This story is over 5 years old.


Turkey's Government Tried to Hack Hundreds of Protesters Over Twitter, Researchers Say

A new report details a widespread campaign targeting several Turkish activists and protesters, using the infamous government malware made by FinFisher.
Image: Shutterstock

Hackers—apparently working for the Turkish government— attempted to infect a large number of Turkish dissidents and protesters by spreading spyware on Twitter, according to a new report by digital rights organization Access Now.

The organization’s researchers found seven new samples of spyware made by the infamous surveillance tech vendor FinFisher. One of them targeted several Turkish protesters who attended a large series of protests against the government of Recep Tayyip Erdoğan in June and July 2017, known as the March for Justice, according to the report.


Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at, or email

As we have reported several times before, governments around the world are increasingly using spyware made by companies such as FinFisher or its Italian competitor Hacking Team to target criminals and, sometimes, dissidents and activists. Normally the malware’s operators are careful to target a small number of people. In this case, it seems whoever was controlling the malware wanted to spread it far and wide.

“The broad and aggressive use of FinSpy to target individuals involved in the March for Justice movement in Turkey provides a rare window into the current deployment of FinFisher,” the report concluded. “It gives us new clues and patterns of behaviour of how social media is used in conjunction with the malware.”

Read more: Motherboard’s Security Tuneup

The report also noted that the malware itself is still the same good old FinSpy.

“While in some respects the FinSpy client remains nothing more than standard malware with a more usable administrative interface and support services, our research has demonstrated that it is still successfully used against deliberately chosen targets,” the report read.

Access Now also identified six other malware samples, suggesting its use in Ukraine, Lybia, Venezuela and Indonesia.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.