Western Spy Tech Linked to Bahrain Regime – Time to Press Arms Controls on Cyber-war Technology

Further evidence of western technology being used by Arab regimes to spy on activists. FinFisher, the makers of the spyware, were identified by Owni & WikiLeaks last year as part of the global surveillance arms trade.

Western Spy Tech Linked to Bahrain Regime
by Jean Marc Manach On September 10, 2012

In spring of this year a Bahraini exile in London, a British economist in Bahrain and a naturalised American living in Alabama, all received the same short email, apparently sent by an Al-Jazeera journalist.

The email mentioned a report written by Zainab al-Khawaja, a human rights activist in Bahrain, about the torture of imprisoned fellow activist Nabeel Rajab, followed by this statement.

A few days later the trio received more emails. Some made reference to the arrest of opposition figures in Bahrain, and others to the agenda of the king of Bahrain. Every email was accompanied by a compressed file attachment, raising suspicions that they might contain computer viruses.

The emails were forwarded to Vernon Silver, a Bloomberg journalist who has been closely following instances of western surveillance technology being used by Arab dictatorships. Silver had the emails analysed by two researchers associated with the Citizen Lab, a Canadian research laboratory that specialises in studying political surveillance technology.

Morgan Marquis-Boire, a computer security engineer working at Google, is an expert (pdf) in the type of spyware that was used by Libyan and Syrian thugs to hack cyber-dissidents’ computers. Bill Marczak, a doctoral student in computer science at Berkeley, is a member of Bahrain Watch, a group which promotes transparency in Bahrain. Bahrain Watch documents the protesters and civilians killed by Bahraini authorities, the weapons (buckshot, grenades and tear gas) purchased from western companies, and the western public relations firms employed by the regime at handsome rates.

The two researchers discovered a particularly sophisticated piece of spyware, employing “myriad techniques designed to evade detection and frustrate analysis“. By analysing the spyware’s coding, the researchers uncovered mentions of FinSpy, the British company Gamma International, and the names of several of its directors.

According to this contract proposal found in March 2011 in an Egyptian security service building after the fall of the Mubarak regime, the FinSpy spyware retails at about €300,000. It’s one of the flagship products in the range of “offensive cyber-war” tools marketed by FinFisher, a subsidiary of Gamma, which specialises in surveillance and telecommunications interception systems. Owni reported on this product range last year; we even put together this video montage of promotional clips explaining how the software operates.

As part of the SpyFiles operation, WikiLeaks and Privacy International revealed that FinFisher was one of five digital surveillance arms dealers, specialising in ‘trojans’. This type of spyware presents itself as a legitimate file, before infecting a computer in order to remotely activate microphones and cameras, to record every keyboard stroke (including of course passwords) or Skype conversations, instant messages, emails etc.. Then, in an encrypted and undetectable manner, the spyware sends back the intercepted data via servers located in various countries abroad.

Another computer security researcher has subsequently managed to identify the servers used to control FinSpy, and thus spy on computers in Estonia, Ethiopia, Indonesia, Latvia, Mongolia, Qatar, the Czech Republic, the USA, Australia and Dubai.

In a second post, published in late August, CitizenLab revealed that they had identified two more servers: one in Bahrain, the other controlled by the Ministry of Telecommunications in Turkmenistan, considered one of the most repressive regimes in the world.

The two researchers also detail how FinSpy Mobile operates. The system allows the user to infect iPhones and Android, Symbian, Blackberry and Windows mobile phones, in order to spy on SMS, emails and telecommunications, extract contacts and other data, geolocate the phone, and even remotely activate the phone without the user being aware of the slightest manipulation. …more