Skip to main content

FinSpy software used to spy on activists around the world, claims report

An off-the-shelf surveillance software designed to enable law enforcement agencies to remotely monitor criminals is being used by several governments around the world to spy on their own citizens, claims a new report published on Wednesday.

FinSpy, the surveillance tool in question, can bypass security software, log keystrokes on the target computer, record emails and Skype chats, and even perform real time monitoring through the user's webcam and microphone. It can also secretly extract files from the target computer's hard drive. FinSpy was designed by the Gamma Group, a UK-based company that says the software is meant for helping law enforcement agencies with criminal investigations only.

However, according to security researchers Morgan Marquis-Boire and Bill Marczak, the use of FinSpy software is not restricted to government agencies legally surveilling criminal and terrorist activities. They claim that the software is being used by governments in several countries for broader purposes, including spying on political opponents, human rights activists and dissidents.

"Companies selling surveillance and intrusion software commonly claim that their tools are only used to track criminals and terrorists. FinFisher, VUPEN and Hacking Team have all used similar language. Yet a growing body of evidence suggests that these tools are regularly obtained by countries where dissenting political activity and speech is criminalized," the authors of the report stated.

The researchers traced FinSpy back to 25 countries around the world, including the UK, the US, Canada, Australia, Japan and India. The governments ruling some of these countries, such as Vietnam and Bahrain, have had "troubling human rights records", the report noted.

However, the presence of a FinSpy server in a country does not necessarily mean it is being used by that country's government and law enforcement agencies. The possibility that actors from another country purchased that server for using as a "proxy service", cannot be ruled out - the report explained.

Follow the link to access the full copy of the report, "You Only Click Twice: FinFisher's Global Proliferation".