Report: Global Network of Government Spyware Detected in U.S., Authoritarian Countries

The Citizen's Guide to the Future
March 13 2013 5:52 PM

Report: Global Network of Government Spyware Detected in U.S., Authoritarian Countries

Countries in which FinSpy servers were detected by Citizen Lab. Click here for an expanded version.

Map courtesy of John Scott-Railton/Citizen Lab.

It is designed to secretly infiltrate targeted computers or mobile phones to monitor communications and siphon data. Now, a controversial surveillance Trojan sold to law enforcement and intelligence agencies has been linked to 25 countries across the world—with new research revealing the extent of what it calls “the unchecked global proliferation” of government-grade spy tools.

Ryan Gallagher Ryan Gallagher

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

A report published today by security experts at Citizen Lab discloses what it says are the locations of servers used to control sophisticated surveillance technology sold by Gamma Group—and the list of countries implicated is extensive, from Qatar and Mongolia to the United States and Canada.


Gamma’s “FinSpy” can bypass antivirus systems, record Skype chats and emails, log what targets are typing on their keyboards, and even conduct “live surveillance” through a user’s webcam or “silently extract” files from a computer’s hard disk, according to marketing materials published by WikiLeaks. Gamma says it sells the software to authorities to help them monitor “bad guys” like terrorists and organized crime gangs. However, a growing body of evidence suggests the tool has been obtained by repressive governments that have used it to target political opponents and activists.

Citizen Lab, which is based at the University of Toronto’s Munk School of Global Affairs, disclosed today that it has identified 36 active servers in a total of 25 countries used to control deployments of FinSpy. The countries are: Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, and Vietnam.

The group says that the discovery of FinSpy servers in a country does not mean it is necessarily being used by that country’s law enforcement or intelligence agencies, because the servers could have been purchased by actors from any country and used as a “proxy” service. Given that the United States has shown up on the list linked to a series of FinSpy servers, I asked the FBI whether it had purchased Gamma’s surveillance technology. Bureau spokesman Christopher Allen said as a matter of policy he could not “confirm specific products or services that the FBI may or may not purchase or use.” The report also noted that one of six U.S. spy servers is registered to Verizon Wireless. Debra Lewis, a spokeswoman for Verizon, told me she was “not aware of this” but would look into it. She had not provided any further comment at the time of publication.

What the findings do conclusively show, the Citizen Lab report says, are “troubling cases of FinSpy in countries with dismal human rights track records, and politically repressive regimes.” In Ethiopia, for instance, the group was able to identify images of an opposition political party called Ginbot 7 designed to be used as “bait” to infect users with the Trojan. The researchers were also able to obtain a sample of FinSpy designed to infiltrate mobile phones intended for use in Vietnam, a country with a record of suppressing all forms of political dissent. This builds on a Citizen Lab report last year that revealed how Gamma’s surveillance technology was used to target Bahraini activists, and follows a wider trend of other Western-made spy tools being used against journalists and dissidents in countries notorious for cracking down pro-democracy activities.

Gamma, which was yesterday dubbed a “corporate enemy” of the Internet in a report by Reporters Without Borders, had not responded to an emailed request for comment at the time of publication. In January, the company’s spokesman Martin Muench told me during a lengthy exchange that Gamma adhered to German, U.K., and U.S. export regulations and “does not discuss its client base, its exports, or any of the operations which its clients may or may not be undertaking.”

Future Tense is a partnership of SlateNew America, and Arizona State University.


Frame Game

Hard Knocks

I was hit by a teacher in an East Texas public school. It taught me nothing.

Republicans Like Scott Walker Are Building Campaigns Around Problems That Don’t Exist

Why Greenland’s “Dark Snow” Should Worry You

If You’re Outraged by the NFL, Follow This Satirical Blowhard on Twitter

The Best Way to Organize Your Fridge

The World

Iran and the U.S. Are Allies

They just aren’t ready to admit it yet.

Sports Nut

Giving Up on Goodell

How the NFL lost the trust of its most loyal reporters.

Chief Justice John Roberts Says $1,000 Can’t Buy Influence in Congress. Looks Like He’s Wrong.

How Steven Moffat Made the Best Doctor Who Episode in Years

  News & Politics
Sept. 16 2014 1:58 PM Democrats Baffled by New Benghazi Whistleblower's Accusations
Business Insider
Sept. 16 2014 1:23 PM Germany Has Asked Google to Reveal Its Search Algorithm, but That's Not Going to Happen
The Eye
Sept. 16 2014 12:20 PM These Outdoor Cat Shelters Have More Style Than the Average Home
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Tv Club
Sept. 15 2014 11:38 AM The Slate Doctor Who Podcast: Episode 4  A spoiler-filled discussion of "Listen."
Brow Beat
Sept. 16 2014 1:27 PM The Veronica Mars Spinoff Is Just Amusing Enough to Keep Me Watching
Future Tense
Sept. 16 2014 1:48 PM Why We Need a Federal Robotics Commission
  Health & Science
Sept. 16 2014 1:39 PM The Case of the Missing Cerebellum How did a Chinese woman live 24 years missing part of her brain?
Sports Nut
Sept. 15 2014 9:05 PM Giving Up on Goodell How the NFL lost the trust of its most loyal reporters.