​FinFisher spyware linked to Indonesian government found in Sydney: Report

Spyware sold to governments around the world has allegedly been found in a Sydney datacentre, with initial reports claiming its origin is Indonesia.
Written by Asha Barbaschow, Contributor

FinFisher, the sophisticated spyware suite sold to government agencies, has been found in a Sydney datacentre, the ABC has reported.

According to the report, the user of the spyware is the Indonesian government, using the Australian datacentre to house its proxy server.

Previously, it was reported that two government groups from Indonesia including the National Encryption Body (Lembaga Sandi Negara), amongst other agencies from 32 countries were FinFisher customers.

Bill Marczak, a researcher with Toronto-based IT, human rights, and security focused laboratory Citizen Lab, told the ABC that Indonesia appears to be one of the largest customers of FinFisher, finding evidence that there were many other government users in addition to the National Encryption Body inside Indonesia.

"I felt very concerned about the list of countries we had found," Marczak said. "I think I would have felt far less concerned if the spyware was only turning up in countries which had robust rule of law and oversight of intelligence and law enforcement."

Information from users infected by an Indonesian department was going through Australia, according to Marczak.

The spyware is able to remotely control any computer it infects, copy files, intercept Skype calls, and log keystrokes, and has allegedly been found inside the Global Switch Sydney East datacentre in Ultimo, which opened almost two years ago at a cost of AU$300 million.

Sydney East is the company's second facility in Sydney and was built next door to the existing Sydney West datacentre. Global Switch originally announced in late 2010 that it was constructing a second centre as part of the company's £1 billion expansion plan.

Global Switch is headquartered in London and has datacentres also in London, Amsterdam, Frankfurt, Paris, Madrid, Singapore, and Hong Kong.

ZDNet contacted Global Switch for comment, but no response was received by the time of publication.

Developed by Munich-based FinFisher Gamma Group, the software is touted as a way to "help government law enforcement and intelligence agencies identify, locate and convict serious criminals."

In late 2014, WikiLeaks revealed that the New South Wales Police, amongst others, were on the FinFisher surveillance suite customer list.

The NSW Police was listed as having purchased €1.8 million worth of FinFisher software, as well as submitting support requests relating to wanting to categorise keylogged conversations to avoid hot water by intruding on legal privilege, asking for reporting features to meet warrant requirements, and problems with FinSpy updates.

It was alleged at the time that a support ticket from NSW Police states that FinSpy had an issue with OS X when a surveillance target was offline.

"When a mac target is online, there is a configuration link which allows updating the configuration of the target and Trojan," the ticket said. "However, when the target is offline, there isn't any configuration link. This only appears on a mac target. Linux and Windows targets have configuration links when the target is both online and offline."

At the time, the NSW Police told ZDNet that "given this technology relates to operational capability, it's not appropriate to comment".

Singapore-based PCS Security, police forces from the Netherlands, and the intelligence arms of the Hungarian, Qatari, Italian, and Bosnian governments were also on the leaked customer list.

Less than a year ago, the NSW Police found itself embroiled in another spyware saga along with the Australian Security Intelligence Organisation, Victoria's Independent Broad-based Anti-corruption Commission, the Australian Federal Police, and the Northern Territory Police.

It was reported that the Australian government agencies were interested in using products from Milan-based surveillance software company Hacking Team.

Like FinFisher, Hacking Team developed spyware and malware designed to infiltrate a variety of devices and platforms, and sells its services to governments and businesses worldwide.

In late 2013, former Prime Minister Tony Abbott refused to address claims that Australian intelligence agencies had intercepted the communications of Indonesian President Susilo Bambang Yudhoyono in 2009.

At the time, Abbott said that all governments gather information and all governments know that every other government gathers information, but that he would not be drawn on commenting on this alleged incident.

"Australian government never comments on specific intelligence matters, this has been the long tradition of governments of both political persuasions, and I don't intend to change that today," he said. "I should also say that the Australian government uses all the resources at its disposal, including information, to help our friends and our allies, not to harm them."

"It's in no one's interests to do anything or to say anything that would jeopardise that relationship, and certainly I'm not going to."

Later that day, the former Foreign Minister Bob Carr described the diplomatic row between Australia and Indonesia over spying allegations as "catastrophic", calling on Abbott to apologise immediately, saying Indonesia feels it is being treated with contempt by Australia.

Editorial standards