FinFisher, a Munich-based German spyware company got raided on the suspicion of illegally exporting their product to foreign countries.
FinSpy, a very powerful spying tool used by various governments around the world owned by FinFisher, was found to be used by oppressive and doubtful regimes for spying on opposition parties, journalists and NGO’s which suggests that the software is being illegally traded to different countries without getting a due license by the German government.
Interestingly it was raided by the same government body which uses this software legally for security purposes.
FinSpy is capable of targeting both the desktop as well as cellular devices and is supported on Windows, Android, Linux, iOS and macOS and provides spying functionalities including turning on the webcams and microphones, recording everything typed on the keyboard, intercepting the calls made and exfiltration of delicate information.
The software is downloaded on the victim’s device by various means like e-mail attachments, software updates or by security flaws in software.
At one instance, the company targeted apple users through a flaw in iTunes which allowed the company to attach their malware to the iTunes update which the company even demonstrated to the government in 2008. The flaw was unpatched for three years until 2011.
The company even masqueraded as Firefox software by creating a firefox.exe file with a version number and trademark claims to look like a legit Firefox application which came into Mozilla notice in 2013.
Bill Marczak, a Ph.D. student at the University of California, Berkeley research revealed that the desktop, as well as cellular version of FinSpy, were capable of bypassing the anti-virus scans.
15 places were raided by German Custom Investigation Bureau in Munich along with a companion organization in Romania on the order of Munich General public Prosecutor’s Office environment.
In 2015, a law was passed which allowed the spyware to be exported to non-EU countries after getting due permission from the government. But, even after the law was passed, not even a single license was issued by the federal government. Despite that, the software was found to be used in various instances at various places outside the EU for different purposes.
In 2017, the surveillance package was found on a Turkish website to spy on the opposition while it was found to be used in Egypt to keep an eye on NGO’s respectively.
The spyware legally used by the government in Germany and the EU has been questioned in many instances as they violate Human Rights according to various activists around the world.
Germany must “finally end its cooperation with these companies that deliberately circumvent existing controls and continue to export their programs, coded with German tax money, to despots around the world,” said Notz who is the deputy faction leader of the Green Party in the Bundestag.
The Munich public prosecutor’s office is now investigating “suspected violations of the Foreign Trade Act against managing directors and employees of FinFisher GmbH and at least two other companies,” said a spokeswoman to BR and NDR.