Infected Microsoft Office documents, particularly PowerPoint slides were used to spy on people by someone from Pakistan using software developed by surveillance software developer FinFisher, Digital Rights Foundation said on Friday based on files leaked recently.
FinFisher customer support portals were hacked earlier in August, and nearly 40Gb of data was leaked on to the internet through torrents.
According to the leaked documents, someone from Pakistan had leased three software based products of FinFisher for a period of three years starting in 2010 and had sought subsequent support for them after they were installed in 2011. It is not clear who in Pakistan had leased the software.
Correspondence between the company and the client, display name of ‘Customer 32’ (username: 0DF6972B, ID: 32) in support logs identifies themselves from Pakistan.
Customer 32 sought support for the three installed softwares, including the infamous FinSpy, FinFly USB and FinIntrusion Kit.
From the support tickets filed by Customer 32, it was also revealed that FinFisher products were being used to infect harmless MS office documents, particularly PowerPoint files. These infected files were then sent to the people who were targeted for spying. All the target had to do was open the infected file and their computer would be put under constant surveillance including their emails, chats, and other activity.
The user also allegedly used FinFisher to covertly steal files from “target” computers.
FinSpy, is used to target people who “change location, use encrypted and anonymous communication channels and reside in foreign countries.” Once FinSpy is installed on a computer or a mobile phone, it can be—according to the product brochure—the device can be “remotely controlled and accessed as soon as it is connected to the internet/network.”
In addition to FinSpy, Customer 32 also purchased another software called FinIntrusionKit to hack into hotel, airport, and other wifi networks to catch “close-by WLAN devices and records traffic and passwords”, extract “user names and passwords (even for TLS/SSL encrypted sessions),” and “captures SSL encrypted data like webmail, video portals, online banking and more.” The third software that was acquired is a tool to infect USB devices so that whoever plugs them becomes a target of surveillance.
Earlier in August, leaked files revealed that software manufactured by the German company had been used in Bahrain for spying on protesters. The software was used to track, among others, human rights lawyers.