back to article Researchers claim ISPs are 'complicit' in latest FinSpy snooping rounds

A surveillance campaign utilising a new variant of FinFisher, the infamous spyware also known as FinSpy, has been tracked by security researchers. Seven countries have been affected, and in two of them, major internet providers have most likely been involved in infecting surveillance targets, according to security researchers …

  1. Anonymous Coward
    Anonymous Coward

    VLC + WinRar

    Avast is already Malware! Skype / WhatsApp are a target on your back anyway. But WinRar and VLC would seem innocuous, emphasis on seem!

    Mother*ckers! This is being used in places like Mexico by the elite there to cover up the corruption and killings etc. Sure lets go after the easy target, the messenger, such as investigative-journalists / whistleblowers / activists-protestors etc... When we're rotten as a species, we're really rotten!

    1. a_yank_lurker Silver badge

      Re: VLC + WinRar

      AC - This makes it more difficult to trust download sources for any OS but especially for Bloat. One question I have is how easy the modified code to sneak into a repository/app store?

      1. Jack of Shadows Silver badge

        Re: VLC + WinRar

        They don't have to sneak it into a repository or app store. The trap the download request and substitute their trojanized version mid-flight. I'm getting the sense that immediately checking the hash after a download but before an install is the only way around this but (1) people have not a clue on what to do let alone how to do that; (2) while extremely difficult for an individual, hash collisions can be engineered. Not at all easy, but guess what? Far easier for a nation-state than for most corporates, even an enterprise.

        Given MITM attacks nation-states are also known for using, this is an utter mess. Normally, I'd say the regular people don't need to worry about this since how many nation-states target individuals. However, this is the exact situation where being a member of the media, involvement in what are usually considered innocuous civil rights groups, or being related to or friends with either sorts, get you targeted for arrest, prison sentences, and/or death. I've been following civil rights news for decades now and that all happens on a depressingly regular basis.

        The one difference between the great powers and smaller nation-states is that the "little guys" keep it personal. Usually. Piss off my government, it's death from above and who the fuck cares who you are with. The "right" IMEI number is good enough for that.

        Pardon me while I go throw up.

        1. Dan 55 Silver badge
          Black Helicopters

          Re: VLC + WinRar

          I guess the ISP can redirect the page with the MD5 on to somewhere else too.

          You'd need to compare versions from several different places I guess.

          1. Charles 9 Silver badge

            Re: VLC + WinRar

            Except they'd probably be able to catch ALL of them by using on-the-fly stream searches for the filenames, hashes, etc.

            Even HTTPS is no th immune to the key being copied or the government mandating their store be added. If done at the outset, it'll be their certificate pinned, solving that problem.

  2. Anonymous Coward
    Anonymous Coward

    "countries with a poor reputation for human rights"

    So the UK and USA then?

    1. Aitor 1 Silver badge

      Cmon, have guts

      And post with "real" name.

      I would add Spain, Portugal, France and Germany, as countries that do not respect the law and illegally spy on their citizens.. oh, and add Australia, Canada and New Zealand, as the five eyes alliance members are the worst of the lot...

      1. Anonymous Coward
        Anonymous Coward

        Re: Cmon, have guts

        I'm in the UK, I just see us and America being the worst of the bunch when it comes to doing these sorts of things.

        The rest are playing catch up.

        There's a reason I post AC and that's because I have opinions and when I share them I don't want some smart arse trawling though previous comments looking for something unrelated to invalidate something I have written because lets be honest people are stupid. Me included. Currently on 18904 Up and 3267 Down which I don't care about but it's just to illustrate that people don't always agree and that's great because it gives me the opportunity to question myself and my own opinion.

        1. oneeye

          Re: Cmon, have guts

          Ummm, HELLLLOOOO! You still had to register to be able to Post here. And tracking you down would be fairly easy for any government or law enforcement.

          1. Anonymous Coward
            Anonymous Coward

            Re: Cmon, have guts

            "And tracking you down would be fairly easy for any government or law enforcement"

            Throwaway one-use email account? Tor entry point to access El Reg?

            1. fidodogbreath Silver badge

              Re: Cmon, have guts

              Tor entry point to access El Reg?

              They have ways of making your browser talk.

        2. Rustbucket

          Re: Cmon, have guts

          Worse than Turkey, Russia, Venezuela ?

      2. fidodogbreath Silver badge

        Re: Cmon, have guts

        Worse than China? Saudi Arabia? North Korea? Really?

        1. Bronek Kozicki Silver badge

          Re: Cmon, have guts

          ... Iran? Sudan?

          1. Anonymous Coward
            Anonymous Coward

            Re: Cmon, have guts

            "... Iran? Sudan?"

            I am reminded of a D.H.Lawrence poem - to do with what you expect of people.

            Good Husbands Make Unhappy Wives (1929)

            Good husbands make unhappy wives

            so do bad husbands, just as often;

            but the unhappiness of a wife with a good husband

            is much more devastating

            than the unhappiness of a wife with a bad husband.

        2. Teiwaz Silver badge

          Re: Cmon, have guts

          Worse than China? Saudi Arabia? North Korea? Really?

          Worse, because those in government in the 'Free World' should know better - and they hold their citizens to a higher standard (supposedly) so they should reciprocate.

  3. Aitor 1 Silver badge


    And this is why web certificates as they are are worse than useless, as anyone is "trusted".. and will issue fake ones to three digit agencies, governments, big companies, etc.

    1. alain williams Silver badge

      Re: Certificates

      But were the packages not signed with the public key of the software vendor/distributor ? Or are we dealing with a bunch like slack ?

      OK: I don't know how this is done in the windows world, and if you have never installed anything from the vendor you will not have the key (so getting it could be spoofed) ... but Skype is from Microsoft and so the Windows machine will have their signing key ... so if the installer does not complain we need to ask how the spooks got their malware signed to make it look legitimate.

    2. fidodogbreath Silver badge
      Big Brother

      Re: Certificates

      If someone is in the position to run a MITM attack, especially at the ISP level, then all bets are off.

    3. phuzz Silver badge

      Re: Certificates

      The installer for VLC on Windows is signed (twice actually, sha1 and sha256), and as long as you've not turned off 'SmartScreen', you'll get a warning if the signature isn't trusted. You can also check the sig before running the installer. It's co-signed by "Symantec Time Stamping Services Signer - G4", which may or may not make you feel more secure.

      Of course, a nation state might be able to subvert this, but if you've pissed of a country enough that they're creating fake VLC installers just for you, then you should probably not be watching videos right now...

  4. nematoad Silver badge
    Big Brother


    ESET is not naming the countries involved ("so as not to put anyone in danger," it said"

    Who are they protecting? The evil bastards running these campaigns or the poor buggers being targeted?

    If it's such a threat then least they could do is give those affected a heads up to warn them that they might be a target.

    Looks a bit spineless to me, unless of course, they are frightened of stepping on some big toes and then it's all for their own protection.

    1. Semtex451 Silver badge

      Re: Who?

      ESET just report it, they can't police it.

      Its kinda the point, the police police it and who's watching the Watchmen?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019