“These findings call into question claims by Gamma International that previously reported servers weren’t part of their product line, and that previously discovered copies of their software were either stolen or demo copies,” says the report.
This report is a follow-up to one done last summer into a suspicious email campaign targeting activists in Bahrain. Attachments contained the FinSpy spyware, says Citizen Lab. FinSpy captures passwords and Skype calls among other data and forwards it to a control server, one of which was found in Bahrain.
As a result, researchers began looking around the world for other servers. One was allegedly found inside Turkmenistan’s ministry of communications.
Citizen Lab says FinSpy has been found in countries with “dismal human rights track records, and politically repressive regimes.”
Gamma, the Citizen Lab report notes, has repeatedly denied links to spyware and servers uncovered by its research.
“We have this mistaken assumption that authoritarian, autocratic regimes are going to be overwhelmed by the Internet and mobile technologies,” said Citizen Lab's Deibert.
But in fact they’ve proven themselves to be not only adept at limiting that kind of opposition but getting quite savvy about how to operate internationally” at bodies like the International Telecommunications Union and the United Nations.”