Infamous German spyware firm declares bankruptcy amid criminal investigation

A controversial Munich-based spyware firm has declared bankruptcy and ceased its business operations after having its accounts seized by German authorities. 

FinFisher Group, the company behind the FinSpy “state Trojan” malware, is under investigation for helping oppressive regimes around the world hack the phones and computers of activists.

This comes amid a criminal complaint filed by the Gesellschaft für Freiheitsrechte (GFF), Reporter without Borders (RSF Germany), the blog netzpolitik.org and European Centre for Constitutional and Human Rights (ECCHR) in March 2022. 

“FinFisher is dead. Its business with illegal exports of surveillance software to repressive regimes has failed. This is a direct success of our criminal complaint,” said GFF lawyer and case coordinator Sarah Lincoln.

FinSpy malware

Using the FinSpy malware, police and secret service can enter citizens’ devices to determine their location, record chats and calls, access data and passwords, and secretly activate the microphone or camera. It also hides really well; even malware and antivirus software may fail to recognize it. 

Lisa Dittmer, Advocacy Officer for Internet Freedom at Reporters Without Borders (RSF) Germany, said: “The use of spyware is a massive encroachment on the personal rights of those affected, which can have dramatic consequences, especially in countries with repressive regimes – for journalists and their sources, as well as for activists and members of the opposition.”    

Despite evidence of the use of its products to target political opponents, FinFisher has always claimed to provide these governments with value-neutral surveillance technologies with the scope of stopping terrorism and preserving national security.

FinFisher and authoritarian governments

Human rights groups have long denounced FinFisher’s activities, and their efforts have finally contributed to the collapse of the spyware company.

Initially, rumors around the sale of FinFisher software to governments in the Middle East started to circulate during the uprisings of the Arab Spring in 2010. 

In 2012, an investigation carried on by Bloomberg and CitizenLab exposed the use of the FinSpy tool to target activists in Bahrain. And two years later, it was the turn of Bahrain Watch to expose how the same technology was used to spy on pro-democracy dissidents. 

Later, in 2018, digital rights defendants Access Now published a report showing how the company was helping oppressive regimes crack down non-violent dissidents and political opponents in Turkey, Indonesia, Ukraine and Venezuela.

Although these revelations provoked public outrage, FinFisher continued its operations undisturbed, until now.

Human rights groups call on EU

The EU has been long trying to prevent the sale of surveillance technology to repressive regimes. This was exactly the purpose of 2015 updates in licensing requirements for exports to countries outside the economic union. 

But despite these efforts, the FinSpy Trojan malware appears still to be used by authoritarian governments, in places like Myanmar. That’s why human rights groups have called for urgent changes within the law for a more effective criminal prosecution.

So while the fight against FinFisher seems to have been won, there is still a long way to go to prevent these illegal surveillance operations from happening.

“The criminal investigation will hopefully lead to the swift indictment and conviction of the responsible business executives,” said legal director of the ECCHR Miriam Saage-Maaß. “But beyond these proceedings, the EU and its member states must take far more decisive action against the massive abuse of surveillance technology.”

Shield your privacy with these must-have apps for Android