I Spy: German malware Finfisher infects devices without being detected

A German malware known as Finfisher can infiltrate devices without being noticed, WikiLeaks revealed. The exposé hopes to encourage development of better detection systems to stop this kind of intrusion in its tracks.

Evasive malware Finfisher brought out into the open

Whether you like it or not, privacy will now be a fleeting concept in our increasingly-connected world. As technologies become more sophisticated, it is becoming easier to infiltrate computers and mobile devices to access personal files. From private persons to corporate entities, anyone can be hacked. Fortunately, there are means to fight off hackers and computer hackers, but first they have to be detected so that developers can provide the right solution. One such recent attention-grabbing issue is the Finfisher spyware suite  from Germany-based unit of Gamma International. The malicious software can intercept communications from computers and mobile devices from a remote location. It canswipe your keystrokes, peer at your Skype messages and even watch you through your webcam –all without you knowing it! This software can also take a glance at your email messages, chat conversations and turn on your microphone to listen and record your conversations.

Wikileaks exposed that the “weaponised malware” developer sold Finfisher to regimes with poor track records on human rights. The company denies this, saying that it only does business with reputable law enforcement agencies.  Thanks to a hacker that goes by the name of “Phineas Fisher,” the whistle-blowing website had been able to obtain documents identifying the list of countries that bought Finfisher. This list includes: Australia, Bahrain, Bangladesh, Belgium, Bosnia-Herzegovina, Estonia, Hungary, Italy, Mongolia, Nigeria, Netherlands, Pakistan, Singapore, Slovakia, Qatar, South Africa and Vietnam.

The software has been deemed as a tool that allows governments to spy on dissidents, journalists and human rights activists when it was discovered in Egypt back in 2011. Two human rights protesters were able to unearth documents showing that the government’s State Security Investigations service had purchased the software, to breach the email accounts of purported activists.

Finfisher is perfectly capable of bypassing the security systems of OS X, Windows and Linux computers, and is able to penetrate mobile devices using Android, iOS, Blackberry, Symbian and Windows Mobile systems. This basically allows it to infiltrate most of the world’s computers and mobile devices. Fortunately, Wikileaks also released copies of the spyware tool to enable researchers to track down its control nodes and develop better detection systems. This includes the FinFisher Relay, FinSpyProxy, the FinFisherFinSpyPC spyware for Windows and a copy of the code for FinSpy Master.

Among the uncovered patrons of Finfisher is the New South Wales Police Force. This was evidenced through the agency’s support requests and an alleged support ticket for an OS X operating system. The NSW Police purportedly had problems with FinSpy when it was trying to penetrate a Mac computer of a “surveillance target” that was offline. The agency, however, refused to comment when asked regarding the issue.

How Finfisher stealthily takes over your gadgets

The FinFisher Relay and FinSpy Proxy from Finfisher, are capable of surreptitiously gathering data from targeted people and easily deliver these to security agencies.  FinSpy, in particular can take over systems remotely. It can gather data from prospects even if they constantly change their location around the world and encrypt their communication channels.  Before using FinSpy, surveillance agencies will need to purchase licenses from Finfisher because the information they need goes through the servers of the company, before being sent to the agency groups.

Other offerings from Finfisher include the FinFly USB, FinIntrusion Kit and FinUSB suite. With the FinFly USB, security agents with no formal training in IT can obtain data by physically inserting the USB stick into the target’s computer. Then, the device installs the configured software into the system automatically. It can be used to run the same procedure on other several systems as well.

Meanwhile, the FinIntrusion Kit functions as a portable pack containing all the IT devices used for offensive and defensive covert operations.  Along with the malware, this comes with adapters and antennas needed for the undertaking. The FinUSB suite allows surveillance agencies to gather forensic information instantly from computer systems. It comes with ten USB sticks, which are already configured to search for specific data. The devices can also be used to decode and analyse information. Aside from the USB dongles, the package also offers a headquarter notebook.

Teamwork of various sectors can take down Finfisher

Thanks to the exposé of Wikileaks, the public now has knowledge on the capability of Finfisher. The copies of the Finfisher suite and the Finfisher Fin Spy for PC will allow researchers and developers to create the appropriate solution that would detect their invasion. Eventually, they can be eliminated from computer systems, and keep themsecure.

However, users of computers and mobile devices also need to keep an eye out for any unusual activity coming from their gadgets, just as what Bahraini activist Mohammad “Moosa” Abd-Ali Ali had done. The phantom Facebook messages sent from his device alerted him to the presence of Finfisher on his computer. Following this, civil liberties group Privacy International filed a complaint against UK-based Gamma International, on the behalf of Moosa and two others. The High Court also expressed discouragement over the sale of the spyware; and commended pressure groups for taking action against it.

To fight off Finfisher, the public, private and civil society sectors need to team up and address its invasion of computer systems. Like a domino effect, the actions of Phineas Fisher and Wikileaks have set off a wave of opportunities for different sectors to eliminate Finfisher.This multi-faceted approach can ensure that people can be protected from this malicious spyware.