February 6, 2013

[Manama] In July 2012, Bahrain Watch reported that the Government of Bahrain was targeting activists with the FinSpy/FinFisher "lawful interception" computer spyware, programmed by UK company Gamma International. An analysis revealed that the spyware steals passwords and can record screen shots, Skype calls, and audio from a computer's microphone. The spyware sends the data it captures back to a server in Bahrain. The Bahrain Watch report cited a technical analysis by Morgan Marquis-Boire and Bahrain Watch member Bill Marczak published through CitizenLab, and a report by Bloomberg. In response to these reports, Gamma International issued several statements to the press claiming that:

(1) The version of FinSpy used in Bahrain is an old copy that might have been stolen via a flash drive during a product demonstration. [1, 2]

(2) The server in Bahrain is not a FinFisher product, but is a "proxy" that relays the captured data to another server. [1]

(3) The version of FinSpy used in Bahrain has been modified so that it does not communicate with Gamma. If the product did communicate with Gamma, then Gamma could disable it. [1]

(4) Gamma never sold FinSpy to Bahrain. [1]

New evidence, presented in a complaint to the OECD, calls these claims into question.

Read full report on bahrainwatch.org