ABC Australia has uncovered a proxy server for remote intrusion software FinFisher in the Global Switch data centre in Ultimo, Sydney, which obscures the real user of the spyware, an Indonesian government agency. FinFisher spyware is marketed and produced by Gamma Group and sold to governments and security agencies to conduct surveillance.
The FinFisher proxy server found in Australia is one of many identified by Citizen Lab Senior Research Fellow Bill Marczak in a report entitled “Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation.”
In an interview with ABC Australia, Marczak said, “What it means is that the information from the targets who are infected (with FinFisher) is going through Australia before it reached the final master server inside Indonesia.” He added, “We were able to identify one specific government user inside Indonesia, the National Crypto Agency (Lembaga Sandi Negara) but we also found evidence that there were many other government users inside Indonesia, in other words many separate agencies that were using many separate deployments of FinFisher.”
Bill Marczak said that the uncovered list of governments using the software concerned him. In particular, the findings indicated that several countries with poor human rights records were using FinFisher spyware to target internal dissidents and human rights activists, including Kenya, Angola, and Saudi Arabia. He highlighted the fact that often, the spyware was used in countries without a robust rule of law, and oversight of intelligence and law enforcement.
“As early as a few years ago it was not possible for governments like Angola, for example, to get this sophisticated spyware capability. It simply wasn’t available” he said. “It opens up the field of sophisticated surveillance to anybody with a chequebook” he concluded.