Government-operated spyware on the rise around the world – report

3 May, 2013 19:51 / Updated 12 years ago

More and more regimes across the world are using Western-made ‘lawful intercept’ software to spy on their own citizens, a brand new report has revealed.

Citizen Lab, a digital research unit at the University of Toronto, says that servers running notorious FinFisher software have been found in eleven new countries over the past year, bringing the total number of states where servers have been detected to 36.

FinFisher is an "IT intrusion and remote monitoring solution" that is "solely offered to law enforcement and intelligence agencies", according to its makers Gamma International. Behind the euphemisms is a toolkit of malware which can infect a user’s computer or phone and then track his movements, record his conversations, and steal his confidential documents and passwords.

It is produced by Gamma International, an Anglo-German company registered in the British Virgin Islands. It first rose to prominence two years ago when documents published on whistleblower website Wikileaks revealed that the Egyprian security services during the regime of Hosni Mubarak paid over $350,000 to use the software.

Citizen Lab says ‘permissive’ standards are used by Gamma International and other publicity-shy companies in the largely unregulated spyware market. They also argue that the term ‘lawful intercept’ – which allows the companies to sell hacking software without being arrested – is just a fig leaf.

“There is nothing inherently lawful about the capabilities of these tools. They are simply trojans sold to states, not individuals,” declares the report.

The newest detection scan by Citizen Lab, which was aided by sympathetic anti-malware producers (whose software Finfisher successfully evades) showed that fresh servers have appeared in Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria and Austria.

Citizen Lab says the location of the servers does not necessarily mean they are being operated by governments in those countries, but they also point out that the true number of clients may be much higher than the scan has revealed, as Gamma International constantly tries to conceal the signature of its servers.

In any case, recent examples of Finfisher being used unethically, and possibly illegally are plentiful.

In Morocco Mamfakinch, a website critical of the government, was infiltrated through software posing as popular browser Mozilla Firefox.

Somewhat ironically, anti-government activists in Bahrain were targeted with a fake email attachment that alleged to shed the latest information on state-sanctioned torture.

In Malaysia, politically active internet users were monitored after they clicked on a list of candidates in the upcoming presidential election.

“The 20th century is rife with politically motivated abuse of electronic surveillance that runs contrary to legal and constitutional protections. There is no reason to suspect that remote intrusion and surveillance software
isn’t subject to the same temptations,”
say the reports authors.

Instead, of lofty words, the Mozilla Foundation, which produces Firefox, has sent a cease-and-desist order to Gamma International. On its blog it said the company "uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion" while its software is "used by Gamma’s customers to violate citizens’ human rights and online privacy”.

But Citizen Lab has called not for piecemeal defensive legal moves, but a new level of supervision for the shadowy commercial surveillance industry, estimated to be worth $5 billion. It hopes its attempt at a comprehensive study, reveals the scale of the problem.

“The proliferation of increasingly powerful commercial surveillance tools has serious implications not just for dissidents and activists, but for all of us, no matter our citizenship,” the report summarizes.