FinSpy is a surveillance application. This software is developed and distributed by Gamma International and is marketed as a supposedly law enforcement tool. However, PC security researchers have received numerous reports of FinSpy being used for activities against targets such as human rights activists and innocent civilians. This has made FinSpy a controversial program that is increasingly being classified as a threat rather than as legitimate software. This is due to the fact that FinSpy includes exploits that allow its installation on computers by exploiting known vulnerabilities in out-of- date software. While this can have legitimate uses in a law enforcement operation, reports have been received indicating that FinSpy has been used by oppressive regimes (such as the regime of the overthrown Egyptian dictator) and by shady individuals that are definitely not connected to legitimate law enforcement operations.
FinSpy – A Surveillance Program that can Become the Enemy
FinSpy is designed to allow its user to monitor the infected computer and to intercept communications, including data that has been encrypted. FinSpy is typically installed after the victim accepts installing a fake update for their software (for example, FinSpy was distributed to Syrian activists through fake updates for Skype, the popular VoIP application). FinSpy may also be distributed through corrupted email messages and through other common threat delivery methods. There are versions of FinSpy designed to attack mobile phones using different operating systems and belonging to different carriers and FinSpy is designed to evade most major security programs. Prior to November of 2011, the most common distribution method for FinSpy involved taking advantage of a security vulnerability in iTunes that went unpatched for nearly three years.
FinSpy has been Used Widely by Oppressive Regimes
One of the unsavory aspects of FinSpy is that FinSpy has allowed repressive regimes around the world to gain access to a powerful surveillance program at a small amount of the cost of developing their own. Examples of the use of FinSpy against activists and political opposition have been detected in Egypt and Syria. Research has shown the use of FinSpy all around the world, and not always by the 'good guys'. While spokespeople for Gamma International declines having sold FinSpy to oppressive regimes like Syria or non-law enforcement entities, many remain skeptical. Several updated anti-virus programs now include FinSpy in their detection databases, fortunately lowering the threat of attacks involving this risky surveillance threat.
Amnesty International discovered that the Mac and Linux versions of FinSpy had a modular design. They found fourteen modules including:
- Executing shell commands
- Audio recording
- Camera recording
- Screen recording
- Email stealer
A surveillance software suite like FinSpy can be extremely dangerous in the hands of cybercriminals. With all the functionality it offers FinSpy presents an overwhelming threat when operated by individuals or organizations with criminal intents.