German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization.
Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor's Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8.
For those unaware, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists, political dissidents and journalists.
FinSpy malware can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, and gives its operator spying capabilities, including secretly turning on victims' webcams and microphones, recording everything they types on the keyboard, intercepting calls, and exfiltration of sensitive data.
However, a new report from BR (Bayerischer Rundfunk) and (Norddeutscher Rundfunk) NDR suggests the spying firm illegally exported FinSpy to other countries without the correct export license issued by the federal government.
The Munich public prosecutor's office is now investigating "suspected violations of the Foreign Trade Act against managing directors and employees of FinFisher GmbH and at least two other companies," said a spokeswoman to BR and NDR.
The raids were part of a criminal complaint [pdf] filed by the GFF, Netzpolitik, Reporters Without Borders (ROG), and the European Center for Constitutional Rights and Human Rights (ECCHR) against the managing directors of FinFisher GmbH in July 2019.
Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.Supercharge Your Skills
In 2015, a permit requirement for exports of FinSpy to non-EU countries was introduced across Europe, but even after the federal government not issued a single export license, the surveillance software was found on a Turkish website in 2017 to spy on members of the opposition and was used in Egypt to target NGOs.
This strongly suggests that the surveillance company illegally exported the FinSpy software despite the existing permit requirements.
We will update the article as and when new information becomes available.