British spyware used to target Bahraini activists
Bloomberg reported today that security researchers have identified FinFisher spyware - "one of the world’s best-known and elusive cyber weapons" - in malicious emails sent to Bahraini pro-democracy activists, including a naturalized U.S. citizen who owns gas stations in Alabama, a London-based human rights activist and a British-born economist in Bahrain.
Analysis of the emails by CitizenLab (a project based within the University of Toronto Munk School of Global Affairs) revealed that they contained trojans that infected the target device and then proceeded to take screen shots, intercept voice-over-Internet calls and transmit a record of every keystroke to a computer in the Bahraini capital Manama. The computer code of the malicious program contained multiple instances of the word 'FinSpy'.
FinFisher is manufactured by Hampshire-based Gamma International and is one of their signature products. This is not the first time the company have been caught exporting FinFisher to repressive regimes. In April 2011 the Guardian reported that Egyptian dissidents had found a proposal document from Gamma in the ransacked headquarters of Mubarak's secret police service. There is also evidence that this technology has been deployed in Turkmenistan, a one-party state that Human Rights Watch labelled "one of the world's most repressive countries" in March 2012.
Ala’a Shehabi, the London-based victim of the malware emails, told Bloomberg:
This was an attempt at violating my privacy in a country that does not believe in privacy rights…The U.K. company is responsible for selling infiltration tools to a government they know will use them to repress pro-democracy activists.”
This seems to be yet another example of the British surveillance industry failing spectacularly to regulate itself in an ethical way. On Thursday 12th July, we wrote to Vince Cable, the Secretary of State for the Department of Business Innovation and Skills (BIS), demanding that the government immediately put in place export controls on surveillance technology. If this does not happen within 21 days, we will be filing for judicial review and possibly seeking an injunction to stop companies like Gamma continuing to maintain systems that have already been installed in non-democratic countries.
In light of today's news, we will be writing a follow-up letter to BIS stressing the urgent need for government action on this issue.