Slashdot Mirror
FinSpy Commercial Spyware Abused By Governments
plover writes "The NY Times has a story about FinSpy, a commercial spyware package sold 'only for law enforcement purposes,' being used by governments to spy on dissidents, journalists, and others. Two U.S. computer experts, Morgan Marquis-Boire from Google, and Bill Marczak, a PhD student in Computer Science, have been tracking it down around the world. 'The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes. The two men said they discovered mobile versions of the spyware customized for all major mobile phones. But what made the software especially sophisticated was how well it avoided detection. Its creators specifically engineered it to elude antivirus software made by Kaspersky Lab, Symantec, F-Secure and others.'"
Seriously, you give an infant a toy, they're not going to listen to how you tell them to play with it.
What do I know, I'm just an idiot, right?
STOP linking to articles that are behind paywalls!
Does it run on Linux?
Police abusing their authority and spying on the people they swore to protect? I'm shocked. Shocked!
It has always concerned me the loopholes which you know are being abused.
Sure, the government isn't 'legally' allowed to spy on citizens without following the Constitution. But that doesn't hold for 3rd Parties. Nor does it hold true for other governments.
Oh the government didn't conduct the surveillance, it just purchased the already performed surveillance dataset from 'Private Investigation Company XYZ'. See, it was the private company that did the spying, not the government. The data wasn't only spy data, it was also available to be sold to marketing firms, so it isn't just a shell for the government, the government just happens to buy from them. A lot.
I'm also really curious to know about the whole 'sharing' of intelligence data.
Sure, our intelligence agencies aren't 'supposed' to spy on US citizens, but they can spy on UK citizens. And the UK agencies ARE spying on the US citizens. So when that data package from the UK agencies is shared with the US agencies, it's just a convenient benefit. The US agencies didn't technically do anything to perform the spying, they just benefit from it.
I'm sure I'm being paranoid, but it doesn't even require maliciousness on behalf of the agencies. It just requires people who try really hard to do their jobs. Something that is technically legal can be immoral, unethical, evil, oppressive, and counter-productive... but technically legal is still legal.
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
How can I detect that I am infected with FinSpy !
Two promotional videos of these pricks and their man-in-the-middle wares:
http://www.youtube.com/watch?v=qc8i7C659FU&NR=1&feature=endscreen
https://www.youtube.com/watch?v=Dejw2G83Moo
The animation and general rascality of it always make me grin.
Forward! -- Emperor Norton, 2012
Contractor/Vendor: "Here is a hammer. Its use for driving nails. YOU MAY NOT use it to murder people. Understand? No murdering."
Government: "Ok. No murdering."
Frankly, I don't see the problem.
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
Let's mention ways around such threats:
Boot from a live Linux CD/DVD (preferable as they are read-only, with some specialty exceptions) or USB key/CF card/other flash media.
Do your business, and your "innocent" Windows drive is untouched. Surf only "wholesome" sites on Windows and create a convincing alternate identity.
MAC spoofing is easy and there is plenty of info on it.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
The moral of the story is this: dissidents should airgap any system they use for sensitive/secret material.
I genuinely do not understand how people don't get this. You want to push against the big boys? Assume they have tools you've never even imagined. It's just like sterilization in medicine. You don't know what the patient has, so you treat everything they touch like it's covered in plague. Diligence, children, diligence is the key to anonymity.
Is it wrong that this exists? Probably. Are you naive for believing that these types of tools aren't used every day? Absolutely.
I genuinely do not understand how people don't get this. You want to push against the big boys? Assume they have tools you've never even imagined. It's just like sterilization in medicine. You don't know what the patient has, so you treat everything they touch like it's covered in plague. Diligence, children, diligence is the key to anonymity.
You say that like it's easy for anyone to pick up the tools of the trade. It isn't. There's tor, proxies, networking protocols, you need to understand RF fields, propagation, you need to be able to do an inventory of every electronic item you possess, you need to understand the differences between PKI and symetric key encryption, and how, if, and whether encryption provides plausible deniability or not. You need to understand Tempest -- how devices can radiate RF (and thus, information) on an otherwise perfectly secured system. You also need to understand how malware operates, how to detect it... and not only do you need all this understanding and technical expertise, but the equipment required to create a sterile lab environment from which to test, assemble, and validate your builds.
Large corporations have problems getting this right because it's so complicated. Major world governments have screwed up. Actuall, all of them have. This is not just a simple matter of "spray and wipe down". Stop being so condescending, like it's just a simple matter. It's not -- not for you, not for them, not for anyone. And you can't go it alone. It's too complex for one person to navigate without making at least one mistake.
#fuckbeta #iamslashdot #dicemustdie
You are correct, staying truly anonymous and maintaining that anonymity is fucking hard. Staying clean in the Wild-Wild-Web is also fucking hard if you have to frequent bad-guy hangouts. BUT, if you have dirt, and I mean world-changing, put your ass in jail forever/disappear you in the night style dirt, it would be in your best interest to start learning those tools of the trade, or to find someone who already knows.
I apologize, the tone was lighthearted, I assure you. My message wasn't that it is easy. My message is simply that many people who are found out, and prosecuted for their on-line activities are rarely able to say that they did all they could to stay anonymous.
The moral of the story is this: dissidents should airgap any system they use for sensitive/secret material.
What about the Free journalists in countries like the USA where they should not be considered "dissidents"? Perhaps this was just an oversight on your part. In the USA, many Journalists are called dissidents by US Government Agencies (CIA/DHS/TSA) but that is not correct constitutionally.
I genuinely do not understand how people don't get this. You want to push against the big boys? Assume they have tools you've never even imagined. It's just like sterilization in medicine. You don't know what the patient has, so you treat everything they touch like it's covered in plague. Diligence, children, diligence is the key to anonymity.
Is it wrong that this exists? Probably. Are you naive for believing that these types of tools aren't used every day? Absolutely.
As with my comment above, there is a danger in suggesting that _all_ journalists are dissidents, and that _any_ or _all_ Governments should be actively fighting against free journalism. In the last 50 years in the US, we have lost the wisdom of JFK. The full text can be found here in both edited and unedited form. Before you claim "but but conspiracy blah blah" go read the full fucking speech you lazy pricks! (not to be interpreted as the poster I'm responding to)
This deadly challenge imposes upon our society two requirements of direct concern both to the press and to the President–two requirements that may seem almost contradictory in tone, but which must be reconciled and fulfilled if we are to meet this national peril.I refer, first, to the need for a far greater public information; and, second, to the need for far greater official secrecy.
The very word “secrecy” is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths and to secret proceedings. We decided long ago that the dangers of excessive and unwarranted concealment of pertinent facts far outweighed the dangers which are cited to justify it. Even today, there is little value in opposing the threat of a closed society by imitating its arbitrary restrictions. Even today, there is little value in insuring the survival of our nation if our traditions do not survive with it. And there is very grave danger that an announced need for increased security will be seized upon by those anxious to expand its meaning to the very limits of official censorship and concealment. That I do not intend to permit to the extent that it is in my control. And no official of my Administration, whether his rank is high or low, civilian or military, should interpret my words here tonight as an excuse to censor the news, to stifle dissent, to cover up our mistakes or to withhold from the press and the public the facts they deserve to know.
But I do ask every publisher, every editor, and every newsman in the nation to reexamine his own standards, and to recognize the nature of our country’s peril. In time of war, the government and the press have customarily joined in an effort based largely on self-discipline, to prevent unauthorized disclosures to the enemy. In time of “clear and present danger,” the courts have held that even the privileged rights of the First Amendment must yield to the public’s need for national security.
I have added some emphasis on key items for consideration. We are beyond simply censoring news, we now have the NY Post sending stories pre-editor to CIA for preview. We now have media claiming racism on any criticism of Politics (hell, even Rush Limbaugh went off on that one today).
I implore you to read the full speech and keep things in context. Evaluate where we have gone in the last 50 years, inductive reason should tell you that it has not been forward. To claim "no sense in fighting technology" is an ignorant stance suggesting we should all just say fuckit and stop being free.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
"What about the Free journalists in countries like the USA where they should not be considered "dissidents"? Perhaps this was just an oversight on your part. In the USA, many Journalists are called dissidents by US Government Agencies (CIA/DHS/TSA) but that is not correct constitutionally." - Silly hippie, free speech is one step away from godless communism and definitely an un-American activity.