Cyber Attacks On Activists Traced To Gamma Group's FinFisher Spyware 54
Sherloqq sends this quote from a Bloomberg report:
"FinFisher, a spyware sold by U.K.- based Gamma Group, can secretly take remote control of a computer, copying files, intercepting Skype calls and logging every keystroke. For the past year, human rights advocates and virus hunters have scrutinized FinFisher, seeking to uncover potential abuses. They got a glimpse of its reach when a FinFisher sales pitch to Egyptian state security was uncovered after that country's February 2011 revolution. In December, anti-secrecy website WikiLeaks published Gamma promotional videos showing how police could plant FinFisher on a target's computer. ... Researchers believe they’ve identified copies of FinFisher, based on an examination of malicious software e-mailed to Bahraini activists, they say. ... The findings illustrate how the largely unregulated trade in offensive hacking tools is transforming surveillance, making it more intrusive as it reaches across borders and peers into peoples’ digital devices. From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed."
First Post (Score:1)
Who do ya wanna blame ? (Score:3)
The piece from Bloomberg is one of the lousiest journalism there is
Putting blame on U.K.'s Gamma Group ain't gonna make the world better
And those activists --- if they are real ACTIVE-ists, --- they would know that activism using only their mouths to blame Gamma Group ain't gonna bring in any change
I was an activist myself in younger days, and we didn't do 'activism by mouth' - we did it with everything - even by fighting fire with fire
If those that we oppose use technology, such as cyber-spying and wire-ta
Re: (Score:3)
In most countries, software itself is not illegal unless it is used illegally in that country (I believe Japan is one exception, there may be others was well). Monitoring your own computer using "malware" is perfectly legal. That means the government cannot legally do anything, and generally you wouldn't want them to either: or do you trust governments to have the restraint not to call Linux "hacking" software?
Re: (Score:2, Flamebait)
What the hell does your blabbering have to do with anything? This isn't about people running software they choose. It is abut a UK comany exporting malware to what was a dictatorial regime to spy on political dissidents.
Re:Fags and spics (Score:4, Insightful)
Right. Export controls: that's the ticket. It worked so well for encryption software and inconvenienced no one.
Re: (Score:3)
"Blind eye"? Who the hell do you think are the customers for this sort of stuff?
Malware (Score:1)
can secretly take remote control of a computer...
So this isn't "pen testing", it's traspassing with full-on malware, right?
Does it require user interaction, or does it use remote exploits and known vulnerabilities?
Re: (Score:3, Funny)
Re: (Score:3)
Since Egypt was considered a UK ally, it wasn't on any lists of countries where it's prohibited to sell this kind of stuff, so unfortunately it was probably still legal. Unless someone finds them having sold stuff to North Korea or Syria or something.
Gamma Group - For All Your Fascist E-Needs (Score:4, Insightful)
If ever there was a company aching for a PR disaster...
Re: (Score:2, Interesting)
i dont think a company that sells spyware to government entities is worried about their public image...
Re:Gamma Group - For All Your Fascist E-Needs (Score:4)
i dont think a company that sells spyware to government entities is worried about their public image...
Actually, they prefer to be completely opaque .. to the point people are unaware they exist. It is the glare from the spotlight of attention they squirm under.
Nothing to see here, nothing at all, we're just a bunch of chickens, nothing special .. why don't you go see what Rebecca and Andy are up to?
Re: (Score:2)
If ever there was a company aching for a PR disaster...
You say that as if modern governments give a shit what their people think.
Protip: They don't. Why should they? If the last 30 years have taught us anything, it's the fact that if someone in government wants to commit an act that is currently criminal, they just make an exception for themselves.
Re: (Score:2)
While I don't disagree with your sentiment, I do say that there is more we can do as people to resolve these issues. Educate people around you, and wake people up is the first step. After that, you can actually have enough mass to make changes. Complacency is not going to resolve the problems (obviously).
Of course this is an extension of your thoughts. The sentiment alone hints at being defeated, perhaps that was not your opinion.
Re: (Score:2)
Educating people, as you said.
Re: (Score:2)
Re: (Score:2)
Moving to other platforms? (Score:4, Interesting)
With all the malware tools becoming available for Windows and Mac, perhaps Linux, I wonder if this will encourage people to move to lesser known platforms that would function just as well.
Moving to a non-mainstream CPU and OS would stop most malware in its tracks. Making sure that cross-platform items like Java are either not run, or are run in a chrooted, jailed space, perhaps as a different user, might also be the par for the course.
Hmm... time to see where I put the old Indy and see if Chromium or Firefox would port to IRIX without some substantial effort or rewriting... Barring that, there are always some old POWER5 boxes on eBay with graphical consoles, as well as SPARC boxes.
Maybe it is time to go back to the days of Solaris for being on the Internet.
Re:Moving to other platforms? (Score:4, Informative)
If you look at these videos there is at least one video which suggests this requires a bit of stupidity on the users part.
It assumes Microsoft Windows / Mac
1. Insertion of payload to EXE / DMG download (semi assumed although this is this would be feasible and thus I'm sure how they are doing it)
2. Instant message to blackberry user with link to trojan (spam)
3. They show USB keys being physically inserted (I'd assume this is a non-locked down system and the trojan is opened through autorun, but that doesn't even work in Vista/7, which means user interaction, which if you are physically at the computer this would be easy to hit ok, if there are no screen saver passwords)
Platform based solutions:
1. Don't enable downloading of executable content (limit programs to trusted, vetted, and verifiable sources like repositories)
2. Don't enable downloads of executable content
3. Don't leave the system unattended, ever, and boot from removable media, the system should also be kept secure from adversaries and checked for physical hardware devices that could intercept key strokes
Some other things:
4. Disable scripting (libre office macros, adobe flash, PDF reader, browsers, etc)
5. Use publicly verifiable encryption software (this excludes truecrypt as the source code is not easily vetted even though it's available, a public CVS is needed)
6. NOT SKYPE! Anything but Skype. I mean. Really. Are you stupid? There are some alternative options. GPG email / instant messaging is probably ideal with limited protocols (personal jabber server, NOT GTalk, MSN, AIM, etc).
7. Don't leave the data unencrypted and don't utilise third party systems (at least not repeatedly- you can easily attack a user by simply monitoring them and then infecting the systems they use even if in Internet cafes, how many Internet cafes do you have in your area? chance are you end up using one of a dozen at the most, all easily infected)
Re: (Score:2)
Secure boot would be re-writable cd-rom or dvd. But with the swamp and data on the hard drive. It allows for two things. Secure boot and no loss of data. It would also be smart to move away from Linux to FreeBSD, NetBSD, OpenBSD or something of that nature. As Linux is well known today and has possibility of exploits.
Re: (Score:2)
Your assuming that Chromium or Firefox is as secure as most of us hope; Lynx should be pretty secure. [wikipedia.org]
Re: (Score:2)
Companies like Gamma Group are selling this software at exorbitant prices under defense contracts. They offer to infect about any (non-hardened, non-military) system and any telefone in existence, and for the money they get they can easily hold that promise.
So, no, switching to a lesser known system will not help much. Perhaps it will make a few people curse and delay the whole spying attempt for a few months, but not much more.
All the more reason ... (Score:2)
To leave Win world as soon as possible.
Re: (Score:2)
Because malware can't be written for OS X or Linux?
Re: (Score:1)
They'd generally have to get the malware into the Linux repos, which isn't totally impossible, but it is a rather large barrier. It reduces the malware footprint of the Linux ecosystem to a tiny fraction of what it might be otherwise.
Generally you're pretty safe if you:
(1) Don't follow the "run all scripts from anybody!" idiots
(2) Only install software from trusted repos.
Sure, someone could break in and physically install it on your machine, but that's not going to be happening to the vast majority. You
Want to defeat FinFisher? (Score:2)
Install Linux. Better yet, install Arch Linux, because all the packaged libraries will be way too new for it to have a hope in hell of ever working.
I don't know who I'm more afraid of (Score:4, Insightful)
Government Sales (Score:3)
"The statement addressed the documents found in Cairo, which priced the system at 388,604 euros ($470,000), including maintenance. "
Gotta love selling to governments. Spector-Pro eBlaster costs about $100 and does the same thing.
Comment removed (Score:3)
Re: (Score:2)
Well, once it is properly "regulated" as the article suggests is necessary the antivirus vendors will be prohibited from warning users about licensed spyware as it will only be used in authorized police investigations.
Who on earth (Score:1)
don't know how to put an electrical tape over their webcam already? Remove it only when you use it!
What about the microphones? (Score:2)
What about laptop built-in microphones that come bundled with the cameras?
Re: (Score:2)
They'll enable that feature for an extra $80,000.
Question for the security pros (Score:2)
Does the FinFisher software work across all platforms? Windows, Mac and Linux?
Whenever I hear about spyware like FinFisher, I have what is perhaps a false sense of security that it's really talking about Windows.
"...unregulated trade..." (Score:3)
If it is installed on your computer.
Re: (Score:2)
Oooh. People doing things without permission. Oooh. This must be stopped! Only the Authorities should have access to this sort of thing (because you know we can trust them).
If it is installed on your computer.
It was "the Authories" that had access and used it to spy on citizens, read TFA.
To your second point, do you really believe that they have no way of brute forcing a hunk of Spyware on to any Windows PC? I think you missed the articles last month where MS key stores were not the only thing at issue with Flame and Stuxnet, it was that the Government had agents working inside MS. A dollar says they have more than 1 "oh shit" back door on any MS PC, if not something permanently installed that they can do the
Re: (Score:2)
No shit. And do you really think that the UK authorities would have denied the company a license to sell the software to the Egyption authorities? Remember, they were our allies in the War On Terror.
Which is that this is just another bit of malware, different from the usual kind only in that it is "legit", commercial, and very expensive.
Re: (Score:2)
The sarcasm in your post was obviously.. not obvious. Seems like we are thinking at least very similar.