By Madison Ruppert: The FinFisher surveillance software is being used around the world to
target people, including many activists, for detailed and invasive monitoring,
according to a report released today by researchers at the Citizen Lab
of the Munk School of Global Affairs at the University of Toronto.
I previously reported on FinFisher when the FBI issued a warning to Android users about the threat posed by the software, which is incidentally heavily marketed directly to the US government.
The UK has been asked to investigate Gamma International, the firm behind the software, though nothing has come of that yet.
One of the most interesting aspects of the March 13 report is the discovery of command and control servers for FinSpy backdoors, part of the company’s “remote monitoring solution,” in 25 countries, including Western nations.
The countries include, “Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, [and] Vietnam,” according to the report.
FinSpy capabilities include: covert communication with headquarters, full Skype monitoring (calls, chats, file transfers, video and contact list), recording of email, chat and Voice-over-IP (VoIP), live surveillance through webcam and microphone,
country tracing of target, silent extracting of files from target’s hard drive, a “process-based key-logger” for faster analysis of key strokes, live remote forensics on the target system, advanced filters to record only the important information and it is capable of being deployed on Windows, Mac OSX and Linux
, according to promotional materials.
The software is also available for all major mobile phones and is specifically designed to avoid detection by the major antivirus software including Kaspersky, Symantec and F-Secure. The software is capable of bypassing 40 antivirus systems in total.
There are also indications that FinSpy has been used to target political activists in particular, evidenced by a campaign in Ethiopia using pictures of an opposition group called Ginbot 7 to bait users.
“This continues the theme of FinSpy deployments with strong indications of politically-motivated targeting,” according to the report.
The malware has also been spread through fake iTunes and Flash updates, according to a Wall Street Journal report in 2011.
The researchers have received many samples from security researchers and activist groups and in some cases, they “found that the samples reported back to Web sites run by the Gamma Group. But other samples appeared to be actively snooping for foreign governments,” according to The New York Times.
While Martin J. Muench, a Gamma Group managing director, claimed it was used mostly “against pedophiles, terrorists, organized crime, kidnapping and human trafficking,” the evidence indicates otherwise.
“Our findings highlight the increasing dissonance between Gamma’s public claims that FinSpy is used exclusively to track ‘bad guys’ and the growing body of evidence suggesting that the tool has and continues to be used against opposition groups and human rights activists,” the researchers wrote.
Notably, Muench refused to disclose what countries had been sold the highly invasive software.
There are strong indications that it is not only used for legitimate law enforcement targets, including the targeting of Bahraini activists with malicious emails that “generally suggested that the attachments contained political content of interest to pro-democracy activists and dissidents.”
The researchers discovered that the United States and Indonesia had the most FinFisher Command and Control servers discovered, though they point out that, “This may not be a full representation of all active FinFisher servers due to scanning methodology and possible concealment strategies.”
“Presence of a server does not necessarily indicate knowledge or complicity by the country as proxies are undoubtedly in use on some FinFisher deployments,” they add.
Yet the fact that US agencies have attended by far the most conferences between 2006 and 2009 selling software like FinFisher cannot be ignored.
“The unchecked global proliferation of products like FinFisher makes a strong case for policy debate about surveillance software and the commercialization of offensive cyber-capabilities,” the researchers argue.
While some, such as German Foreign Minister Guido Westerwelle, have called for an EU-wide ban on exporting this type of surveillance software to totalitarian states, one must wonder why we should think it’s fine for countries like the United States to have it.
MEP Marietje Schaake, current rapporteur for the first EU strategy on digital freedom in foreign policy, said it is “quite shocking that the EU is one of the key exporters of very repressive technologies and systems to countries like Syrian, Iran and Egypt.”
The researchers call these “countries where the rule of law is in question,” although I think one could make a strong case that the rule of law is in question in the United States, based on numerous breaches of privacy and law, as well.
I previously reported on FinFisher when the FBI issued a warning to Android users about the threat posed by the software, which is incidentally heavily marketed directly to the US government.
The UK has been asked to investigate Gamma International, the firm behind the software, though nothing has come of that yet.
One of the most interesting aspects of the March 13 report is the discovery of command and control servers for FinSpy backdoors, part of the company’s “remote monitoring solution,” in 25 countries, including Western nations.
The countries include, “Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, [and] Vietnam,” according to the report.
FinSpy capabilities include: covert communication with headquarters, full Skype monitoring (calls, chats, file transfers, video and contact list), recording of email, chat and Voice-over-IP (VoIP), live surveillance through webcam and microphone,
country tracing of target, silent extracting of files from target’s hard drive, a “process-based key-logger” for faster analysis of key strokes, live remote forensics on the target system, advanced filters to record only the important information and it is capable of being deployed on Windows, Mac OSX and Linux
, according to promotional materials.
The software is also available for all major mobile phones and is specifically designed to avoid detection by the major antivirus software including Kaspersky, Symantec and F-Secure. The software is capable of bypassing 40 antivirus systems in total.
There are also indications that FinSpy has been used to target political activists in particular, evidenced by a campaign in Ethiopia using pictures of an opposition group called Ginbot 7 to bait users.
“This continues the theme of FinSpy deployments with strong indications of politically-motivated targeting,” according to the report.
The malware has also been spread through fake iTunes and Flash updates, according to a Wall Street Journal report in 2011.
The researchers have received many samples from security researchers and activist groups and in some cases, they “found that the samples reported back to Web sites run by the Gamma Group. But other samples appeared to be actively snooping for foreign governments,” according to The New York Times.
While Martin J. Muench, a Gamma Group managing director, claimed it was used mostly “against pedophiles, terrorists, organized crime, kidnapping and human trafficking,” the evidence indicates otherwise.
“Our findings highlight the increasing dissonance between Gamma’s public claims that FinSpy is used exclusively to track ‘bad guys’ and the growing body of evidence suggesting that the tool has and continues to be used against opposition groups and human rights activists,” the researchers wrote.
Notably, Muench refused to disclose what countries had been sold the highly invasive software.
There are strong indications that it is not only used for legitimate law enforcement targets, including the targeting of Bahraini activists with malicious emails that “generally suggested that the attachments contained political content of interest to pro-democracy activists and dissidents.”
The researchers discovered that the United States and Indonesia had the most FinFisher Command and Control servers discovered, though they point out that, “This may not be a full representation of all active FinFisher servers due to scanning methodology and possible concealment strategies.”
“Presence of a server does not necessarily indicate knowledge or complicity by the country as proxies are undoubtedly in use on some FinFisher deployments,” they add.
Yet the fact that US agencies have attended by far the most conferences between 2006 and 2009 selling software like FinFisher cannot be ignored.
“The unchecked global proliferation of products like FinFisher makes a strong case for policy debate about surveillance software and the commercialization of offensive cyber-capabilities,” the researchers argue.
While some, such as German Foreign Minister Guido Westerwelle, have called for an EU-wide ban on exporting this type of surveillance software to totalitarian states, one must wonder why we should think it’s fine for countries like the United States to have it.
MEP Marietje Schaake, current rapporteur for the first EU strategy on digital freedom in foreign policy, said it is “quite shocking that the EU is one of the key exporters of very repressive technologies and systems to countries like Syrian, Iran and Egypt.”
The researchers call these “countries where the rule of law is in question,” although I think one could make a strong case that the rule of law is in question in the United States, based on numerous breaches of privacy and law, as well.
No comments:
Post a Comment