

Raphael Satter, The Associated Press





LONDON -- Researchers have identified a new group of smaller, poorer nations as users of spy software, suggesting that a recent series of leaks and lawsuits hasn't deterred governments from investing in off-the-shelf cyberespionage products.

Internet watchdog group Citizen Lab said in a report published Thursday that it had found 33 "likely government users" of FinFisher, one of the world's best-known purveyors of spyware. A cyberattack against FinFisher last year exposed reams of client information and other confidential data, but the report's lead author Bill Marczak says the company appears to have weathered the breach.

"They seem to have a healthy client base, despite the fact that they were hacked and customer data was exposed," he wrote in an email. "Far from observing a drop in FinFisher servers, we're detecting more than ever before."

FinFisher did not return messages seeking comment on the findings.

Like many malicious programs, FinFisher's products works by infecting its targets' computers and phones, copying messages, recording conversations and even activating webcams. Unlike most malicious programs, those behind FinFisher have business cards and badges.

On its website, the Munich-based company says it helps law enforcement and intelligence agencies bring justice to criminals. Among the documents leaked last year was a brochure touting the software's success in breaking up organized crime and human-trafficking rings, but FinFisher's tools have also been found spying on journalists, human rights defenders and lawyers. The victims include a U.S.-based reporter and a U.K.-based activist who have sued over the electronic violations.

The spyware doesn't come cheap. Also leaked last year was a price list suggesting that a suite of FinFisher products -- including a full set of attack software, booby-trapped thumb drives and nearly a dozen different training courses -- retailed for some 3 million euros ($3.5 million.)

That price tag doesn't seem to have put off government agencies in Paraguay, Kenya, Macedonia or Bangladesh. Those were among the countries newly identified as likely users of FinFisher by Citizen Lab, which is based at the University of Toronto's Munk School of Global Affairs and has long kept tabs on government hacking.

In Bangladesh, researchers found a FinFisher server in an Internet Protocol address block used by the country's Directorate General of Forces Intelligence. In Kenya, the researchers found a server in an address block registered to a user identified as "National Security Intelligence" -- an old version of the name for the country's National Intelligence Service. Both organizations have been implicated in human rights violations including disappearances and torture.

Bangladesh's Directorate General of Forces Intelligence did not return messages seeking comment. Kenyan officials also didn't immediately return messages. Cpt. Amilcar Vera, the spokesman for Paraguay's anti-terror and anti-drugs task force, said he could neither confirm nor deny his country's use of FinFisher. In Macedonia, Interior Ministry spokesman Ivo Kotevski said the brand of spyware used by his country's spies was "classified information."