Commercial spyware is a lucrative market because repressive regimes around the world tend to deploy spyware to monitor dissidents. Two security researchers have now found out that a spyware, FinSpy, is being used to spy on activists in Bahrain and numerous other countries.
FinSpy has been developed by Gamma Group, based in Germany and is being sold by Gamma International, the UK subsidiary of the group. Morgan Marquis Boire is a Google employ while Bill Marczak is a Berkeley student. In a joint research, the duo found out that FinSpy was sent to Bahraini activists in email attachments.
This specific spyware can infect PCs as well as smartphones and can monitor the infected machine in detail. For instance, it can send GPS location details of a smartphone, thus effectively revealing the exact location of an activist who uses the smartphone. Bahrain is riddled with political dissent these days and it’s quite obvious that the regime is using this spyware to keep tabs on the activists.
Naturally, when Gamma International was asked about this unprofessional behaviour, it outrightly rejected its involvement. According to its managing director, “As you know we don’t normally discuss our clients but given this unique situation it’s only fair to say that Gamma has never sold their products to Bahrain. It is unlikely that it was an installed system used by one of our clients but rather that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere.”
In the past too, Gamma International has been found of similar activities. For instance, after the fall of Hosni Mubarak regime in Egypt, it was found out that the regime was involved in a rather expensive deal with the company to buy its spyware.
This time, however, hard evidence seems to suggest that Gamma International deliberately and knowingly sells such spyware to repressive regimes. According to Marquis and Marczak, the malware delivered by this spyware makes use of a code certificate which has been issued by Cyan Engineering. This company, in turn, is registered to the name of Johnny Geds.
Moreover, as soon as the research by the duo was published, a number of command-and-control servers of spyware in different countries were shut down, which seems like an obvious attempt to cover up the tracks.
Courtesy: The Register