Monday, 15 April 2013

Serbian Intelligence Agencies have ability to watch you online?

As Vestinet reported today, it seems like that Security Agencies in Serbia (BIA, VOA and/or VBA) bought equipment for real-time monitoring of user activities on the internet. That piece of “software” (or better call it “Advanced Spyware”) is called FinSpy (Finfisher Technology) and it is sold by Gamma International (UK) Limited.
As it is stated on Gamma International website, “The Gamma Group of companies provides advanced technical surveillance, monitoring solutions, and advanced government training, as well as international consultancy to national and state intelligence departments and law enforcement agencies.”


In July 2012 news broke about a possible involvement of Finfisher Technology in Bahrain. Bahraini journalist, activist and university lecturer Ala’a Shehabi, now residing in London, was sent infected emails, which she found to be suspicious. She forwarded them to experts for technical analysis. This led to the detection of signatures from Gamma’s Finfisher Software.
In a still ongoing process, Reporters Without Borders, together with Privacy International, the ECCHR, the Bahrain Centre for Human Rights and Bahrain Watch filed an OECD complaint, asking the National Contact Point in the United Kingdom to further investigate Gamma’s possible involvement in Bahrain.
Martin Münch, Chief developer and soon to be human rights officer of Gamma, claims that Bahrain stole a demo version of the software, modified it and now uses it to spy on journalists and dissidents. Eric King, head of research at Privacy International said: “Integrating FinFisher in a country’s network is not an easy task. It requires careful planning and physical installation of proxy’s and command and control servers to work. Simply stealing a demo copy is incredibly unlikely as no county sophisticated enough to be able to re-purpose FinFisher would bother using a commercial trojan in the first place.” Bahrain Watch also obtained evidence that the FinFisher Servers in Bahrain receive regular updates. This is unlikely to happen if the software had been stolen.


During a search of an Egyptian intelligence agency office in 2011, human rights activists found a contract proposal with an offering from Gamma International to sell FinFisher to Egypt. The company said that no deal has been made.

Other known appearances

Earlier this year, a study by Rapid7, an Internet security firm, identified FinSpy – the control software for FinFisher command-and-control servers – as being active in Australia, the Czech Republic, Estonia, Ethiopia, Indonesia, Latvia, Mongolia, Qatar, the UAE, and the United States.
“We have identified several more countries where FinSpy command and control servers were operating,” said Citizen Lab, a University of Toronto institute that specialises in digital issues. “Scanning has thus far revealed two servers in Brunei, one in Turkmenistan’s Ministry of Communications, two in Singapore, one in the Netherlands, a new server in Indonesia, and a new server in Bahrain.” Citizen Lab also commented that some of the detected servers have been taken offline, after being discovered.
Why Serbia needs this type of equipment? No one knows.



Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites More