Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

FinFisher, the spyware loved by cruel dictators, stomps all over human rights, says UK govt

Bahraini sales were dodgy, please don't do it again

FinFisher, the spyware sold to police and tyrants around the globe, has gained the dubious honor of becoming the first piece of software judged by the Organization for Economic Co-operation and Development to have trampled human rights. The OECD is an influential consortium of world powers.

FinFisher, also known as FinSpy, infects PCs by exploiting vulnerabilities in Apple iTunes and other software, or is simply installed by tricking someone into opening and running an email attachment. Once in place, it uses a rootkit to hide itself from the user and antivirus programs, intercepts VoIP calls and other communications for eavesdroppers, allows the machine to be remotely controlled over the internet, and more.

The OECD's UK agency launched an investigation after Gamma International, the British arm of the spyware-making group, was accused of selling FinFisher to the authoritarian Bahraini regime.

A probe in 2014 by human-rights group Bahrain Watch claimed the Mid-East state had obtained a copy of the spyware and used it to infiltrate PCs belonging to a trio of anti-government activists, allowing officials to keep tabs on the men. The targeted pro-democracy campaigners – Moosa Abd-Ali Ali, Jaafar Al Hasabi and Saeed Al-Shehabi – were eventually granted political asylum in the UK after suffering years of harassment by the Bahraini authorities.

Now the OECD's UK agency reckons [PDF] Gamma breached human rights seven times by selling its surveillance software in OECD member states. The company is accused of flouting the organization's safeguards on matters of privacy, the freedom of thought and expression, and the right to liberty.

While that may sound serious, these safeguards are guidelines – merely voluntary – so Gamma can carry on selling to whomever it wants to around the world. Instead, the investigating team, part of the UK government's Department of Business, offers the following advice:

[We] recommend that Gamma International UK Limited takes the following actions to make its conduct more consistent with the guidelines: that the company takes note of evidence from international bodies and UK government advice in its future due diligence, that it participates in industry best practice schemes and discussions, that it reconsiders its communications strategy to offer the most consistent and transparent engagement appropriate for its sector, and that, where it identifies that its products may have been misused, it co-operates with official remedy processes.

There's no word from Gamma about the ruling as yet, although the firm's not fond of talking to journalists. It wasn't too keen to talk to the government, either: the Brit investigation team said the biz was "unsatisfactory" at answering questions.

That's not going to bother Gamma much; business is good in the commercial spyware field. The firm has found buyers everywhere from Ethiopia to Turkmenistan, and a study by Citizen Lab found at least 35 command-and-control servers for the software around the world.

Leaked documents obtained from Gamma Group in Germany show the biz charged one customer €1.4m for a copy of FinSpy, and €331,840 in fees for a year's worth of support. A variety of penetration-testing training services were also available at €27,000 a pop.

Despite the lack of penalty for Gamma, Privacy International – one of the campaigning groups that filed a complaint to the OECD about the company two years ago – hailed the ruling as a victory.

"Today's judgment is a watershed moment recognising that surveillance companies such as Gamma cannot shirk their human rights obligations," said Eric King, deputy director of Privacy International.

"This decision reaffirms that supplying sophisticated intrusive surveillance tools to the world's most repressive regimes is not only irresponsible business conduct, but violates corporate human rights obligations, and the companies that engage in such behaviour must bear the responsibility for how their products are ultimately used."

In the meantime, if you're worried, PI and Amnesty have released a software tool to remove FinFisher and other commercial spyware from Windows systems. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like