A powerful German spyware company had its hacking tools spotted in Myanmar.
The news: One of the oldest private hacking companies around found itself in the spotlight again this week. Gamma Group, a German company that sells spyware to the highest bidder, was discovered within the last year to be spying on dozens of mobile devices in different parts of the world by the Russian cybersecurity company Kaspersky. Last month, Kaspersky found Gamma Group’s FinSpy malware in Myanmar. The hacking tool known as FinSpy, if successful, steals everything from text messages to emails, photos, and GPS data. It also targets secure and encrypted messengers like Signal, WhatsApp, and Telegram. Those apps, often used for their exceptional security against hackers at a distance, offer little protection against malware that’s successfully executed on a target’s phone.
The background: Today, there is a global multibillion-dollar hacking industry. Gamma Group came to prominence when it was discovered selling spyware to Middle East dictatorships during the Arab Spring.
The target: It’s not clear yet who was the aggressor and who was the target, but these tools are increasingly used by authoritarian governments to suppress dissidents and political opponents. Myanmar has endured a series of uniquely 21st-century catastrophes, most notably an ethnic genocide fueled by social media. Silicon Valley, Facebook in particular, was slow and ineffective in its response even as people died as a result of misinformation and hate speech on the platform. Last month, the government shut down the internet during a time of heavy fighting and humanitarian crises.
The future: Gamma Group is one company among many that governments around the world are paying for high-tech hacking capabilities. Although countries like the US and China can afford to develop world-leading exploits and vulnerabilities, dozens more countries—from democracies to dictatorships—are turning to the booming private sector for their hacking abilities. The results can be seen in Saudi Arabia, which reportedly has hacked journalists; the United Arab Emirates, which hacked dissidents; and Mexico, which hacked lawyers and even politicians, among others. Gamma Group’s resurfacing in Myanmar is the latest sign of the industry’s global reach.