Spying by PowerPoint: Leaked files confirm use of espionage software from Pakistan

Published: August 22, 2014
The user also used FinFisher to covertly steal files from the “target” computers. PHOTO: AFP

The user also used FinFisher to covertly steal files from the “target” computers. PHOTO: AFP

Infected Microsoft Office documents, particularly PowerPoint slides were used to spy on people by someone from Pakistan using software developed by surveillance software developer FinFisher, Digital Rights Foundation said on Friday based on files leaked recently.

FinFisher customer support portals were hacked earlier in August, and nearly 40Gb of data was leaked on to the internet through torrents.

According to the leaked documents, someone from Pakistan had leased three software based products of FinFisher for a period of three years starting in 2010 and had sought subsequent support for them after they were installed in 2011. It is not clear who in Pakistan had leased the software.

Correspondence between the company and the client, display name of ‘Customer 32’ (username: 0DF6972B, ID: 32) in support logs identifies themselves from Pakistan.

Customer 32 sought support for the three installed softwares, including the infamous FinSpy, FinFly USB and FinIntrusion Kit.

From the support tickets filed by Customer 32, it was also revealed that FinFisher products were being used to infect harmless MS office documents, particularly PowerPoint files. These infected files were then sent to the people who were targeted for spying. All the target had to do was open the infected file and their computer would be put under constant surveillance including their emails, chats, and other activity.

The user also allegedly used FinFisher to covertly steal files from “target” computers.

FinSpy, is used to target people who “change location, use encrypted and anonymous communication channels and reside in foreign countries.” Once FinSpy is installed on a computer or a mobile phone, it can be—according to the product brochure—the device can be “remotely controlled and accessed as soon as it is connected to the internet/network.”

In addition to FinSpy, Customer 32 also purchased another software called FinIntrusionKit to hack into hotel, airport, and other wifi networks to catch “close-by WLAN devices and records traffic and passwords”, extract “user names and passwords (even for TLS/SSL encrypted sessions),” and “captures SSL encrypted data like webmail, video portals, online banking and more.” The third software that was acquired is a tool to infect USB devices so that whoever plugs them becomes a target of surveillance.

Earlier in August, leaked files revealed that software manufactured by the German company had been used in Bahrain for spying on protesters. The software was used to track, among others, human rights lawyers.

Facebook Conversations

Reader Comments (7)

  • paindu
    Aug 22, 2014 - 11:26PM

    Illegal but Genius!


  • Death
    Aug 22, 2014 - 11:53PM

    Real hackers write their own programs and find their own zero days.


  • wazraz
    Aug 23, 2014 - 12:03AM

    Pakistani’s don’t know that they have right over their privacy. I will not be surprised if few people in the comment section complain over this.


  • mohammadnoonnanna
    Aug 23, 2014 - 7:50AM

    What is the fun in publishing vague stories which are devoid of any proper information. Some one from Pakistan used the spying gadget, who someone is that. Such tailored stories are being published in the Indian press. Even today’s INDIA TODAY carried a story as well as picture about discovery of a tunnel on LoC by the Indian Army in Akhnoor area. The tunnel, as story goes, is 7-8 ft deep and 2.5 meter wide. One wonders as if the extremely watchful Indian Army was sleeping or had shut eyes to let the tunnel go……………………..? Similarly, the FINFISHER story also goes without head and tail.


  • Aug 23, 2014 - 9:48AM

    Why is the company even allowed to sell such a software?


  • Gp65
    Aug 23, 2014 - 10:44AM

    Were tunnels not made by Hamas into Israeli terrirtory? Does that show that Israeli army was negligent? It shows no such thing. Similarlym all it shows that LOC of India and Pakistan is very long and even if 500,000 people are watching over it- there is going to be miles and miles of the LOC which is unguarded making such activities possible.


  • mohammadnoonnanna
    Aug 23, 2014 - 7:11PM

    @Gp65: The Israelis did turn a blind eye to hoodwink the world that Hammas was responsible for the tunnel. Similarly, the tunnel in IoK seems to be their own doing to accuse Pakistan of infiltration.


More in World