Spying by PowerPoint: Leaked files confirm use of espionage software from Pakistan

Night_Hawk

Siasat.pk - Blogger
Spying by PowerPoint: Leaked files confirm use of espionage software from Pakistan

By Web Desk
Published: August 22, 2014

752361-NKhack-1408728149-911-640x480.png

The user also used FinFisher to covertly steal files from the target computers. PHOTO: AFP

Infected Microsoft Office documents, particularly PowerPoint slides were used to spy on people by someone from Pakistan using software developed by surveillance software developer FinFisher,Digital Rights Foundationsaid on Friday based on files leaked recently.

FinFisher customer support portals were hacked earlier in August, and nearly 40Gb of data was leaked on to the internet through torrents.
According to the leaked documents, someone from Pakistan had leased three software based products of FinFisher for a period of three years starting in 2010 and had sought subsequent support for them after they were installed in 2011. It is not clear who in Pakistan had leased the software.
Correspondence between the company and the client, display name of Customer 32 (username: 0DF6972B, ID: 32) in support logs identifies themselves from Pakistan.



FinFisher-client.jpg

Customer 32 sought support for the three installed softwares, including the infamous FinSpy, FinFly USB and FinIntrusion Kit.
From the support tickets filed by Customer 32, it was also revealed that FinFisher products were being used to infect harmless MS office documents, particularly PowerPoint files. These infected files were then sent to the people who were targeted for spying. All the target had to do was open the infected file and their computer would be put under constant surveillance including their emails, chats, and other activity.
The user also allegedly used FinFisher to covertly steal files from target computers.


FinSpy, is used to target people who change location, use encrypted and anonymous communication channels and reside in foreign countries. Once FinSpy is installed on a computer or a mobile phone, it can beaccording to the product brochurethe device can be remotely controlled and accessed as soon as it is connected to the internet/network.


In addition to FinSpy, Customer 32 also purchased another software called FinIntrusionKit to hack into hotel, airport, and other wifi networks to catch close-by WLAN devices and records traffic and passwords, extract user names and passwords (even for TLS/SSL encrypted sessions), and captures SSL encrypted data like webmail, video portals, online banking and more. The third software that was acquired is a tool to infect USB devices so that whoever plugs them becomes a target of surveillance.
Earlier in August, leaked files revealed that software manufactured by the German company had been used in Bahrain for spying on protesters. The software was used to track, among others, human rights lawyers.