Finfisher malware authors fire off legal threats to silence German journos

Haben sie nicht von dem Streisand-Effekt gehört?

Malware authors behind the Finfisher spyware suite, well beloved by dictators, have sent legal threats intended to silence a German news blog that reported them to criminal prosecutors over allegedly illegal malware exports.

"Our reporting on the criminal complaint [we filed] against the producers of the state trojan-horse spyware software FinFisher has resulted in mail from the law firm Schertz-Bergmann. We were urged to sign a cease-and-desist declaration," said the site's Markus Beckedahl in a recent post.

He told El Reg that Finfisher's authors allege that Netzpolitik broke German media laws by not asking them to comment on the allegations against them. Beckedahl said that for years he and his colleagues had been asking Finfisher for comment, without reply, including for the disputed articles.

Netzpolitik has taken down two blog posts from 4 and 5 October about Finfisher. A placeholder on each page currently says: "This article is currently not available for legal reasons".

Along with Reporters Without Borders and a couple of NGOs, Netzpolitik campaigners filed the criminal complaint (available in German PDF here) against Finfisher's authors, the Gamma Group. This followed the discovery, so it is claimed by their supporters (PDF), of Finfisher's surveillance malware on the devices of Turkish opposition politicians.

The German campaigning blog is not alone in its reporting: various national news media including broadcaster Deutsche Welle also covered the allegations. German export law prohibits malware from being shipped directly to Turkey, according to DW.

Beloved of dodgy sods

Finfisher is one of the nastier threats to people who speak out about political causes, as The Register has reported over the years.

Broadly speaking, the suite is planted covertly on targets' devices in order to allow its operators to spy on them. It is written to evade detection by common anti-malware suites. In 2015 Finfisher (aka Finspy) was found in use by Bahraini officials targeting dissidents. At the time Finfisher was exploiting vulns in Apple iTunes, among other things, to install itself and eavesdrop on VoIP calls and other comms methods, prompting condemnation from the OECD.

Most recently the malware was discovered to be in use by Uzbekistani officials to spy on news agencies.

Netzpolitik campaigns vigorously against UK-style unrestricted mass surveillance. Evidently it is successful: a few years ago German spies convinced a local prosecutor to charge two of its journalists with treason for daring to expose their plans. Happily, this ended the prosecutor's career when the news got out – and presumably a few senior German spies found themselves clearing their desks too.

One suspects the outcome of that case would have been very different in today's Anglosphere.

We have asked Finfisher's authors whether they wish to comment on or otherwise explain their legal threats. ®

Other stories you might like

Biting the hand that feeds IT © 1998–2022