"FinFisher spyware has been updated to evade detection"
and has now been discovered in 25 countries across the globe
Awesome detection evasion there. 10/10.
Security researchers have warned that the controversial FinFisher spyware has been updated to evade detection and has now been discovered in 25 countries across the globe, many of them in APAC. FinFisher, also known as FinSpy, is produced by Anglo/German firm Gamma International and marketed as a “lawful interception” suite …
My own impression from the little I've worked with Far East Asian companies is they really don't trust their employees and often spy just as much on them as on competitors. I'm betting some of these Gamma instances are paranoid bosses spying on their own staff.
From the 'normal citizen' point of view (and the criminal's too), this is just another bit of annoying and potentially dangerous spyware. Some governments decided to join the club of spyware distributors -- let's hope that democracy (where applicable) will take care of that problem at the next election.
It's different in that Gamma International will almost certainly have a cosy relationship with the British and German security services who are so keen to snoop on their own citizens with the sanction of their respective political classes...***WHHOOOOSSSSHHHHHH***...hey did you hear that? The sound of Tory & Lib Dem politicians who had previously opposed Labour's GHCQ mega-snoop legislation swiftly changing their position when they entered Downing Street. Who knew?!
that it's actually superficially a fairly proportionate use of spying technology. The FinFisher Trojan (and the German BundesTrojaner) were not bandied about like a fire-hose, spraying the whole interwebs with eavesdropping (unlike IMP/CCDP which is just a data grab of all of our data)
The Trojan is deployed against specific (pseudo)named targets. The desk officer who's running a FinFisher Trojan deployment probably can only manage 20 to 50 victims, so there'll be a need for lots of desk officers in the state donut - for any given state - for the usual number of usual suspects.
What's bad about the FinFisher Trojan is that almost any resource-rich state seems to qualify for the software, with bollocks consideration given to human rights, but at least it's not as invasive as being rubber truncheoned by the state for the same info.
What's worse about the FinFisher Trojan (and the German BundesTrojaner) is that both of these systems can UPLOAD whatever files the desk-officer chooses - then plausibly delete and remove evidence of any infection - whilst leaving the victim stuffed with kinderpr0n, violent bestiality, terrorizm poetry that didn't exist before! In our state this might not be happening, who knows? Where is the public/parliamentary oversight, where are the audited logs of Trojan use?? - I am not a lawyer but the increasing use of FinFisher type products without seeming oversight might lead to a plausibility of 'doubt' creeping into future evidence based trials.
This idea that increasingly widespread data at rest and data on the move remote manipulation is a concern for forensic evidence needs, needs to be analysed by a professor somewhere, and explained slowly to politicians, and maybe to Gamma themselves?
FinFly
FinFly is a transparent HTTP proxy that can modify files while they are being
downloaded. Elaman has created two versions of this software; the FinFly-Lite and the FinFly-ISP. The FinFly-Lite can be used by the agency within a
local network to append FinSpy or a custom Trojan horse to executables that
are downloaded by a target computer. The FinFly-ISP can be integrated into
an Internet Provider’s network to infect en masse or targeted computers.
check for those digital certs, people
Good thing I download exe files over a VPN and compare them before I run them, just for scenarios like this to show up.