Feeds

back to article Google engineer finds British spyware on PCs and smartphones

Two security researchers have found new evidence that legitimate spyware sold by British firm Gamma International appears to be being used by some of the most repressive regimes in the world. Google security engineer Morgan Marquis-Boire and Berkeley student Bill Marczak were investigating spyware found in email attachments to …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Honest Guv

I didn't sell it to them...... Directly!

Ok so I knew the reseller would pass the product on, but who am I to complain, I only want to make money after all. Not my problem!

8
0
Anonymous Coward

For once

For once the Americans are trailing in our wake............

Nope they are just better at hiding it.

0
1
Trollface

It's actually rather nice to see that we're a market leader in some field or other, for a change. Mind you, the electro-prod and barbedwire codpiece market's a bit thin these days, sadly...!

7
0
Anonymous Coward

From the headline I was expecting an article about British spook spyware turning up on certain computers controlling critical infrastructure or sensitive projects throughout countries in the middle east.

I'm kind of disappointed now. It was nice for a while to think that our shadowy services aren't actually as incompetent as they usually seem.

1
0
Anonymous Coward

It was nice for a while to think that our shadowy services aren't actually as incompetent as they usually seem.

.. or so they want you to think .. (you never know with that lot)

0
0
Silver badge
Gimp

what's the point of a thin codpiece?

Unless you're selling to masochists...

Do you have a website?

0
0
Silver badge
Thumb Down

"legitimate spyware"

'nuff said.

13
0
Black Helicopters

Re: "legitimate spyware"

That is an oxymoron if ever one existed.

0
0
Bronze badge

Re: "legitimate spyware"

> That is an oxymoron if ever one existed.

You doubt that military intelligence is run by moronic bovines?

Here is my interpretation of The (as yet to happen) Margaret Thatcher icon complete with cheese eater grin:

0
1

Re: "legitimate spyware"

You can have legal spyware the same as you can have legal phone taps, legal guns, legal imprisonment, legal forced entry, ....

Normal / Legal are what "we" define them to be where "we" is a majority in a democracy - y'know the Tories got over 50% of the country voting for them ... or not.

DaveF

0
0
Silver badge
Big Brother

Yeah, but these are _OUR_ repressive regimes.

Which we finance by subsidies and/or "defense cooperation"

The evil begins in your minister's office, then oozes outwards!

7
0
MrF
Trollface

Speaking as an American, I'd like to...

...thank you lot for taking the pressure off us, via this delightful demonstration that UK-based slimeballs are at least so cheerfully vile and reprehensible as our home-grown variety. Greatly appreciated.

Next time we can return the favor -- say, by distracting the world press with a routine Mideaast invasion or perhaps just some despicable human rights violation(s) -- please don't hesitate to ask. ::mwah!::

19
0
Anonymous Coward

::mwah!::

I know you guys are a tad behind in IP6 - I'd revisit that IP address if I were you :).

6
1
Bronze badge

Re: Speaking as an American, I'd like to...

What are you talking 'bout, "taking the pressure off"? Did you forget that the likes of Cisco still sell hardware that will allow countries to ban facebook, google, g+, and even write and modify on the fly any number of rules that will ban google play but allow g+? Or, do all sorts of pictture-building?

Eventually, cisco will be back in the news, and maybe even some of their shadow subsids intended to misdirect involvement of parent companies...

But, as for the spyware, below is a cross-post I ran too long (in the ms facebook bing thread) and part of it sort of fits here:

"Pretty soon, unless the social sites are delibertately acting as staging grounds for spies, then spies and investigators and brain-fucked repressive regimes will rely on:

http://www.theregister.co.uk/2012/08/31/finspy_gamma_polcie_spying/

Anyone besides me find "Gamma" to sound like the name of pron industry or lubrication products? (No, I'm not thinking of the Gamma Quadrant, hahaha). Maybe it was tongue-in-cheek (or, tongue-round-shaft?) for this spook/spy- company. I wonder how they sleep at night knowing that they took profit over someone's life, limb, or liberty. Sure, CERTAIN people (read, miscreants) do need spying on and to be arrested, but selling the shitware to repressive regimes should come with a back door to take down those regimes, not snuff out individuals who might just be a vocal thorn rather than an actual bomber.

I have a sneaking suspicion that that software can also cripple built-in refresh buttons in the android phones.

Yet, this could be yet another reason why Google makes it a royal pain in the ass to easily root our devices. It's not just that we might nix the adverts (which indeed would hurt google's bottom line if their reports reflect that to paying sponsors), but the governments with business permit powers would just revoke Google's charter to do business in an affected country, maybe even ban the presence of the software. One would think, however, that if that were the case, then countries like China would INVITE google, g+, and facebook so they can trojan the phones and get at the accounts, even if VPN stuff is in use. Ooops, shit, ideas? No, surely they can think of it or already have. That's why I suspect surgical crippling of Android devices is already in play..."

0
3
Silver badge
WTF?

Umm

I'm kind of flaky on this 'legitimate spyware' idea

2
0
Silver badge
Big Brother

Re: Umm

Ah, well you see it's only *bad* spyware if someone else developed it.

When it's ours, it's ok...

4
0
FAIL

British spyware?

Developed by a German conglomerate, and sold by one of their subsidiaries that just happens to be UK based???

So why is this British as opposed to German? And more to the point, in this day of globalisation, why does it matter where the company is from?

7
0

Re: British spyware?

The German company is the subsidiary. It is owned by Gamma Group, which is a British company based in Andover.

1
0

Re: British spyware?

Don't tell him your name, Pike!

7
0
Bronze badge

Re: British spyware?

And, given hand over fisting and handover fisting, the accused subjects could easily end up in a deep, dank, dark place called "Bend Over", just south of Bendover...

0
2
Anonymous Coward

Still developed by the Germans

Gamma may be a British company but the software has been developed by the Germans (German technology, not British, but that's no surprise as Germans are very experienced in spying on their own people!), so all the British part is good at is selling it to regimes that shouldn't really have it.

0
0
Silver badge
FAIL

Re: Still developed by the Germans

You are clearly one stupid AC - it is a *British* company, period.

If they use people/resource in India, Germany, Hungary or Bangladesh or even on the Moon, it's STILL A BRITISH PRODUCT due to the company.

0
0
Black Helicopters

Paging Mark Thomas..

Same malarky as the Royal Ordnance and Hechler/Kock Transhippment-Two-Step, made much easier by the fact that you don't have a physical product. Arms Dealers gone virtual.

<<< well it's early, and i've only had one coffee..

4
0
Anonymous Coward

implausible deniability

"rather that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere"

1
0
Joke

Re: implausible deniability

Reckon they googled 'finspy activation code' and entered it into the demo to enable full functionality?

2
0
Unhappy

Oh, the shame...

...finally, something we are 'world leaders' in. Only it sucks arse. Bah!

2
0
Anonymous Coward

You wont find it on IOS

Obviously once Android is gone we can more easily get back to peaceful ignorance.

0
2
Anonymous Coward

Re: You wont find it on IOS

Ummm ....ya think?

http://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile/

It was developed for Arm7, built against iOS SDK 5.1 on OSX 10.7.3 and it appears that it will run on iPhone 4, 4S, iPad 1, 2, 3, and iPod touch 3, 4 on iOS 4.0 and up."

2
1
Anonymous Coward

Re: You wont find it on IOS

Er no, it was developed on iOS to target arm, but it won't install on anyone's iOS device because iOS is locked down and you can't install apps that have not been granted a distribution certificate by Apple. You could install it on Jailbroken iOS. It's fine holding an opinion on iOS and to dislike its closed nature. It's not ok to try and distort facts and ignore the obvious and real benefit such a closed system brings.

1
3
Anonymous Coward

Re: You wont find it on IOS

Q) How do you know that Apple would not grant a distribution certificate?

A) You don't - Its a closed system!

7
0
Silver badge

Re: You wont find it on IOS

To be fair AC a.k.a. the OP said "you won't find it". Perhaps it was a reference to it being better hidden in the free [insert whatever the kiddies targets are into here] apps.

0
0

Re: You wont find it on IOS

It would appear that you don't understand why 0-day exploits are so expensive these days, and what they are used for.

Hint: you don't need Apple to install a trojan.

0
0
Anonymous Coward

Re: You wont find it on IOS

"How do you know that Apple would not grant a distribution certificate?"

You don't know Apple won't grant a distribution certificate. Instead you know all the evidence points to the fact iOS is much more secure, with story after story like this one where iOS is not one of the compromised systems. Your criticism is based on wish, not the reality.

One day, no doubt, Apple will wrongly grant a distribution certificate to something that does real harm, then for sure there will be big headlines. Evidentially that has not occurred on iOS (the worst so far published being Apple granting a distribution certificate for an App that grabbed user contact data) I expect that will occur with far less frequency than other smartphone platforms, ergo, the user is safer on iOS. When and if it does occur, the app will be quickly revoked.

The simple fact is, with app submission Apple can run lots of checks for stock exploits. Simply having that extra precaution alone represents a huge reduction of the risk profile of the platform.

1
3
Anonymous Coward

Re: You wont find it on IOS

Apple would be required to issue one with a court order. You don't think a the police or the government couldn't get a judge to sign off on the the software to be installed on at least phone? Since that would require a distribution cert, they just got one and now the software could be installed on any iOS device.

MeeGo was open, it didn't make the list. So be closed doesn't mean it is better. Closed can just make it easier; after all, you could jailbreak an iOS with a specially crafted PDF file. Yeah, that is secure. Oh, the PDF reader was created by Apple.

2
0
Bronze badge
Mushroom

Re: You wont find it on IOS

But IOS is totally insecure and has over 300 known security vulnerabiities. You can root your phone just be visiting a website. Therefore it would be trivial for a funded attacker to exploit IOS and install whatever they wanted.

1
5

Re: You wont find it on IOS

If you can 'root' your iPhone just by visiting a website you really should update your OS.

On the other bandwidth a 0 day going for $250k I can't believe people are willing to pay that much without using it for something nefarious.

0
0
Anonymous Coward

Re: You wont find it on IOS

"you can't install apps that have not been granted a distribution certificate by Apple"

Troll or stupid? I can't decide. Malware, installed for whatever purpose, is either installed inside something legit, or via exploits. There are plenty of exploits for iOS, one of them was most useful when I wanted to root my iPad, so I could run ad blockers and stuff, as it goes.

Oddly, it was not signed by Apple.

0
0
Silver badge

A fine British achievement

Makes you proud, doesn't it?

Nah. It makes me wonder about the hypocrisy inherent in our desire, along with the US, to spread our democracy around the world.

That we allow a company based in the UK to sell software which is so easily used to suppress people suggest that the high ground has been well and truly ceded.

4
0
Megaphone

That the reason for Love CyanogenMod.

Usually I reject any build made from xda-dev.

Of course, I do not expect any security in Vodafone, Movistar or any other customized Android build.-

1
0
Anonymous Coward

I am suprised the Egypt government bothered to pay for the software, if your gonna spy on your citizens then you might as well steal the software to do it. Bet you can find a cracked version on some warez website.

I have seen cracked copies of the encase software used by the police to search your pc if you get nicked on warez sites and that costs tens of thousands for a legit copy.

1
0

Indeed Hypocracy.

Come to think of it, I wanted to send an IBM PC in 1987 (a very basic model, not even windows) to a Tanzanian associate trading office, and had to get a Licence from Department of Trade to "export" it.

The time and paperwork involved was horrendous.

1
0
Coat

Pick the right answer, with Jim Hacker

a) A proper British gentleman would never stoop to spyware.

b) Beastly colonials might be tempted to peek once in a while, but know it's wrong.

c) Bloody Johnny Foreigner has no scruples at all.

Yes, Minister; the answer's 'C'

0
0
Big Brother

Legitimate Spyware?

Maybe I'm a bit slow on the uptake, but I always thought that spyware was the realm of the bad guys. Is there a legal remedy to it, or is it illegal for my legitimate anti-spyware provider to detect and/or remove this legitimate spyware? If it is illegal for them to do that, must I then somehow acquire some illegitimate anti-spyware program in order to keep my system free of all spyware? Do the authorities require a warrant to install that stuff on my machine, or can they simply trick me into installing it like the bad guys do? Is legitimate spyware like legitimate arms dealing, legitimate human trafficking, legitimate murder, etc.? That is, is it OK if the government or the police do it, but not anybody else? I'm getting very confused.

3
0
Anonymous Coward

new wolrd order

i hope you like oppression

0
0
Anonymous Coward

Re: new wolrd order

I never knew before what New World Order meant. Now I know it means that the letters in world will be written in a different order, I'm not so worried about it. Bring on the ossreppion, I say!

4
0
Devil

Re: new wolrd order

NOOOOOOOO !!!

anyone but those nasty Ossreppions .. with their laser eyes .. silicon claws .. wireless implants

0
0
FAIL

Dunno where you got "Johnny Geds" from - the article clearly references "Johnny Debs" several times.

0
0
Anonymous Coward

oh noes privacy international! I'm sure they'll be cowering after all the large bomb dropping physical hardware we've sold these regimes privacy international are just the guys needed to take us to task...

1
0
Bronze badge

Time to buy stock (if it is possible) in mfrs of Evidence Bags

And stylized privacy bags....

Hell, why buy stock? Why not fashion my own fashion bags and sell THEM. Might make a tidy profit on an untidy business. But, the paperwork would be hell, getting across borders of countries. Or, I might just be made to "disappear", bagged in a super-sized bag-o-mine...

On second thought, ordinary people may not want to go into that line of work without protection, like a $2billion hit contract on the sourcce of ones disappearance. Is that legal? Forming a bounty on the fuckers who might kill you? Could drive up stocks, though, and get the economy rolling along again -- for a FEW years... A few STRESSFUL-AS-HELL years, no doubt...

0
1
Devil

Oppression, Off The Shelf

Thanks unfettered Capitalism!

0
0

Page:

This topic is closed for new posts.