FinFisher

FinFisher, also known as FinSpy, is surveillance software marketed by Gamma International, also known as the Gamma Group, a software firm based in the U.K. which markets the spyware through law enforcement channels. It has allegedly been marketed to government security officials who were told it could be covertly installed on suspects' computers through exploiting security lapses in the update procedures of non-suspect software. Egyptian dissidents who ransacked the office's of Egypt's secret police following the overthrow of Egyptian President Hosni Mubarak reported they discovered a contract with Gamma International for €287,000 for a license to run the FinFisher software.

Elements of the FinFisher suite
In addition to spyware the FinFisher suite offered by Gamma to the intelligence community includes monitoring of ongoing developments and updating of solutions and techniques which complement those developed by intelligence agencies. The software suite, which the companies calls "The Remote Monitoring and Deployment Solutions" has the ability to take control of target computers and capture even encrypted data and communications. Using "enhanced remote deployment methods" it can install software on target computers. An "IT Intrusion Training Program" is also offered which includes training in in methods and techniques and in use of the company supplied software.

Method of infection
The surveillance suite is installed after the target accepts installation of a fake update to commonly used software. Code which will install the has also been detected in emails.

A security flaw in iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs. Gamma International offered presentations to government security officials at security software trade shows where they described to security officials how to covertly install the FinFisher spy software on suspect's computers using iTunes' update procedures.

The security flaw in iTunes that FinFisher is reported to have exploited was first described in 2008 by security software commentator Brian Krebs. Apple did not patch the security flaw for more than three years, until November 2011. Apple officials have not offered an explanation as to why the flaw took so long to patch. Promotional videos used by the firm at trade shows which illustrate how to infect a computer with the surveillance suite were released by Wikileaks in December, 2011.

Use by repressive regimes
Its wide use by governments facing political resistance was reported in August, 2012 after emails received by Bahraini activists were passed on by a Bloomberg reporter to computer researchers Bill Marczak, a graduate student, and Morgan Marquis-Boire, a researcher at the University of Toronto in May, 2012. Analysis of the emails revealed code, FinSpy, designed to install the spyware on the recipient's computer.