The FinFisher spyware suite is not to be fucked with. After a covert installation, the sophisticated German-made software also known as FinSpy evades detection and gives hackers and government agencies alike a whole toolbox full of surveillance capabilities, from keylogging to data-sniffing, eavesdropping to straight up spying using a computer's webcam and microphone. It's good enough to complement the internal software used by intelligence agenies across the globe and, increasingly, the world's most repressive regimes. And according to a new report by cyber security researchers, it's on the move.
Canadian researchers say that the FinSpy is now active in 25 countries around the world who appear to be fairly succesfully covering their tracks. At first glance, this isn't necessarily illegal or totally awful. This is commercial software with uses that go beyond spying on citizens. Yet over the last six months, the governments or agencies that've been using FinSpy have also been trying harder to keep it a secret. The research team from Toronto University’s Munk School of Global Affairs, which published the report, says that "the behavior of FinSpy servers began to change" last October in an apparent effort to evade detection, and it appears to be working.
In other words, although there's evidence of 25 countries using FinSpy, there are actually probably a lot more that we don't know about. Furthermore, the servers hosting the software could be in one country, while the spies using it could be located in another. And there's little doubt what it's supposed to be used for. In its promotional materials, Gamma Group describes the software as offering "world-class offensive techniques for information gathering" and says it can be "used to access target systems, giving full access to stored information with the ability to take control of the target system's functions to the point of capturing encrypted data and communications."
Obviously, these kinds of features are pretty attractive to governments that want to keep a close eye on their citizens. And naturally, these governments are some of Gamma Group's best customers. "The spyware first attracted attention in March 2011 after protesters in Egypt raided the country’s state security headquarters and found an offer to buy FinFisher for 287,000 euros, or $353,000," The New York Times reported last year, adding that Bahraini activists also "started receiving suspicious e-mails" that may have originated with a FinSpy intrusion.
Don't get too scared about all this. At the end of the day, there's not really anything you can do about it. If some spy agency is hacking into your computer, it's probably impossible to know and even more impossible to get the spyware off your computer. What you can do, as the Canadians suggest, is call for a "policy debate about surveillance software and the commercialization of offensive cyber capabilities."
Spying is a big business, and the companies that make spy stuff benefit from more widespread surveillance. In America, at least, we have some rights and ought to make sure they're not being trampled on by some secret German software. Because that dynamic just brings up all sorts of bad thoughts and memories.