Servers in Canada linked to FinFisher spyware program
U of T lab says German-made espionage program traced to 25 countries
University of Toronto researchers have discovered a new group of servers in several countries, including Canada, linked to an elusive espionage campaign.
The research by the Citizen Lab, based at the University of Toronto's Munk School of Global Affairs, is providing new details about a German-made, high-tech piece of spy software that some fear may be used to target dissidents by oppressive regimes.
Researchers said Wednesday that they have identified 25 countries that host servers linked to FinFisher, a Trojan horse program which can dodge anti-virus protections to steal data, log keystrokes, eavesdrop on Skype calls, and turn microphones and webcams into live surveillance devices.
Canada, Mexico, Bangladesh, Malaysia, Serbia and Vietnam were among the host countries newly named in a report. That alone doesn't necessarily mean those countries' governments are using FinFisher, a program distributed by British company Gamma International, but it is an indication of the spyware's international reach.
Morgan Marquis-Boire, the report's lead author, said the IP addresses of the servers in Canada were traced back to a web hosting company, so it's hard to know who might be using FinFisher in Canada.
"They (Gamma) claim that they only sell to government, law enforcement and intelligence communities," said Marquis-Boire, a Citizen Lab researcher who is based in San Francisco.
"Given that hosting in (the web hosting company's) ranges is acquirable with the use of money, it's difficult to provide strong attribution."
His goal was "to show the proliferation of this type of active intrusion and surveillance," he said.
"It's not just phone tapping," Marquis-Boire said. "It's installing a backdoor on your computer to record your Skype conversations and go through your email."
Government use questioned
Advocacy group Privacy International said the report was further evidence that Gamma had sold FinFisher to repressive regimes, calling it a "potential breach of UK export laws."
Gamma had no immediate comment.
The company, based in the English town of Andover, has come under increasing scrutiny after a sales pitch for the spyware was recovered from an Egyptian state security building shortly after the toppling of dictator Hosni Mubarak in 2011. Reporting by Bloomberg News subsequently identified opposition activists from the Persian Gulf kingdom of Bahrain as targets of the company's surveillance software.
The discovery of FinFisher servers in countries run by authoritarian governments — such as Turkmenistan and Ethiopia — have raised further questions about the company's practices. On Tuesday, Paris-based journalists' rights group Reporters Without Borders named Gamma one of its five "corporate enemies of the Internet."
Gamma referred questions about FinFisher to its German developer, Martin Muench. Muench did not immediately return several emails seeking comment, but in a recent interview with German newspaper Suddeutsche Zeitung, he defended his work as part of the fight against crime.
"I think it's good when the police do their job," Muench told the daily. He dismissed the notion that what he was doing was violating anyone's human rights.
"Software doesn't torture anybody," he said.