This video is called Finspy Hijacks Activist Computers – Are You Being Monitored?
From Bahrain Watch:
Top Bahraini Company Infected with Government Spyware Sold by UK Firm in Apparent Politically Motivated Targeting
Posted March 13, 2013 by Bill Marczak & filed under Spy Watch.
FOR IMMEDIATE RELEASE
Contact: bill@bahrainwatch.org
Twitter: @bhwatchMarch 13, 2013
TOP BAHRAINI COMPANY INFECTED WITH GOVERNMENT SPYWARE SOLD BY UK FIRM IN APPARENT POLITICALLY MOTIVATED TARGETING
Company Declines to be Identified, Citing Potential Reprisals
[Manama] During the course of recent investigations, Bahrain Watch determined that a computer inside a top Bahraini company was infected with spyware operated by Bahrain’s government. The spyware, known as FinSpy, is sold exclusively to government law enforcement and intelligence agencies by UK firm Gamma International. The company believed that it would suffer reprisals if we identified it as a victim by name, or mentioned its line of business.
The infection was detected using a tool developed by Bahrain Watch to search for FinSpy. Bahrain Watch conducted a limited distribution of the tool inside Bahrain. The tool identified FinSpy samples on the computer.
The infection at the company predates a campaign against Bahraini activists in April and May of 2012. The company was found to be infected with a version of FinSpy that identified itself as FinSpy v4.00. The campaign against activists used a version of FinSpy that identified itself as FinSpy v4.01. Both versions communicated with the same server inside Bahrain. Unfortunately, Bahrain Watch is unable to release the FinSpy v4.00 sample or hash, as these would likely identify the company. The use of two different FinSpy versions calls into question Gamma’s claim that Bahrain is using a “stolen demonstration copy” of FinSpy, and instead suggests that Bahrain is receiving updated spyware from Gamma. It also calls into question Bahrain’s recent claim that it did not purchase any spyware from Gamma International.
The infected computer inside the company contained information that could be used to observe or manipulate the company’s day-to-day operations. Bahrain Watch shared relevant data about the infection with Citizen Lab, who conducted an analysis. The analysis could not establish whether any of this information was stolen from the computer. The infected computer was running a fully functional and up-to-date version of a top-10 commercial anti-virus product, which was incapable of detecting the infection.
The method of infection could also not be established. Activists targeted in April and May of 2012 received e-mails with attachments that contained FinSpy. However, the user of the infected computer inside the company did not recall receiving any suspicious e-mails. The user checked all of his or her online accounts, and did not find any suspicious links or e-mails around the date that the spyware was prepared for targeting. It is possible that an agent with physical or remote access to the computer installed FinSpy. Bahrain Watch understands that FinSpy can also be installed via an exploit injected into internet traffic using another Gamma product known as FinFly.
Bahrain Watch believes that there was no legal justification for the targeting of this company. “The infection of this company is consistent with a pattern of politically-motivated targeting, rather than legitimate criminal investigations,” said Bahrain Watch member Bill Marczak. “That the company is not even willing to identify itself as a victim speaks volumes about Bahrain’s political climate,” he added.
Bahrain Watch emphasizes that the Government is still using FinSpy, and advises netizens to be cautious. Ongoing state sponsored spying in Bahrain target entities and associates thereof that are perceived to express political opinions. These cyber attacks are not exclusive to pro-democracy activists — pro-government entities are targeted as well.
If you believe you have been targeted in an electronic attack by the Government of Bahrain, or any other GCC government, please contact bill@bahrainwatch.org. Scans conducted last month indicated that Bahrain and Qatar were actively using FinSpy. A server was detected on Batelco IP 77.69.181.162, and on an IP in Qatar, 78.100.57.165, part of a range of sixteen addresses registered to “QTel – Government Relations.” The range also contains the website http://qhotels.gov.qa/. A FinSpy server was also previously found in the UAE.
2 Years After Invasion to Crush Uprising in Bahrain, Saudi Arabia Helps Fuel Conflict in Syria: here.
Protests in Bahrain on Anniversary of Saudi Intervention: here.
Related articles
- Bahrain dictatorship helped by British spyware corporation (dearkitty1.wordpress.com)
- Ethiopia uses Ginbot 7 pictures to plant spyware in computers (ethioinfo.wordpress.com)
- Maybe, Your Internet Activity is Being Monitored by Indian Law Enforcement Agencies [Report] (nextbigwhat.com)
- Researchers Find 25 Countries Using Surveillance Software (bits.blogs.nytimes.com)
- Researchers Find 25 Countries Using Surveillance Software (leaksource.wordpress.com)
- UK firm faces questions over how spyware ended up in Bahrain (guardian.co.uk)
Pingback: Bahrain regime’s toxic teargas, film | Dear Kitty. Some blog
Pingback: Bahrain regime tortures again | Dear Kitty. Some blog
Pingback: Medical ethics conference impossible in dictatorial Bahrain | Dear Kitty. Some blog
Pingback: Bahrain dictatorship and Martin Luther King | Dear Kitty. Some blog
Pingback: Irish doctor resigns in dictatorial Bahrain | Dear Kitty. Some blog
Pingback: Disgraced Conservative Liam Fox helps Bahrain dictatorship | Dear Kitty. Some blog
Pingback: Bahrain dictatorship’s United States politicians’ support | Dear Kitty. Some blog
Pingback: Bahrain dictatorship police attacks women with grenades | Dear Kitty. Some blog
Pingback: British teachers support Bahraini freedom movement | Dear Kitty. Some blog
Pingback: Bahraini pro-democracy activist interview | Dear Kitty. Some blog
Pingback: Ecclestone, Cameron support Bahrain dictatorship | Dear Kitty. Some blog
Pingback: Bahrain dictatorship persecutes doctors | Dear Kitty. Some blog
Pingback: Bahrain dictatorship and Manchester United football | Dear Kitty. Some blog
Pingback: Bahrain dictatorship attacks woman | Dear Kitty. Some blog
Pingback: Bahrain dictatorship censors British journalists | Dear Kitty. Some blog
Pingback: Bahrain dictatorship attacks May Day march | Dear Kitty. Some blog
Pingback: Bahrain dictatorship’s British spyware, update | Dear Kitty. Some blog
Pingback: Bahrain dictatorship’s whitewashing with Bell Pottinger public relations | Dear Kitty. Some blog
Pingback: British government, corporation help Bahrain dictatorship’s spying on its people | Dear Kitty. Some blog
Pingback: Bahraini arrested for tweeting, with help of British spyware | Dear Kitty. Some blog
Pingback: German spyware corporation helps Bahrain dictatorship | Dear Kitty. Some blog
Pingback: Bahrain dictatorship entraps Zello Due app users | Dear Kitty. Some blog
Pingback: Qatar dictatorship police kills Indian fisherman | Dear Kitty. Some blog
Pingback: Bahraini dictatorship’s hacking of computers in Britain | Dear Kitty. Some blog
Pingback: Bahrain dictatorship and its British-German Internet spyware | Dear Kitty. Some blog
Pingback: Corporate spyware sales to dictatorships | Dear Kitty. Some blog
Pingback: Cybersecurity corporation spying on Black Lives Matter movement | Dear Kitty. Some blog
Pingback: UAE people spied upon by government, foreign corporations | Dear Kitty. Some blog