30-10-15.- few days ago, CitizenLab submitted its third report on the use of FinFisher spy software, which reveals that 32 countries in the world would be using FinFisher to spy on its people, including some who had not appeared in previous reports, including Spain, Paraguay and Venezuela.
What is FinFisher?
FinFisher is a suite of spyware, created and marketed by the company Gamma International, whose sole client is the government. FinFisher is marketed as software for intelligence and national security. The program is inadvertently installed on computers, cell phones and other devices of the victims, through software that poses as another-for example, a browser extension.
Although the software presents itself as a tool for fighting crime, there is ample evidence that is used primarily to investigate and attack dissidents. For example, the government of Bahrain FinFisher used to monitor some of the law, activists, journalists and leaders of the leading opposition. In Mexico, investigations revealed that it has been used by the Ministry of Public Security, the Attorney General’s Office, the Center for Investigation and National Security and the Presidential General Staff.
If you feel like you’re in a movie Hollywood, hold the keyboard: the software has the ability to capture screen images of the devices, turn on cameras and microphones, store keystrokes and record phone calls and Skype. You can also download photos, contacts, files, emails and text messages.
How it works
When a government buys FinFisher receive a server control called FinSpy Master, which is installed at the headquarters of the entity. After that, they can set anonymizer proxies (known as “FinSpy Relays”) in order to hide the location of the server control. Infected computers communicate with the anonymizer proxies, which are usually located in a Virtual Private Server in another country, which then forwards the communication between devices of the victim and the control server.
Researchers of CitizenLab, through a systematic series of consultations servers anonymity, they found that they could reveal the location of the master server when the pages returned by these applications contain location data (for example, some pages of Google, including forecasts geographically localized weather).
In 2013, Gamma was designated as one of the “enemies of the Internet” report in the newspaper Reporters Without Borders. The same year, Firefox Gamma alleged that its software was posing for Mozilla product to avoid detection, described as abusive tactics.
Map networks FinFisher proxy for CitizenLab.
Despite the hacking suffered in 2014, CitizenLab report found that there are currently more FinFisher servers in more countries than any previous round investigation. In addition to this growth, they found new clients, that did not appear above or reports CitizenLab or any of the revelations of Wikileaks: Angola, Egypt, Gabon, Jordan, Kazakhstan, Kenya, Lebanon, Morocco, Oman, Paraguay, Saudi Arabia, Slovenia, Taiwan, Turkey and Venezuela.
Venezuela Intercept traffic via Lithuania
A significant number of servers CitizenLab FinFisher that could detect, they used www.Yahoo.com as Pagna decoy. While CitizenLab could not find way to detect the exact IP address FinFisher servers falsifying traffic www.Yahoo.com , it was able to retrieve the personalized information that Yahoo sent to your browser depending on your geographic location, browse the contents of the object “userLocation” in the data that comes from there. Yahoo uses the user’s location to show personalized content such as local weather information and news.
Based on this, CitizenLab was determined that the “userLocation” object sent from the address 185.8.106.xxx (enn Lithuania ) is:
“userLocation”
{“woeid”: 395 269
“zip”, “Caracas”
“city”, “Caracas”
“state”: “Federal District”,
“country”: “Venezuela”
“countryCode”: “VE”
…}
So a server located in Lithuania, served as an “intermediary” or “proxy” for a master server located in Venezuela. This means that connections to Yahoo.com users in Venezuela, could be forwarded to Lithuania, before you go to Yahoo servers, thus, the data (including passwords) may be intercepted and analyzed without the user’s knowledge it.
While CitizenLab notes that are probably not detecting all existing facilities FinFisher, a new report has improved its ability to detect facilities and attributed some of the servers to specific institutions of certain governments. This should make it easier for activists working in the area of public policies in these countries, demand responsibility and accountability from their institutions, submit requests for information and investigate what agencies are using this software, how much money was spent on it and how purposes.
FinFisher is undetectable by traditional antivirus. If you think you may be being traced, there is a tool called DETECT which, although not infallible, can help determine if there is spyware on your computer as developed by Gamma or Hacking Team. Anyway, if you’re in one of the countries that appear on the list CitizenLab, it is wise to take additional security measures, such as using PGP encryption in your communications.
No comments:
Post a Comment