A piece of spying software usually used by law enforcement agencies, capable of collecting information such as passwords and Skype calls and sending it to a command and control server remotely, has been found active in India, among 25 countries identified by a Canada based research lab.
The alarming bit about it is that the research lab mentions that a growing body of evidence suggests that these tools are regularly obtained by countries where dissenting political activity and speech is criminalized.
FinSpy, developed by British company Gamma Group, is a widely used Remote Monitoring Solution that help various law enforcement agencies with monitoring Mobile and Security-Aware Targets that relocate regularly, and communicate using encrypted and anonymous communication channels and reside in foreign countries.
According to Citizen Lab, the interdisciplinary laboratory of Munk School of Global Affairs in Canada which devised a fingerprint capable of scanning the Internet for Finspy servers to track more than 12 billion packets over 2 months to come up with the findings, the command and control centers showed up in India and six other countries for the first time in their most recent scans.
Two such command and control servers were found in India hosted by HostGator. This shows the existence and usage of such surveillance systems within India. The worrying bit is that in most case where such systems were found to have been used also led to gross Human Rights Violations (government of Bahrain, Vietnam use such tools).
How does it work?
FinSpy spyware is sent as unsuspecting attachments through emails and other sources. When the victim opens the attachments the spyware automatically infects the system used to access the file. Once the system infected with FinSpy goes online it informs the FinSpy relay servers. Once this communication is established, the relay servers connect and coordinate between the infected system and the FinSpy master server. The master server then stores all the data and customers (government agencies in this case) are provided with a software with a GUI to access this data. Now all an agency has to do is access their respective master server and access the data they require.
Who uses it?
In July 2012 a report by Citizen Lab found that FinSpy was used by the Ruling Government in Bahrain against citizens involved in the protests against the government.
Another instance of its usage has been found in Ethiopia by the ruling party against political dissents. They used e-mail attached with pictures of members of the Ginbot 7 Ethiopian opposition group as baits to install the FinSpy spyware.
A mobile version of the FinSpy spyware for both Android and iOS devices was supposed to have been used in Vietnam in 2012 against dissent bloggers and netizens who spoke against the ruling regime.
This image will give you an ideal of the worldwide usage of FinSpy.
Another such instance where Spyware was deployed was the infamous Stuxnet computer worm deployed in early 2010. The worm, supposedly developed jointly by USA and Israel, was used to launch an electronic attack on Iran’s nuclear facilities. The worm was spread through Windows operating system and was designed to mainly target Siemens industrial software and systems.