It seems secret spy technology can’t stay secret forever. Security researchers have found a covert government surveillance Trojan that they believe was made by a British company—and was used to target the owner of Alabama gas stations and a British economics lecturer.
In a report published today, the Toronto-based Citizen Lab analyzes a “FinSpy” tool apparently made by England’s Gamma Group. The technology, which can bypass anti-virus systems, enables data to be siphoned from targeted computers, according to Gamma’s marketing materials. It can secretly take control of a user’s webcam and microphone, log keystrokes, copy files from the hard disk, and record voice over IP chats, instant messages, and email.
Citizen Lab examined the Trojan after it was obtained by Bloomberg News. It appears that it was sent to Bahraini pro-democracy activists in April and May of this year and transmitted copied data covertly to a computer in Manama, Bahrain’s capital. Among those to receive an email containing the Trojan, disguised as a legitimate attachment, were a naturalized U.S. citizen, a London-based human rights activist, and a British-born economist in Bahrain.
The U.S. citizen was named as Husain Abdulla, 34, director of Americans for Democracy and Human Rights in Bahrain. Abdulla is based in Mobile, Ala., where he owns gas stations. He says he received the spyware on his Blackberry while in Washington for meetings at a congressional office building, and is considering taking legal action.
Gamma directed requests for comment to spokesman Martin Muench in Germany, who was not reachable by phone on Wednesday. But in an email dated 23 July Muench reportedly told Bloomberg he would not comment on any individual customers and that Gamma complies with the export regulations of the United States, the United Kingdom, and Germany. A spokeswoman for Bahrain’s government said it had “no policy of targeting political activists through surveillance technology.”
Gamma first garnered attention last year when, amid uprising in Cairo, Egyptian activists raided state security offices and found documents revealing the company had in 2010 offered Hosni Mubarak's regime spy technology named FinFisher. Gamma said in a statement at the time that it had not sold its technology to Egypt. The company added that it “manufactures equipment for dealing with security related threats” and “supplies only to governments.”
German authorities also acquired a “FinSpy” license in early 2011 to test Gamma’s technology. And, as I reported in April, at a meeting in October 2010 attended by police from Germany, the Netherlands, and Belgium, representatives from Gamma were present and apparently showcased their shadowy products. In videos and brochures published by WikiLeaks, Gamma boasts that its technology has “proven successful in operations around the world for many years.”
As spy tools obtained by repressive countries are discovered to be targeting activists in Western nations, however, a tightening around the export of surveillance technology now looks increasingly likely. London-based Privacy International earlier this week threatened the British government with legal action if it does not implement stricter controls on surveillance exports. Meanwhile, an ongoing case in France is considering whether a spy tech company was complicit in war crimes over its dealings with Libya’s Muammar Qaddafi prior to his demise.