No one doubts that Canadian law enforcement agencies have the capability to engage in lawful spying over the Internet,
But a report by Canadian security academics has raised questions about Canada’s links to controversial German software that security academics here say is used in many repressive regimes to spy on residents.
A report issued Wednesday by the Citizen Lab branch of the University of Toronto’s Munk School of Global Affairs said command and control servers for Munich-based Gamma International GmbH.’s FinSpy remote intrusion and surveillance software have been found in 25 countries
Among the locales are two servers at a Toronto Web hosting company called Softcom Inc.
Command and control servers for the software were also found in the United States, Britain, Australia and Germany among other countries, some of which Citizen Lab says are repressive regimes.
FinSpy is part of the FinFisher remote surveillance suite made by Gamma. The company’s Web site says the software is only sold to law enforcement and intelligence agencies.
“It would be speculation,” on why FinSpy is on a Canadian-based server, Ron Deibert, director of Citizen Lab and the Munk Centre’s Canada Centre for Global Security Studies, said in an interview.
“One obvious inference is its being used by some agency of the Canadian security services based on the type of client Gamma typically sells to. But it also could be anybody … Only the Web hosting company knows for sure.”
Gamma, the Citizen Lab report notes, has repeatedly denied links to spyware and servers uncovered by its research.
A spokesman for Softcom could not be reached by press time Thursday.
To read the full Citizen Lab report click here.
FinFisher products are marketed and sold exclusively to law enforcement and intelligence agencies by the UK-based Gamma Group, says the report. For Citizen Lab, “FinFisher has gained notoriety because it has been used in targeted attacks against human rights campaigners and opposition activists in countries with questionable human rights records.”
A FinSpy campaign in Ethiopia uses pictures of Ginbot 7, an Ethiopian opposition group, as bait to infect users, says the report.
It also says there is “strong evidence” of a Vietnamese FinSpy Mobile Campaign with the discovery of an Android FinSpy Mobile sample in the wild with a command and control server in Vietnam that also pulls text messages to a local phone number.
“These findings call into question claims by Gamma International that previously reported servers weren’t part of their product line, and that previously discovered copies of their software were either stolen or demo copies,” says the report.
This report is a follow-up to one done last summer into a suspicious email campaign targeting activists in Bahrain. Attachments contained the FinSpy spyware, says Citizen Lab. FinSpy captures passwords and Skype calls among other data and forwards it to a control server, one of which was found in Bahrain.
As a result, researchers began looking around the world for other servers. One was allegedly found inside Turkmenistan’s ministry of communications.
Citizen Lab says FinSpy has been found in countries with “dismal human rights track records, and politically repressive regimes.”
Gamma, the Citizen Lab report notes, has repeatedly denied links to spyware and servers uncovered by its research.
“We have this mistaken assumption that authoritarian, autocratic regimes are going to be overwhelmed by the Internet and mobile technologies,” said Citizen Lab's Deibert.
But in fact they’ve proven themselves to be not only adept at limiting that kind of opposition but getting quite savvy about how to operate internationally” at bodies like the International Telecommunications Union and the United Nations.”