Government Spyware Seller Gamma International Hacked

Surveillance

FinSpy seller admits a server containing demo software was compromised

Gamma International, the owner of the FinFisher suite of products, which some believe was sold to repressive regimes and other government agencies to spy on citizens, has been hacked.

British firm Gamma International confirmed one of its servers had been compromised, saying the information that was stolen has been used to identify the software it had used in demos for customers. The software in question is the FinSpy tool, which has been described as a Trojan used to intercept communications and acquire data.

The hacked server has now been shut down as the company investigates what happened.

“Gamma International has had information relating to its sales demonstration server stolen from it. The time, date and the method at the moment are unknown. Gamma are looking into how this might have happened,” Martin J Muench, managing director of the firm, told TechWeekEurope.

“The information stolen from Gamma relates to the public server that Gamma International uses for its sales demonstrations to potential clients.

“It’s a nuisance but not a real problem. Gamma have rewritten the new demonstration programmes [sic]. None of our clients have been affected.”

The company said its actual products are encrypted and contain “a wider range of functionality, a more advanced rootkit” and are not as simple for hackers to locate as the demonstration software.

Gamma has been heavily criticised by privacy and human rights groups. Last month, the Andover-based firm was implicated in selling spying kit to the Bahraini government, allegedly for intercepting communications of pro-democracy activists. It was previously claimed that the company sold its FinFisher kit, which includes FinSpy, to repressive regimes, including the now-fallen Hosni Mubarak government of Egypt.

Muench said he could not comment on who the company’s customers were or where they came from.

FinSpy servers going down?

According to a report in the New York Times, a number of servers thought to be running FinSpy went offline this week, including ones in Singapore, Indonesia, Mongolia, Brunei and in Bahrain, although the latter one came back online somewhere else.

Muench said he could not confirm or deny customers’ servers had gone down. “I can’t really comment on what people are doing with their operations. It links into the nature of our business which does not allow us to disclose our customers, nor how they use our products and the results that are achieved with them,” he said.

“Neither our customers nor ourselves wish to prejudice the operations of their agencies or the individuals working within those agencies by giving information through the public domain that may be used against them.”

Privacy International is planning on taking the government to court for allowing surveillance technology to be exported to repressive foreign regimes. In its letter sent to Vince Cable, secretary of state for business innovation and skills, Privacy International singled out Gamma as one of the companies it had concerns about.

The Citizen Lab, which has been investigating the FinSpy software, revealed earlier this week that the malware had mobile functionality, and was able to work on iOS, Android, BlackBerry, Windows Mobile and Symbian.

The mobile version of FinSpy has many of the same features as the desktop version, including the ability to intercept emails and voice calls, and the ability to steal files. According to Citizen Lab, it can also intercept text messages and even BlackBerry Messenger communications thought to be highly secure.

Citizen Lab and security firm Rapid7 have indicated FinSpy servers are located across the world, including on Amazon’s EC2 service in the US and in Turkmenistan’s Ministry of Communications.

Think you’re a privacy pro? Try our quiz!