FinSpy surveillance software, marketed worldwide to law enforcement agencies as a way to monitor criminals, is widely used by repressive governments to spy on human rights groups and dissidents, according to a report released Wednesday.
The report by researchers at the Citizen Lab of the Munk School of Global Affairs at the University of Toronto found the software is "regularly sold to countries where dissenting political activity and speech is criminalized."
FinSpy, named after a line of code in its software, is a surveillance tool that infects computers to capture screenshots, log keystrokes, record Skype conversations and activate cameras and microphones. Gamma Group, a British company, makes the software and markets it to law enforcement agencies as a lawful way to monitor criminals.
Gamma Group could not immediately be reached for comment. Last year, Martin J. Muench, a Gamma Group managing director, told The New York Times that FinSpy was used mostly “against pedophiles, terrorists, organized crime, kidnapping and human trafficking." He declined to disclose which countries had bought the software.
But security researchers say FinSpy is used by governments around the world for broader purposes. Last year, Citizen Lab researchers found that the government in Bahrain had used FinSpy to target activists in that country.
The researchers said in their report Wednesday they found FinSpy in 25 countries, including the U.S. and several countries "with troubling human rights records."
"Our findings highlight the increasing dissonance between Gamma’s public claims that FinSpy is used exclusively to track 'bad guys' and the growing body of evidence suggesting that the tool has and continues to be used against opposition groups and human rights activists," the researchers wrote.
For example, the researchers found FinSpy on cell phones in Vietnam stealing text messages, snooping on phone calls and tracking users locations via GPS. Last year, a Vietnamese court convicted 14 bloggers, writers and activists of attempting to overthrow the government and sentenced them to up to 13 years in prison.
The researchers also found a version of FinSpy in Ethiopia that tricked users into downloading the spyware with photos of an Ethiopian political group, suggesting the government used the surveillance for political purposes, the report said.
The report comes a day after Reporters Without Borders compiled a list of what it called five "Corporate Enemies of the Internet" because those companies allegedly sell products used by authoritarian governments to conduct Internet surveillance. The five companies are Gamma, Trovicor, Hacking Team, Amesys and Blue Coat, according to the organization, which defends media freedom worldwide.
Governments around the world have used spyware designed by Hacking Team and Gamma to capture the passwords of journalists, the group said.
The report also comes a day after the top U.S. intelligence official, James R. Clapper Jr., warned Congress about the national security threats posed by companies that "develop and sell professional-quality technologies to support cyber operations -- often branding these tools as lawful-intercept or defensive security research products."
"Foreign governments already use some of these tools to target U.S. systems," Clapper told a Senate panel. He did not name specific companies.
The Japanese government counter-terrorism practice of fingerprinting foreigners who enter the country may have inspired Doctor Tsutomu Matsumoto to invent "fingerprinting gels", a way of faking fingerprints for scanners. Learn how to make your own here.
Worried someone around you is secretly recording everything you do? No fear! There's a relatively low-tech way to defeat such snoops, via white-noise-producing audio jammers. These tiny devices use good ol' white noise to blur the sound picked up by hidden microphones and other surreptitious recording devices.
MIT's Technology Review calls it the newest, hottest Thanksgiving accessory -- but you can use phone-size "Faraday cages" like this (sold by uncommongoods) to block your cellphone's call signal, WiFi and GPS. Handy now that federal courts are ruling that cops can track suspects via cellphone sans warrant, and Apple can remotely disable your phone camera with a click. As security researcher Jacob Appelbaum said in an interview with N+1 back in April, "Cell phones are tracking devices that make phone calls." So shouldn't you be prepared for when you don't want to be tracked?
Hidden cameras got you down? Blind them all with a simple baseball cap lined with infrared LEDs. Amie, a hacker on WonderHowTo, shows the world how to make one, while this German art exhibition lays out how these ingenious devices work.
These receivers reveal the telltale electronic crackle of hidden mics and cameras. Strangely enough, they were around long before "surveillance culture" became a common phrase. Today they're sold in all sorts of shops for surveillance paranoids.
Sometimes hiding your face isn't enough; sometimes you don't want to be seen at all. For those days, there's camera maps. The NYC Surveillance Camera Project is currently working to document the location of and working status of every security camera in New York City. This project has been replicated by others in Boston, Chicago and Bloomington, Indiana. Notbored.org has even published a guide to making your own surveillance camera maps (here).
Credit to artist Adam Harvey for this one. Inspired by the "dazzle camouflage" used on submarines and warships during World War I, he designed a series of face paint principles meant to fool the facial recognition schemas of security cameras. Check out The Perilous Glamour of Life Under Surveillance for some tips on designing your own camera-fooling face paint.
Walmart may be the premier symbol of corporate America, but its disposable cellphone selection can help you start a thoroughly maverick lifestyle. $10 TracFones work on most major networks, including AT&T, T-Mobile, Sprint and Verizon, and come with minutes prepaid so you can dispose of the devices when you're done.
Radio-Frequency Identification (RFID) chips are now regularly implanted in passports, ID cards, credit cards and travel papers. These tiny chips make machine-reading your documents easier -- but could also let anyone with the right type of scanner scrape your information and track your whereabouts. Luckily, gadget geeks have come to the rescue again, this time with RFID-blocking wallets. Working on the same principle as the "phonekerchief", these wallets create a Faraday cage around your items, keeping their data secure until you take them out to be scanned where they're supposed to be scanned. Destroying the chip is simpler: just nuke it in the microwave for five seconds. Of course, whatever you're microwaving might burst into flames first...