FinSpy Commercial Spyware Abused By Governments 87
plover writes "The NY Times has a story about FinSpy, a commercial spyware package sold 'only for law enforcement purposes,' being used by governments to spy on dissidents, journalists, and others. Two U.S. computer experts, Morgan Marquis-Boire from Google, and Bill Marczak, a PhD student in Computer Science, have been tracking it down around the world. 'The software proved to be the stuff of a spy film: it can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes. The two men said they discovered mobile versions of the spyware customized for all major mobile phones. But what made the software especially sophisticated was how well it avoided detection. Its creators specifically engineered it to elude antivirus software made by Kaspersky Lab, Symantec, F-Secure and others.'"
Re:Paywall (Score:3, Informative)
Disable Javascript and you should have no trouble accessing this article.
URL (Score:2, Informative)
I think this is the missing link.
Finspy Promotional Videos (Score:5, Informative)
http://www.youtube.com/watch?v=qc8i7C659FU&NR=1&feature=endscreen [youtube.com]
https://www.youtube.com/watch?v=Dejw2G83Moo [youtube.com]
The animation and general rascality of it always make me grin.
Re:Finspy Promotional Videos (Score:4, Informative)
Re:Obligatory question (Score:2, Informative)
According to there sales brochure, yes it runs on Linux and Mac
http://wikileaks.org/spyfiles/files/0/289_GAMMA-201110-FinSpy.pdf [wikileaks.org]
Re:Finspy Promotional Videos (Score:3, Informative)
That music,
Re:Yes (Score:5, Informative)
I genuinely do not understand how people don't get this. You want to push against the big boys? Assume they have tools you've never even imagined. It's just like sterilization in medicine. You don't know what the patient has, so you treat everything they touch like it's covered in plague. Diligence, children, diligence is the key to anonymity.
You say that like it's easy for anyone to pick up the tools of the trade. It isn't. There's tor, proxies, networking protocols, you need to understand RF fields, propagation, you need to be able to do an inventory of every electronic item you possess, you need to understand the differences between PKI and symetric key encryption, and how, if, and whether encryption provides plausible deniability or not. You need to understand Tempest -- how devices can radiate RF (and thus, information) on an otherwise perfectly secured system. You also need to understand how malware operates, how to detect it... and not only do you need all this understanding and technical expertise, but the equipment required to create a sterile lab environment from which to test, assemble, and validate your builds.
Large corporations have problems getting this right because it's so complicated. Major world governments have screwed up. Actuall, all of them have. This is not just a simple matter of "spray and wipe down". Stop being so condescending, like it's just a simple matter. It's not -- not for you, not for them, not for anyone. And you can't go it alone. It's too complex for one person to navigate without making at least one mistake.