© Edgar Su / Reuters
Monitoring software FlexiSPY, marketed at paranoid partners attempting to catch their other halves cheating, may have been provided to governments in countries including Turkey, Saudi Arabia and Bahrain according to a new leak.Documents leaked to
Motherboard, allegedly sourced from inside the organization, show the extent of FlexiSPY's use and profitability.
The controversial software, built by a small company based in Thailand and described as
"Stalkerware" may have been used in another piece of software built by British-German surveillance company Gamma, according to a 2011 document within the leak, cited by Motherboard.
The document described staff from FlexiSPY as assisting Gamma staff with the installation of the software 'Cyclops,' used on Gamma's own surveillance program known as FinSpy.
Gamma was
found to have sold FinSpy to the Bahraini government in 2012. While in 2015, evidence was
found to show its use by governments in countries including Egypt, Saudi Arabia, Turkmenistan and Venezuela.
WikiLeaks SpyFiles series claimed FinSpy was used to spy on "journalists, activists and political dissidents."Gamma was found to be in violation of human rights guidelines by the
Organization for Economic Co-operation and Development in 2015. FlexiSpy, on the other hand, has continued to provide "Stalkerware" to a growing number of consumers.
"They're basically building illegal software in the Kingdom of Thailand," a former employee of FlexiSPY who wished to remain anonymous told
Motherboard.
The software requires the user to gain once-off physical access to their target's mobile device to install the malware. It then offers them a range of abilities including sending fake text messages, stealing passwords, taking a picture via their camera, monitoring their online use and chats and monitoring their Tinder use.
In 2006, their website read: "Protect your children, catch cheating spouses, the possibilities are endless."This has
since been toned down to "The World's Most Powerful Monitoring Software for Computers, Mobile Phones and Tablets" detailing that the software can "Protect Children" and "Monitor Employees."
One 2016 document obtained by Motherboard put FlexiSPY's monthly revenue at $400,000 with the company priced at $20 million. Founder Atir Raihan is rumored to live a lavish lifestyle, spending much of the year holidaying and partying. His wealth is unknown and he has evaded interview requests thus far.
Speaking to Motherboard, Cindy Southworth from the National Network to End Domestic Violence said she was repulsed by how much profit the company has made through marketing to "abusers to facilitate criminal stalking in the past eleven years."A presentation in the leak named "offshore" showed that the company's finances were registered in the Seychelles with Mossack Fonseca, the firm behind the Panama Papers.
FlexiSPY software could have been used by Gamma as part of their reseller program, which allows buyers to sell FlexiSPY's product labelled as their own, according to Motherboard.
A spreadsheet contained in the leak listed 22 countries where over 40 companies were contacted in regards to their reseller program.
Israel, India, China, Russia and the US are listed in the document. It is not known if these companies purchased FlexiSPY.
One company listed from the US also manufactures a "semen detector" kit for detecting cheating partners.
Following the leak, FlexiSPY's user logon portal was taken offline. It was reported to be back operating on Saturday.
"The software requires the user to gain once-off physical access to their target's mobile device to install the malware."
And who is to say the software pushed is not able to remain hidden or disappear into a delete command without leaving traces is never ever possible is it?
The myth of this sort of thing being done is just getting weirder and weirder. The stories being fed to the user of these devices is an obvious cloak to cover the real and widespread use of remote deployed programs to monitor and transmit data. The fact that this is only possible to do with access to the device through the USB port is willful blindness about the realities of the modern raido computer that is the smartphone. Unless you have intimate knowledge about every chip and circuit, every single line of code at work, You have no reasonable expectation of knowing what is or is not possible for the device to do. Assuming the device is 'trusted' is what they want you to think so you will continue to feed the data to the network running the device. Your mutli core, battery operated, radio connected, high performance microcomputer using a microwave cell network is doing what ever the powers controlling that system want, claims of security are never going to be true to anyone looking at the system. Truth is the whole system is corrupt, anyone connected with it's operation is doing and saying whatever is required to continue it's operations.