Someone inside Pakistan purchased an estimated 300,000-euro toolset of highly controversial surveillance software, and digital human rights activists are concerned about the serious threats this poses to the security and privacy of users operating in local cyberspace.
Digital Rights Foundation Pakistan (DRFP), a local NGO focused on digital rights, released its investigation into a 40GB leak of data from the servers of FinFisher, an online mass surveillance software that has been criticised by human rights organisations for its high potential for abuse, as in its use to target protesters in Bahrain (2012) and its purchase by Egyptian secret services during the revolution of 2011.
The latest data leak this August was made downloadable online by a hacker identified only by the online handle, PhineasFisher. The hacker wrote a note on social networking site Reddit, justifying the leak as a means to, hopefully develop a better understanding of the organisations, and methods of operation involved in these [surveillance] attacks so that those targeted can actually defend themselves.
DRFP carried out an investigation into the data, given the fact that tests carried out in 2013 by Canada-based Citizen Lab confirmed the presence of two FinFisher Command and Control servers operating in Pakistan.
DRFP sifted through the new data which included correspondence between customers and FinFisher support staff, and found that someone from Pakistan licensed three softwares from FinFisher for a period of three years. FinSpy and FinUSB were purchased by the Pakistani customer in April 2010, while the FinIntrusion Kit was purchased in June 2010.
http://www.dawn.com/news/1127405/customer-32-who-used-finfisher-to-spy-in-pakistan