FinFisher is surveillance software by Gamma International UK Ltd marketing the surveillance solutions to government security officials through exploiting security lapses in anti-virus programs. It is basically a spyware suite designed to allow someone to spy on a computer or mobile device. Described by the company as “Governmental IT Intrusion and Remote Monitoring Solutions”, FinFisher has its command and control servers installed in around 36 countries globally, according to a report and analysis by Citizen Lab. Pakistan is one of those countries, and Pakistan Telecommunication Company Ltd (PTCL) owns the network where FinFisher server is found.
The FinSpy malware – tool of FinFisher intrusion kit – was often injected in the potential victims’ machines by sending them malicious email. In the analysis, Citizen Lab found that email addresses which were used to send these emails were on the names of some popular journalist names (in the case of Bahraini activists) and the email shared attachments which looked pertaining to the Bahraini turmoil. On opening the attachments, jpeg files were saved on the victim’s computers which were actually executable files. This sort of access gives the attacker clandestine remote access to the victimized machine with data harvesting and exfiltration capabilities. Commonly, someone tricks you into clicking a file – a picture, word document, etc – which actually hides the FinSpy file and silently affects your machine without you or the Anti-Virus program installed in your machine detecting it.
Citizen Lab found that the data like Skype audio calls, chats, key logger and passwords was accessible to the attacker. FinFisher can even secretly use the microphone or webcam in your computer or mobile phone to listen to what is happening in the room. Silently extracting data from the hard disk or tracing the location of target are some other features provided by FinFisher. The data was hidden locally on the host machine and was encrypted before ex-filtration.
The details about the Citizen Lab’s complete analysis and a list of countries having FinFisher servers can be found in this report, “For Their Eyes Only”. Below are some recommendations to keep yourself as an activist, blogger, or a common user with dissenting opinions secure from being maligned by FinFisher.
- Do not open attachments or the links sent by strangers via emails, Skype or other communication platforms (even when that stranger’s name looks popular).
- Even if it is being sent via a friend, check if that friend could send you a file of that type (your military following sibling is less likely to send a file which is pro-democracy). Especially if you feel you could be targeted, it is better to be vigilant.
- Always have Anti-Virus software programs running on your machine and keep those programs and the Operating System updated as and when the new updates become available.
- Use screen locks, passwords and device encryption as someone could install the tool physically on your machine/phone.
- Never run untrusted apps or allow third parties to access your devices. More and more apps are used for malicious purposes. Always avoid installing what you do not need.
- Keep the location services off if not needed.
Targeted malware attacks are increasingly being used to attack human rights groups making them vulnerable. While there is a very aggressive debate going on over the use of such surveillance systems by any government between the civil society and governmental organizations, it is better to take the measures to keep yourself and your community secure from any such targeted attacks.
– Written for Digital Rights Foundation, Pakistan.
- Cyber Attacks on Activists Traced to FinFisher Spyware of Gamma (bloomberg.com)