan for command. Citizen lab, a digital research unit at the university of toronto, says that servers running notorious finfisher software have been found in eleven new countries over the past year, bringing the total.
Citizen lab was able to identify 5 ip addresses tied to a spyware suite developed by the munichbased firm finfisher, which is marketed to governments and lawenforcement agencies. The citizen lab research linked the malware sent to prodemocracy activists to finspy, part of the finfisher spyware tool kit. Citizen lab the research and development lab at the munk school of global affairs, university of toronto, that has focused a lot of its work on the legal surveillance software finfisher. The action follows a report by citizen lab, which identifies 36 countries including the us hosting command and control servers for finfisher, a type of surveillance software. Ethiopia has even been caught employing finfisher software to snoop on ethiopian journalists in. The citizen lab at the munk school of global affairs and public policy at the university of toronto has been researching nsos spyware pegasus for years including identifying numerous. Through its research and investigations, citizen lab has contributed to exposing several governments purchasing hacking and spying software targeted at political dissidents. This powerful spy software is being abused by governments. Research continues to uncover troubling cases of finspy in countries with dismal human rights track records, and. The market for intrusion software like finfisher is challenging to track. In march of 20, the university of torontos citizen lab published you only click twice. Finfisher, also known as finspy, is surveillance software marketed by lench it solutions plc, which markets the spyware through law enforcement channels finfisher can be covertly installed on.
Domestic spying using finfishers surveillance software has spread worldwide massprivatei according to a 20 report from the citizen lab of the munk school of global affairs at the university of toronto. The use of finfisher, the notorious surveillance software also nicknamed as finspy, is on the rise all over the world, a report by citizen lab has revealed. The use of such expensive tools against mansoor shows the. The citizen lab conducts groundbreaking research on the global proliferation of targeted surveillance software and toolkits, including finfisher, hacking team and nso group. Pay no attention to the server behind the proxy mapping finfishers. Security group finds 33 world governments likely using. Finfisher mobile spyware tracking political activists. The finfisher suite is described by its distributors, gamma international uk ltd. Citizen lab senior research fellow bill marczak spoke to abc australia regarding the proxy server for the remote intrusion software finfisher found in sydney, australia.
In 20, the software company mozilla sent a ceaseanddesist letter to the company after a report by the citizen lab showed that a spywareinfected version of the firefox browser. Turkish isp swapped downloads of popular software with. Finfisher, also known as finspy, is surveillance software marketed by lench it solutions plc, which markets the spyware through law enforcement channels finfisher can be covertly installed on targets computers by exploiting security lapses in the update procedures of nonsuspect software. Citizen lab was able to unmask previously unknown countries utilizing finfisher, suggesting that despite the 2014 security breach, surveillance software is rising in popularity. Eu petition seeks to restrict export of digital arms. In addition to describing how theyve seen finspy infect the computers of. Citizen lab was able to identify 5 ip addresses tied to a spyware suite developed by the munichbased firm finfisher, which is marketed to governments and lawenforcement agencies worldwide. Bill marczak on finfisher in australia the citizen lab. Finfisher spy software is developed by gamma international, and is marketed to governments, intelligence agencies, and law enforcement. Digital snooping spreading to smaller countries thehill. Governmentoperated spyware on the rise around the world. The claimants say that they were targeted with the finfisherfinspy program, which was manufactured in the uk and sold to the bahraini. Mapping finfishers continuing proliferation citizen lab.
Countries with finfisher spying software business insider. The analysis suggests that the malware used is finspy, part of the commercial intrusion kit, finfisher, distributed by the united. In 2012 in bahrain, an email campaign against prodemocracy activists installed finfisher software through disguised email attachments, which citizen lab identified as being orchestrated by. There are also mobile versions of finfisher designed specially to. The problem with software like finfisher is that it is dualuse.
Message received by citizen lab senior research fellow bill marczak. The citizen labs research shows all those countries are also using finfisher surveillance tools. Leaked docs show spyware used to snoop on us computers. When anyone using a target ip address on turk telekoms network attempted to download software from a handful of legitimate vendors including. Citizen labs research were featured in programs on middle eastern. Bill marczak spoke to abc australia regarding the proxy server for the remote intrusion software finfisher found in sydney, australia. The existence and use of lawful intercept and surveillance software has been an open secret in the security and privacy communities for some time now, but research such as the citizen. The market for intrusion software like finfisher is challenging to track because of the key players, from government customers to software developers, have a strong interest in keeping transactions private. Cyber stewards network and local activists investigate. Spyware used by governments poses as firefox, and mozilla. Researchers from the citizen lab have released new data that examines the mobile side of finfisher, as well as possible locations for its use. In 2011, citizen lab says he was attacked with malware developed by a germanowned company called finfisher and in 2012 with one by milanbased hacking team.
Finfisher is a suite of remote intrusion and surveillance software developed by munich based gamma international gmbh and marketed and sold exclusively to law enforcement. In 2014, an america citizen sued the ethiopian government for installing and using finspy. Finfisher, also known as finspy, is surveillance software marketed by lench it solutions plc. A new report from citizen lab, a canadian research center, shows surveillance software sold by finfisher, a governmental it intrusion company owned by the ukregistered gamma. Researchers look inside mobile variants of finfisher spy. The company has been criticized by human rights organizations for selling these capabilities to.
Domestic spying using finfishers surveillance software. Citizen lab published research showing how finspy variants, from the gamma groups finfisher surveillance toolkit, target smartphones including windows mobile, apples iphone and ipad tablets. Founded and directed by professor ronald deibert, the citizen lab. How these toronto sleuths are exposing the worlds digital. A new research conducted by citizen lab revealed that the number of governments using the finfisher surveillance software has increased. In addition to describing how theyve seen finspy infect the computers of political. Bytes for all finfisher lawsuit to be heard citizen lab. Finfisher commercializing digital spying how you can be. According to recent reporting, german federal police appear to have plans to purchase and use the finfisher suite of tools domestically within germany.
397 1281 1067 1356 216 573 1070 1254 404 20 555 1242 1168 989 55 454 971 47 91 440 573 70 333 408 482 47 1487 34 159 904 1304 817 548 1467 795 717 379