A controversial Munich-based spyware firm has declared bankruptcy and ceased its business operations after having its accounts seized by German authorities.
FinFisher Group, the company behind the FinSpy "state Trojan" malware, is under investigation for helping oppressive regimes around the world hack the phones and computers of activists.
This comes amid a criminal complaint filed by the Gesellschaft für Freiheitsrechte (GFF), Reporter without Borders (RSF Germany), the blog netzpolitik.org (opens in new tab) and European Centre for Constitutional and Human Rights (ECCHR) in March 2022.
"FinFisher is dead. Its business with illegal exports of surveillance software to repressive regimes has failed. This is a direct success of our criminal complaint," said GFF lawyer and case coordinator Sarah Lincoln.
FinSpy malware
Using the FinSpy malware, police and secret service can enter citizens' devices to determine their location, record chats and calls, access data and passwords, and secretly activate the microphone or camera. It also hides really well; even malware and antivirus software may fail to recognize it.
Lisa Dittmer, Advocacy Officer for Internet Freedom at Reporters Without Borders (RSF) Germany, said: "The use of spyware is a massive encroachment on the personal rights of those affected, which can have dramatic consequences, especially in countries with repressive regimes – for journalists and their sources, as well as for activists and members of the opposition."
Despite evidence of the use of its products to target political opponents, FinFisher has always claimed to provide these governments with value-neutral surveillance technologies with the scope of stopping terrorism and preserving national security.
Big success! Following a criminal complaint by @freiheitsrechte @ReporterOG @netzpolitik_org & ECCHR over alleged illegal exports of spyware, the Public Prosector's Office seized FinFisher's accounts- and the company stopped all operations.Press release👇https://t.co/YImnyYN6lF pic.twitter.com/YSKqfAHLP9March 28, 2022
FinFisher and authoritarian governments
Human rights groups have long denounced FinFisher's activities, and their efforts have finally contributed to the collapse of the spyware company.
Initially, rumors around the sale of FinFisher software to governments in the Middle East started to circulate during the uprisings of the Arab Spring in 2010.
In 2012, an investigation carried on by Bloomberg and CitizenLab (opens in new tab) exposed the use of the FinSpy tool to target activists in Bahrain. And two years later, it was the turn of Bahrain Watch to expose how the same technology was used to spy on pro-democracy dissidents.
Later, in 2018, digital rights defendants Access Now published a report showing how the company was helping oppressive regimes (opens in new tab) crack down non-violent dissidents and political opponents in Turkey, Indonesia, Ukraine and Venezuela.
Although these revelations provoked public outrage, FinFisher continued its operations undisturbed, until now.
Human rights groups call on EU
The EU has been long trying to prevent the sale of surveillance technology to repressive regimes. This was exactly the purpose of 2015 updates in licensing requirements (opens in new tab) for exports to countries outside the economic union.
But despite these efforts, the FinSpy Trojan malware appears still to be used by authoritarian governments, in places like Myanmar. That's why human rights groups have called for urgent changes within the law for a more effective criminal prosecution.
So while the fight against FinFisher seems to have been won, there is still a long way to go to prevent these illegal surveillance operations from happening.
"The criminal investigation will hopefully lead to the swift indictment and conviction of the responsible business executives," said legal director of the ECCHR Miriam Saage-Maaß. "But beyond these proceedings, the EU and its member states must take far more decisive action against the massive abuse of surveillance technology."
