Full Report
Esra'a Al Shafei spoke with The Reg about the spy tech 'global trade' interview Digital rights activist Esra'a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she's made it her mission to surveil the companies providing surveillanceware, their customers, and their funders.…
Analysis Summary
# Main Topic
The global trade of surveillance technology, driven by digital rights activist Esra'a Al Shafei's mission to track providers, customers, and funders following her own experience being targeted by spyware. This effort is materialized in the interactive project, **Surveillance Watch**.
## Key Points
- Digital rights activist Esra'a Al Shafei had FinFisher spyware installed on her device over a decade ago, which motivated her current work.
- She founded **Surveillance Watch**, an interactive map documenting surveillance software providers, their regional users, and investors.
- The project has grown from documenting 220 entities to 695, including well-known spyware like NSO Group's Pegasus and Cytrox's Predator.
- The scope includes companies with US/UK government contracts, such as Palantir and Paragon (provider of Graphite spyware), illustrating that surveillance is a "global trade" extending beyond authoritarian regimes.
- The tracking extends to funders, including investment groups like AE Industrial Partners, CIA-affiliated In-Q-Tel, Andreessen Horowitz (a16z), and BlackRock.
- The pervasive nature of surveillance is expanding beyond targeted attacks to include everyday smart technologies (e.g., smart cameras with facial/gait analysis) used in Western countries like New York.
- Exposure to this level of surveillance creates a chilling effect, leading to isolation and hesitation in expression among targeted individuals.
## Threat Actors
- **Known Victims/Targets:** Esra'a Al Shafei and her team of social justice advocates across Asia and North Africa.
- **Surveillance Providers Identified:**
- Gamma Group (creator of FinFisher/FinSpy)
- NSO Group (Pegasus)
- Cytrox (Predator)
- Paragon (Graphite spyware)
- **Data Aggregators/Surveillance Vendors:** LexisNexis (via its Accurint product).
## TTPs
- **Initial Compromise (Specific to Al Shafei):** Deceptive software updates, appearing as a Firefox browser update notification, used to trick the victim into downloading FinFisher.
- **Surveillance Capabilities (General):**
- Intercepting communications.
- Gathering intelligence.
- Tracking individuals' activities.
- Accessing content from encrypted messaging apps once the device is compromised (e.g., Paragon's Graphite).
- Data harvesting from public/non-public sources (e.g., LexisNexis Accurint synthesizing utility bills, license plate tracking, government databases).
- Location mapping and pattern recognition integration.
- **Emerging TTPs (Ambient Surveillance):** Use of smart cameras for behavioral analysis, facial recognition, and gait analysis, logging movements and potentially flagging them to police.
## Affected Systems
- **Specific Compromised System:** Al Shafei's computer (device targeted via a fake Firefox update).
- **Spyware Targets:** Smartphones (via Graphite spyware).
- **Data Sources/Platforms:** Systems using Accurint (integrating government databases, utility bills, phone records).
- **General Impact Scope:** Individuals utilizing common technologies that integrate tracking/logging features.
## Mitigations
- **General Defense:** Understanding the landscape of surveillance providers and acknowledging the normalization of mass surveillance.
- **Specific Knowledge:** Utilizing resources like the Surveillance Watch interactive map to identify entities involved in surveillance technology.
- **Behavioral Change:** Recognizing that convenience offered by new apps often leads to unwarranted data access that can be weaponized.
## Conclusion
The threat landscape involves both targeted, high-profile spyware (like FinFisher) and widespread, normalized mass surveillance integrated into commercial and smart-city technologies, predominantly funded and driven by actors within the US, UK, and Israel. Al Shafei's work emphasizes that resistance requires uncovering "who they are"—the interconnected network of surveillance developers, government customers (including US agencies like ICE), and financial backers (like BlackRock and In-Q-Tel). Users must actively resist the normalization of data sharing for convenience to prevent data weaponization against themselves and their associates.