From the Editors
The New York Times says Jadaliyya "Brings New Life to Arab Studies." Read about it by clicking here.
[The following press release was issued by Bahrain Watch on 6 February 2013.]
FOR IMMEDIATE RELEASE
February 6, 2013
UK SPYWARE IN BAHRAIN: COMPANY’S DENIALS CALLED INTO QUESTION : New Evidence Suggests Gamma Sold FinSpy to Bahrain
[Manama] In July 2012, Bahrain Watch reported that the Government of Bahrain was targeting activists with the FinSpy/FinFisher “lawful interception” computer spyware, programmed by UK company Gamma International. An analysis revealed that the spyware steals passwords and can record screen shots, Skype calls, and audio from a computer’s microphone. The spyware sends the data it captures back to a server in Bahrain. The Bahrain Watch report cited a technical analysis by Morgan Marquis-Boire and Bahrain Watch member Bill Marczak published through CitizenLab, and a report by Bloomberg. In response to these reports, Gamma International issued several statements to the press claiming that:
(1) The version of FinSpy used in Bahrain is an old copy that might have been stolen via a flash drive during a product demonstration. [1, 2]
(2) The server in Bahrain is not a FinFisher product, but is a “proxy” that relays the captured data to another server. 
(3) The version of FinSpy used in Bahrain has been modified so that it does not communicate with Gamma. If the product did communicate with Gamma, then Gamma could disable it. 
(4) Gamma never sold FinSpy to Bahrain. 
New evidence, presented in a complaint to the OECD, calls these claims into question:
(1) The version of FinSpy used in Bahrain is an old copy that might have been stolen via a flash drive during a product demonstration.
The copy of FinSpy sent to Bahraini Activists identifies itself as FinSpy 4.01, and bears a March 2012 date. However, Bahrain Watch has obtained a sample of a different version of FinSpy used in Bahrain, which predates the campaign against Bahraini activists. The other version of the spyware identifies itself as FinSpy 4.00, and has an older date. Both the FinSpy 4.01 and FinSpy 4.00 samples communicate with the same server in Bahrain. The use of two different FinSpy versions calls into question Gamma’s claim that Bahrain is using a stolen copy of FinSpy, and instead suggests that Bahrain is receiving updated spyware from Gamma.
(2) The server in Bahrain is not a FinFisher product, but is a “proxy” that relays the captured data to another server.
The server sent responses including the phrase “finspy_master” — Gamma documentation refers to the server component of a FinSpy installation as the Master. Bahrain Watch believes that Bahrain’s server is not a proxy, based both on what appeared to be a bug in the server that revealed to each single recipient the sum total number of messages sent by the server to all recipients. Analysis of this total over time showed that the server was not forwarding messages to a third party. The technical term for this bug is a “Global IP ID.” The bug was corrected around July 2012.
(3) The version of FinSpy used in Bahrain has been modified so that it does not communicate with Gamma. If the product did communicate with Gamma, then Gamma could disable it.
Over the past several months, Bahrain Watch sent scanning probes to a number of FinSpy servers, including servers identified in Turkmenistan, Ethiopia, and Bahrain. Bahrain Watch observed behavior changes that were consistent across all servers. For example, around October 2012, an update to the servers broke a technique used by Bahrain Watch and CitizenLab to scan for FinSpy servers. That scanning technique identified FinSpy servers by detecting a bug in the FinSpy protocol. That this particular bug was corrected on all servers at roughly the same time suggests that the product in Bahrain does indeed communicate with Gamma in order to receive updates.
(4) Gamma never sold FinSpy to Bahrain.
According to leaked Gamma documentation, a FinSpy server requires a current update license purchased from Gamma in order to receive updates. Once the update license is expired, the server can no longer receive updates. The continued behavior changes on Bahrain’s server indicate a current update license, which suggests an ongoing business relationship between Gamma and Bahrain.
Bahrain Watch founding member Bill Marczak said: “It looks like Gamma is providing updates to Bahrain’s FinSpy installation. This calls into question Gamma’s claim that Bahrain stole a demonstration version of FinSpy. Given this new evidence, we call on Gamma to cease providing any software, hardware, or training — whether directly or indirectly — to the Government of Bahrain, and to disable Bahrain’s FinSpy installation. Software like FinSpy needs to be export controlled on the basis of its surveillance capabilities, and companies should face penalties if they sell their products to and end user that they should reasonably know will use their product in service of human rights violations.”
Bahrain Watch is a monitoring and advocacy group that seeks to promote effective, accountable, and transparent governance in Bahrain through research and evidence-based activism.
About Bahrain Watch: http://bahrainwatch.org/about.html
If you prefer, email your comments to email@example.com.
Hot on Facebook
Jadalicious / جدلشس
To understand the context and conceptualization of this revolution means first to understand whom this uprising was against, and not necessarily what this uprising was for.click | email | tweet
Latest EntriesView All Entries »
- Analog Sound
- Operation Protective Edge: Legal and Political Implications of ICC Prosecution (Audio Recording)
- البحر من هنا
- الحراك الجمعيّ على مواقع التواصل الاجتماعي: تشكيل البدائل وبناء الرأي العام
- Radio France Internationale Interview with Jadaliyya Co-Editor Samia Errazzouki on General Strike in Morocco
- New Texts Out Now: Nazan Maksudyan, Orphans and Destitute Children in the Late Ottoman Empire
- الحق في المدينة، في الأرض، وفي البحر
- Syria Media Roundup (October 28)
- Arabian Peninsula Media Roundup (October 28)
- DARS Media Roundup (October 28)
- Turkey Media Roundup (October 28)
- On the Margins Roundup (October)
- البحر الذي تواطأ مع الغزَّاة: منمنمات من ساحل المتوسط / فلسطين المحتلة
- مقدمة: البحر من هنا
- هذا البحر لي
- Sarah Samy
- Last Week on Jadaliyya (October 20-26)
- Egypt Media Roundup (October 27)
- “Hamel, Leave!”: The Men in Blue and the Fracturing of the Order
- Assault on Academic Freedom: Neoliberalism and the Corporatization of Universities, Live Stream Event with Steven Salaita (27 October 2014 at GMU)
Jad NavigationView Full Map, Topics, and Countries »
Analog sound http://t.co/2AgLn7p8VL
yesterday at 6:59 AM
نهى عناب: البحر من هنا http://t.co/nYLAElqbt5
yesterday at 6:45 AM
تالا حلاوة: الحراك الجمعي على مواقع التواصل الإجتماعي: تشكيل البدائل وبناء الرأي العام http://t.co/rMkNhJEigL
yesterday at 6:41 AM
Operation Protective Edge: Legal and Political Implications of ICC Prosecution (Audio Recording) http://t.co/GWRJxSlQxE
yesterday at 6:26 AM
Radio France Internationale Interview with Jadaliyya Co-Editor Samia Errazzouki on General Strike in Morocco http://t.co/ZA7OF3d6Gm
on Wednesday 29 October at 09:28 AM