May 8, 2013 - Comments Off on FAQ: What is FinFisher, What is it doing in Pakistan?
What is FinFisher?
FinFisher or FinSpy is a piece of computer spyware designed to allow someone to spy on a computer or mobile phone.
How do you get infected?
Most commonly, someone tricks you into clicking on a file. The file is FinSpy, but it is hidden inside another kind of file. Like a picture. Or a Word Document. You will see the document you expected, but clicking is enough to infect you silently.
What can be infected?
Windows, Mac, Linux, Android, iPhone, Nokia, Windows Phone, and Blackberry.
What can FinFisher do?
- Steal passwords for your e-mail and your accounts like Facebook or Gmail
- Read your chats
- Listen to your calls on Skype
- Listen to what is happening in the room secretly using the microphone or camera
- Steal files from your computer, even files you have deleted
All of this information is sent another computer (a “command and control server”) that is used by the person spying on you. Then the person can see the stolen information.
Who Makes FinFisher?
FinFisher is sold by a UK/German company called Gamma International.
Can I detect it with my AntiVirus?
AntiVirus and Anti-Spyware software will not detect FinSpy. It’s very hard to detect.
What are the Findings about Pakistan?
Researchers first found FinSpy being used against pro-democracy activists in Bahrain in 2012. Since then, the same researchers have been surveying the internet for evidence that FinFisher servers are in other countries.
The researchers found servers for FinFisher in 36 countries. One of those countries was Pakistan. The server they found was on a network owned by Pakistan Telecommunication Company Ltd.
Who published the research?
The research was published through Citizen Lab, which is based at the Munk School of Global Affairs, University of Toronto. The lab is independent from government and corporate interests, and publishes research based on evidence.
Where Is FinFisher Found?
Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam.
FinFisher is in Pakistan. Does it mean that the Government is using it?
Just because a FinFisher Command and Control server is found in a country does not mean that this country is using FinFisher. Another government could be using a server in that country to hide its true identity. Therefore it is even more important to investigate this further.
The researchers cannot be sure which government is using the FinFisher servers they have found, because a government could easily operate a server in any other country.
There are two possibilities:
(1) The government of Pakistan is using FinFisher
(2) Another government is using FinFisher and is hiding its identity by using a Pakistani network
How do we know if this equipment is purchased by a government and not a company?
Gamma International claims they only sell FinSpy to governmental law-enforcement and intelligence agencies. They claim it is used to spy on the computers of suspected criminals and terrorists. However, research from Citizen Lab from has found that it is also used to spy on journalists and activists. They claim they do not sell to private companies, and there is no evidence to suggest that they do.
How much does this digital spy gear cost?
FinFisher is expensive. For example, protesters stormed the Egyptian State Security building after Mubarak’s fall, they recovered an offer to sell FinFisher to Egypt for almost 300,000 Euros, more than 38 million Pakistani Rupees.
Given the security situation in Pakistan, don’t you think it is important for the state to have such an equipment?
Nobody disagrees that states need to be able to investigate terrorists and criminals, and do so effectively. Sometimes this requires great secrecy. Sometimes it is done in cooperation with other intelligence services.
However, settling political rivalries, spying on opponents and blackmail are all things that FinFisher can also be used for. In 2012, researchers found pro-democracy activists in Bahrain were being targeted. In 2013, a document related to the elections in Malaysia was found, with FinFisher hidden inside. Another fake document was found in 2013 that seemed to target an Ethiopian opposition group.
Why should you care?
If the government of Pakistan is using FinSpy, do we trust them to use this powerful tool to only spy on criminals?
Although, the rights to privacy are protected under the Constitution:
Article 4 of the 1973 Constitution recognises the right of every citizen and of every other person for the time being within the country to be protected and treated in accordance with the law. Article 4(2) disallows any action detrimental to the life, liberty, body, reputation, or property of any person to be taken except in accordance with the law.
In the section titled “fundamental rights,” it is stipulated: ”No Person shall be deprived of life or liberty save in accordance with law.”
The Constitution identifies the right to privacy of a person and recognizes the inviolability of dignity of every person in Pakistan as a fundamental right, thus guaranteeing the privacy of the home [Article 14 (1) Inviolability of dignity of man]:
“The dignity of man, subject to law, the privacy of home, shall be inviolable.”
However, currently there exists no privacy law that specifically upholds or protects user privacy. Neither is there a clearly defined government policy on how it monitors terrorist networks. Pakistanis remain in the dark regarding the presence of FinFisher on PTCL servers.
We, as citizens, demand that an investigation be launched. We want to know whether this equipment has been acquired officially from tax payers money. If it has not been officially purchased by the government of Pakistan, the other scenario could be that another country’s government is using it to conduct espionage. Why is FinFisher there on local servers in Pakistan, who has put it there and what are they using it for needs to be determined. Findings of the investigation should be made public to clarify the matter and ensure citizens are not being spied on – not by the Pakistan government and neither by anyone else.