FinFisher spyware used to snoop on Bahraini activists, police told
Gamma International on the end of UK criminal complaint
Allegations that three Bahraini activists resident in Britain were spied on by Bahraini authorities using British spyware have led to a criminal complaint.
Privacy International is calling on the National Cyber Crime Unit of Britain's National Crime Agency to investigate the unlawful surveillance of three human rights campaigners allegedly carried out using FinFisher spyware software supplied by British company Gamma International.
Moosa Abd-Ali Ali, Jaafar Al Hasabi and Saeed Al-Shehabi, three pro-democracy Bahraini activists, were subjected to years of harassment and imprisonment prior to being granted asylum in the UK. All three were subsequently targeted for online surveillance after their computers were allegedly infected with FinFisher, according to an investigation by human rights group Bahrain Watch.
A criminal complaint filed on Monday argues that the Bahraini authorities carried out an unlawful interception of communications, contrary to section 1 of the UK’s Regulation of Investigatory Powers Act 2000. By selling them FinFisher and assisting the Bahraini authorities, Gamma is said to have acted as an accessory to the alleged crime, potentially violating the Serious Crime Act 2007, the complaint further alleges.
Back in February Privacy International and solicitors Bhatt Murphy filed a separate criminal complaint over allegations that Ethiopian refugee Tadesse Kersmo was also spied upon using FinFisher.
Gamma has been a bogeyman for privacy and human rights activists for years because of its supply of law enforcement Trojans to authoritarian regimes such as those in Bahrain, among others.
More recently, claims Privacy International, leaked documents have emerged suggesting Gamma is complicit in Bahrain’s unlawful surveillance of individuals located outside the country. Prominent Bahraini opposition politicians, democracy activists and human rights lawyers were all targeted with FinFisher, which grants full access to compromised machines allowing its silent controllers to turn on functions such as cameras and microphones.
The Register has contacted Gamma for comment via its webform (it doesn't publish contact info on its website) and will update this story if we receive a response.
Exploits in unpatched software and social engineering are used to plant FinFisher, which is functionally little different from the sort of Trojans cybercriminals use. Gamma's licensing model and technical support to law enforcement and other government clients are the only real differences.
A study from Toronto-based researchers Citizen Lab suggests that FinFisher command and control servers have been found in 35 countries, including Ethiopia, Turkmenistan, Bahrain, and Malaysia. ®