Spying by PowerPoint: Leaked files confirm use of espionage software from Pakistan

Not one but three FinFisher spy softwares were acquired from FinFisher for a period of three years


Web Desk August 22, 2014

Infected Microsoft Office documents, particularly PowerPoint slides were used to spy on people by someone from Pakistan using software developed by surveillance software developer FinFisher, Digital Rights Foundation said on Friday based on files leaked recently.

FinFisher customer support portals were hacked earlier in August, and nearly 40Gb of data was leaked on to the internet through torrents.

According to the leaked documents, someone from Pakistan had leased three software based products of FinFisher for a period of three years starting in 2010 and had sought subsequent support for them after they were installed in 2011. It is not clear who in Pakistan had leased the software.

Correspondence between the company and the client, display name of ‘Customer 32’ (username: 0DF6972B, ID: 32) in support logs identifies themselves from Pakistan.



Customer 32 sought support for the three installed softwares, including the infamous FinSpy, FinFly USB and FinIntrusion Kit.

From the support tickets filed by Customer 32, it was also revealed that FinFisher products were being used to infect harmless MS office documents, particularly PowerPoint files. These infected files were then sent to the people who were targeted for spying. All the target had to do was open the infected file and their computer would be put under constant surveillance including their emails, chats, and other activity.

The user also allegedly used FinFisher to covertly steal files from “target” computers.

FinSpy, is used to target people who “change location, use encrypted and anonymous communication channels and reside in foreign countries.” Once FinSpy is installed on a computer or a mobile phone, it can be—according to the product brochure—the device can be “remotely controlled and accessed as soon as it is connected to the internet/network.”

In addition to FinSpy, Customer 32 also purchased another software called FinIntrusionKit to hack into hotel, airport, and other wifi networks to catch “close-by WLAN devices and records traffic and passwords”, extract “user names and passwords (even for TLS/SSL encrypted sessions),” and “captures SSL encrypted data like webmail, video portals, online banking and more.” The third software that was acquired is a tool to infect USB devices so that whoever plugs them becomes a target of surveillance.

Earlier in August, leaked files revealed that software manufactured by the German company had been used in Bahrain for spying on protesters. The software was used to track, among others, human rights lawyers.

COMMENTS (7)

mohammadnoonnanna | 6 years ago | Reply

@Gp65: The Israelis did turn a blind eye to hoodwink the world that Hammas was responsible for the tunnel. Similarly, the tunnel in IoK seems to be their own doing to accuse Pakistan of infiltration.

Gp65 | 6 years ago | Reply

@mohammadnoonnanna: Were tunnels not made by Hamas into Israeli terrirtory? Does that show that Israeli army was negligent? It shows no such thing. Similarlym all it shows that LOC of India and Pakistan is very long and even if 500,000 people are watching over it- there is going to be miles and miles of the LOC which is unguarded making such activities possible.

VIEW MORE COMMENTS
Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ