Forgot your password?
typodupeerror
Communications Security

Cyber Attacks On Activists Traced To Gamma Group's FinFisher Spyware 54

Posted by Soulskill
from the congrats-the-internet-hates-you-now dept.
Sherloqq sends this quote from a Bloomberg report: "FinFisher, a spyware sold by U.K.- based Gamma Group, can secretly take remote control of a computer, copying files, intercepting Skype calls and logging every keystroke. For the past year, human rights advocates and virus hunters have scrutinized FinFisher, seeking to uncover potential abuses. They got a glimpse of its reach when a FinFisher sales pitch to Egyptian state security was uncovered after that country's February 2011 revolution. In December, anti-secrecy website WikiLeaks published Gamma promotional videos showing how police could plant FinFisher on a target's computer. ... Researchers believe they’ve identified copies of FinFisher, based on an examination of malicious software e-mailed to Bahraini activists, they say. ... The findings illustrate how the largely unregulated trade in offensive hacking tools is transforming surveillance, making it more intrusive as it reaches across borders and peers into peoples’ digital devices. From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed."
This discussion has been archived. No new comments can be posted.

Cyber Attacks On Activists Traced To Gamma Group's FinFisher Spyware

Comments Filter:
  • by Anonymous Coward
    Posted by FinFisher
    • The piece from Bloomberg is one of the lousiest journalism there is

      Putting blame on U.K.'s Gamma Group ain't gonna make the world better

      And those activists --- if they are real ACTIVE-ists, --- they would know that activism using only their mouths to blame Gamma Group ain't gonna bring in any change

      I was an activist myself in younger days, and we didn't do 'activism by mouth' - we did it with everything - even by fighting fire with fire

      If those that we oppose use technology, such as cyber-spying and wire-ta

  • by Anonymous Coward

    can secretly take remote control of a computer...

    So this isn't "pen testing", it's traspassing with full-on malware, right?

    Does it require user interaction, or does it use remote exploits and known vulnerabilities?

  • by ohnocitizen (1951674) on Wednesday July 25, 2012 @05:34PM (#40769729)
    Want to trample activists? Stop dangerous ideologies like Democracy in its tracks? Trust Gamma Group as much as you don't trust your citizens. "We'll help you spy on your people(tm)".

    If ever there was a company aching for a PR disaster...
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      i dont think a company that sells spyware to government entities is worried about their public image...

    • If ever there was a company aching for a PR disaster...

      You say that as if modern governments give a shit what their people think.

      Protip: They don't. Why should they? If the last 30 years have taught us anything, it's the fact that if someone in government wants to commit an act that is currently criminal, they just make an exception for themselves.

      • by s.petry (762400)

        While I don't disagree with your sentiment, I do say that there is more we can do as people to resolve these issues. Educate people around you, and wake people up is the first step. After that, you can actually have enough mass to make changes. Complacency is not going to resolve the problems (obviously).

        Of course this is an extension of your thoughts. The sentiment alone hints at being defeated, perhaps that was not your opinion.

    • by Yvanhoe (564877)
      For all the rest, there is SSL, Tor and GPG. Use them if you are a political activist or a journalist talking to them. It is important. There has been a recent clash in France between Telecomix and AFP when an interview was published, explaining that the journalist has interviewed an opponent through skype.
  • by mlts (1038732) on Wednesday July 25, 2012 @05:44PM (#40769851)

    With all the malware tools becoming available for Windows and Mac, perhaps Linux, I wonder if this will encourage people to move to lesser known platforms that would function just as well.

    Moving to a non-mainstream CPU and OS would stop most malware in its tracks. Making sure that cross-platform items like Java are either not run, or are run in a chrooted, jailed space, perhaps as a different user, might also be the par for the course.

    Hmm... time to see where I put the old Indy and see if Chromium or Firefox would port to IRIX without some substantial effort or rewriting... Barring that, there are always some old POWER5 boxes on eBay with graphical consoles, as well as SPARC boxes.

    Maybe it is time to go back to the days of Solaris for being on the Internet.

    • by Anonymous Coward on Wednesday July 25, 2012 @06:09PM (#40770175)

      If you look at these videos there is at least one video which suggests this requires a bit of stupidity on the users part.

      It assumes Microsoft Windows / Mac

      1. Insertion of payload to EXE / DMG download (semi assumed although this is this would be feasible and thus I'm sure how they are doing it)
      2. Instant message to blackberry user with link to trojan (spam)
      3. They show USB keys being physically inserted (I'd assume this is a non-locked down system and the trojan is opened through autorun, but that doesn't even work in Vista/7, which means user interaction, which if you are physically at the computer this would be easy to hit ok, if there are no screen saver passwords)

      Platform based solutions:
      1. Don't enable downloading of executable content (limit programs to trusted, vetted, and verifiable sources like repositories)
      2. Don't enable downloads of executable content
      3. Don't leave the system unattended, ever, and boot from removable media, the system should also be kept secure from adversaries and checked for physical hardware devices that could intercept key strokes

      Some other things:
      4. Disable scripting (libre office macros, adobe flash, PDF reader, browsers, etc)
      5. Use publicly verifiable encryption software (this excludes truecrypt as the source code is not easily vetted even though it's available, a public CVS is needed)
      6. NOT SKYPE! Anything but Skype. I mean. Really. Are you stupid? There are some alternative options. GPG email / instant messaging is probably ideal with limited protocols (personal jabber server, NOT GTalk, MSN, AIM, etc).
      7. Don't leave the data unencrypted and don't utilise third party systems (at least not repeatedly- you can easily attack a user by simply monitoring them and then infecting the systems they use even if in Internet cafes, how many Internet cafes do you have in your area? chance are you end up using one of a dozen at the most, all easily infected)

      • by jonfr (888673)

        Secure boot would be re-writable cd-rom or dvd. But with the swamp and data on the hard drive. It allows for two things. Secure boot and no loss of data. It would also be smart to move away from Linux to FreeBSD, NetBSD, OpenBSD or something of that nature. As Linux is well known today and has possibility of exploits.

    • Your assuming that Chromium or Firefox is as secure as most of us hope; Lynx should be pretty secure. [wikipedia.org]

    • Companies like Gamma Group are selling this software at exorbitant prices under defense contracts. They offer to infect about any (non-hardened, non-military) system and any telefone in existence, and for the money they get they can easily hold that promise.

      So, no, switching to a lesser known system will not help much. Perhaps it will make a few people curse and delay the whole spying attempt for a few months, but not much more.

  • To leave Win world as soon as possible.

    • Because malware can't be written for OS X or Linux?

      • by Anonymous Coward

        They'd generally have to get the malware into the Linux repos, which isn't totally impossible, but it is a rather large barrier. It reduces the malware footprint of the Linux ecosystem to a tiny fraction of what it might be otherwise.

        Generally you're pretty safe if you:

        (1) Don't follow the "run all scripts from anybody!" idiots
        (2) Only install software from trusted repos.

        Sure, someone could break in and physically install it on your machine, but that's not going to be happening to the vast majority. You

  • Install Linux. Better yet, install Arch Linux, because all the packaged libraries will be way too new for it to have a hope in hell of ever working.

  • by cultiv8 (1660093) on Wednesday July 25, 2012 @05:56PM (#40770019) Homepage
    what the NSA is doing [rt.com] or unbridled capitalism.
  • by hoggoth (414195) on Wednesday July 25, 2012 @06:06PM (#40770133) Journal

    "The statement addressed the documents found in Cairo, which priced the system at 388,604 euros ($470,000), including maintenance. "

    Gotta love selling to governments. Spector-Pro eBlaster costs about $100 and does the same thing.

  • by houghi (78078) on Wednesday July 25, 2012 @06:07PM (#40770141)

    What is the news in this? Remember: Guns don't kill people, people do. Software does not spy on people, people do.

    I think nobody here is impressed that you can control a device in another country, as the majority here will be aware what the Intertubes are. The times of people wondering how you opened the CD tray on a remote machine are well passed us.

    I would rather see how they do it to be not found out by anti-virus programs and what we can do now to detect if we (well, those who might be at risk) are infected or not.

    • I would rather see how they do it to be not found out by anti-virus programs and what we can do now to detect if we (well, those who might be at risk) are infected or not.

      Well, once it is properly "regulated" as the article suggests is necessary the antivirus vendors will be prohibited from warning users about licensed spyware as it will only be used in authorized police investigations.

  • don't know how to put an electrical tape over their webcam already? Remove it only when you use it!

  • Does the FinFisher software work across all platforms? Windows, Mac and Linux?

    Whenever I hear about spyware like FinFisher, I have what is perhaps a false sense of security that it's really talking about Windows.

  • by John Hasler (414242) on Wednesday July 25, 2012 @06:29PM (#40770485) Homepage
    Oooh. People doing things without permission. Oooh. This must be stopped! Only the Authorities should have access to this sort of thing (because you know we can trust them).

    From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed.

    If it is installed on your computer.

    • by s.petry (762400)

      Oooh. People doing things without permission. Oooh. This must be stopped! Only the Authorities should have access to this sort of thing (because you know we can trust them).

      From anywhere on the globe, the software can penetrate the most private spaces, turning on computer web cameras and reading documents as they are being typed.

      If it is installed on your computer.

      It was "the Authories" that had access and used it to spy on citizens, read TFA.

      To your second point, do you really believe that they have no way of brute forcing a hunk of Spyware on to any Windows PC? I think you missed the articles last month where MS key stores were not the only thing at issue with Flame and Stuxnet, it was that the Government had agents working inside MS. A dollar says they have more than 1 "oh shit" back door on any MS PC, if not something permanently installed that they can do the

      • It was "the Authories" that had access and used it to spy on citizens...

        No shit. And do you really think that the UK authorities would have denied the company a license to sell the software to the Egyption authorities? Remember, they were our allies in the War On Terror.

        To your second point...

        Which is that this is just another bit of malware, different from the usual kind only in that it is "legit", commercial, and very expensive.

        ...do you really believe that they have no way of brute forcing a hunk

        • by s.petry (762400)

          The sarcasm in your post was obviously.. not obvious. Seems like we are thinking at least very similar.

Are we running light with overbyte?

Working...