A controversial Munich-based spyware firm has declared bankruptcy and ceased business after having its accounts seized by German authorities.

FinFisher Group, the company behind the FinSpy “state trojan” malware, is under investigation for helping oppressive regimes around the world hack into activists’ phones and computers.

This follows a criminal complaint filed by the Gesellschaft für Freiheitsrechte (GFF), Reporter Without Borders (RSF Germany), the blog netzpolitik.org and the European Center for Constitutional and Human Rights (ECCHR) in March 2022.

“FinFisher is dead. Its business of illegally exporting surveillance software to repressive regimes has failed. This is a direct success of our criminal complaint,” said Sarah Lincoln, GFF attorney and case coordinator.

FinSpy Malware

Using FinSpy malware, police and secret services can access citizens’ devices to determine their location, record conversations and calls, access data and passwords, and covertly activate the microphone or camera. It also hides very well; even malware and antivirus software may not recognize it.

Lisa Dittmer, Head of Internet Freedom Advocacy at Reporters Without Borders (RSF) Germany, said: “The use of spyware constitutes a massive violation of the personal rights of those concerned, which can have dramatic consequences, in particularly in countries with repressive regimes – for example. journalists and their sources, as well as for activists and members of the opposition.

Despite evidence of its products being used to target political opponents, FinFisher has always claimed to provide these governments with worthless surveillance technologies in an effort to stop terrorism and preserve national security.

FinFisher and authoritarian governments

Human rights groups have long exposed FinFisher’s activities, and their efforts ultimately contributed to the spyware company’s collapse.

Initially, rumors surrounding the sale of FinFisher software to governments in the Middle East began circulating during the Arab Spring uprisings in 2010.

In 2012, an investigation by Bloomberg and CitizenLab revealed the use of the FinSpy tool to target activists in Bahrain. And two years later, it was Bahrain Watch’s turn to expose how the same technology was being used to spy on pro-democracy dissidents.

Later, in 2018, digital rights defenders Access Now published a report showing how the company was helping oppressive regimes suppress nonviolent dissent and political opponents in Turkey, Indonesia, Ukraine and Venezuela.

Although these revelations caused public outrage, FinFisher has continued its operations undisturbed, so far.

Human rights groups call on the EU

The EU has long tried to prevent the sale of surveillance technology to repressive regimes. This was exactly the aim of the 2015 updates to licensing requirements for exports to countries outside the economic union.

But despite these efforts, the FinSpy Trojan malware still seems to be used by authoritarian governments, in places like Myanmar. This is why human rights groups have called for urgent changes in the law for more effective criminal prosecution.

So, while the fight against FinFisher seems won, there is still a long way to go to prevent these illegal surveillance operations from happening.

“We hope that the criminal investigation will lead to the prompt indictment and conviction of the responsible corporate executives,” said Miriam Saage-Maaß, ECCHR’s legal director. “But beyond these lawsuits, the EU and its member states must take much more decisive action against the massive abuse of surveillance technologies.”