FINFISHER, also known as FinSpy, is a spyware program developed and maintained by the Munich-based FinFisher Gamma Group. It is marketed solely through law enforcement channels and used by intelligence agencies and the like to monitor computers of all shapes and sizes. FinFisher can track a device’s whereabouts and intercept or capture encrypted data and communications.
A computer infected with the FinFisher suite of software is widely considered to be extremely vulnerable to the plethora of surveillance mechanisms now within its bounds. FinSpy, as its name implies, mines for classified and/or personal information by:
Recording Skype and other telecommunications apps;
Infiltrating sensitive data and files;
Tracking everything a user types on their physical or virtual keyboard (also known as keylogging); and
Secretly enabling live surveillance by toggling a device’s microphone and/or web camera.
Such tactics are best described as “a gift and a curse.” A growing concern in our advanced society is the threat of cyber warfare, so having a leg up in any fight against terrorism (whether locally or abroad) is always a plus. At the same time, the FinFisher software has been known to aid cyber criminals and totalitarian governments in detecting anything they set their sights on—from who a targeted user is communicating with to the exact contents of those communications.
This is where FinSpy and malicious software meet. When at the helm of corruption, it poses a serious threat to a user’s civil liberties, especially where privacy is concerned. FinFisher can literally make the personal details of one’s life public, and a variety of phishing strategies, including email, text messages and bogus websites, are used to distribute the software to your computer system. From here, cyber criminals are able to remotely access your device and lift your intimate, classified or financial information. They can also gain an insight to your online behavior by analyzing the websites and applications you typically use.
But hacking rarely stops here. Victims of such exploits have traditionally had their identities stolen, money siphoned away, havoc wreaked on their credit cards, and personal information traded to other parties with the intent of using it maliciously.
The FinFisher (FinSpy) Process of Infiltration
By now, it should be clear that cyber criminals can easily infect a targeted computer system with the FinFisher suite by preying on security lapses and flawed update procedures of popular software. One such example is the Adobe Flash zero day vulnerability. The term zero day is an analytical one that describes a software flaw which may hide the identity of its developer. To take advantage of this security hole, cyber criminals must act within a specific window of time in order to accomplish their agenda.
Similar security flaws have been discovered in popular software like Adobe Photoshop, Google Chrome, and even previous versions of iTunes. In essence, there are countless ways a cyber criminal can “bait” and infect a computer system with the FinSpy software. In order to prevent the likelihood of your own device being compromised, users should remember the three (3) most common ways:
Fake software updates;
Security flaws in popular software; and
Phishing schemes, in which file attachments which masquerade themselves as legitimate documents can codes to install the FinFisher suite.