By Nwachukwu Egbunike
A new report – FOR THEIR EYES ONLY: the Commercialization of Digital Spying – from Citizen Lab, a Canadian research centre, shows surveillance software sold by FinFisher, a “governmental IT intrusion” company owned by the UK-registered Gamma International, is now active in 11 countries, including Nigeria.
On 13 March 2013, we published a report identifying 34 FinFisher Command & Control servers. Although we only released the first two octets of server addresses, many of the servers referenced in the report were quickly taken offline after publication. Only 17 of these servers remain online. Since that report, we have identified FinFisher Command & Control servers in 11 new countries: Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria, and Austria.
Some countries—such as Pakistan, Nigeria, Hungary and Turkey—are of special concern because of troubling records on human rights issues and the rule of law… In the case of Bulgaria, however, the server we identified was on a network registered to the “Bulgarian Ministry of State Administration and Administrative Reform.
“We hope that civil society groups, as well as the competent regional and domestic authorities, will investigate the deployments we have described in order to determine whether any laws have been broken.” – “FOR THEIR EYES ONLY: The Commercialization of Digital Spying”, (2013) p. 104
The report however, cautions that:
“…the presence of a FinFisher Command & Control server in a country does not necessarily imply that the country’s law enforcement, security, or intelligence services are running the server. The use of generic hosting providers such as Softcom and GPLHost is likely an attempt to camouflage the true operator of the spyware. The use of three different servers on two different hosting providers is most likely to ensure robustness in case some servers are shut down.” – “FOR THEIR EYES ONLY: The Commercialization of Digital Spying”, (2013) p. 111
Read the PDF Report here.
FinFisher and how it works
Leo Mirani explains:
Gamma’s product, which it sells exclusively to governments, infects computers and mobile phones through devious means. These include posing as Mozilla Firefox and the (frankly quite elegant) ruse of using a “right-to-left override,” which is typically used to render writing in Arabic but can work in any language. This helps it foil users trained to look out for suspicious file extensions by hiding, say, an “.exe,” and making the file appear to be an image with a .jpg extension instead.
Once the file has been installed on a machine, the “command-and-control server,” which does exactly what it sounds like it would, can be used to monitor the infected computer.
In the past, intelligence agencies have used the program to infiltrate “internet cafes in critical areas in order to monitor them for suspicious activity, especially Skype communication” and to target members of organized crime groups, according to a FinFisher brochure released by Wikileaks.
The product may also have been used in the past by repressive nations hoping to monitor dissidents. In his new book, Eric Schmidt mentions “a raid on the Egyptian state security building after the country’s 2011 revolution [which] produced explosive copies of contracts with private outlets, including an obscure British firm that sold online spyware to the Mubarak regime.” Gamma denied that it had supplied the regime with its programme, which its agents were hawking for a piddling $560,000.”
What! Digital Surveillance in Nigeria?
Recently the Nigerian blogosphere went wild with the news that Nigerian government has reportedly contracted an Israeli company (Elbit Systems Ltd) specialized in spyware for online surveillance. Up till now, the government has neither confirmed nor denied this allegation.