back to article Researchers claim ISPs are 'complicit' in latest FinSpy snooping rounds

A surveillance campaign utilising a new variant of FinFisher, the infamous spyware also known as FinSpy, has been tracked by security researchers. Seven countries have been affected, and in two of them, major internet providers have most likely been involved in infecting surveillance targets, according to security researchers …

Anonymous Coward

VLC + WinRar

Avast is already Malware! Skype / WhatsApp are a target on your back anyway. But WinRar and VLC would seem innocuous, emphasis on seem!

Mother*ckers! This is being used in places like Mexico by the elite there to cover up the corruption and killings etc. Sure lets go after the easy target, the messenger, such as investigative-journalists / whistleblowers / activists-protestors etc... When we're rotten as a species, we're really rotten!

8
2
Silver badge

Re: VLC + WinRar

AC - This makes it more difficult to trust download sources for any OS but especially for Bloat. One question I have is how easy the modified code to sneak into a repository/app store?

2
2
Silver badge

Re: VLC + WinRar

They don't have to sneak it into a repository or app store. The trap the download request and substitute their trojanized version mid-flight. I'm getting the sense that immediately checking the hash after a download but before an install is the only way around this but (1) people have not a clue on what to do let alone how to do that; (2) while extremely difficult for an individual, hash collisions can be engineered. Not at all easy, but guess what? Far easier for a nation-state than for most corporates, even an enterprise.

Given MITM attacks nation-states are also known for using, this is an utter mess. Normally, I'd say the regular people don't need to worry about this since how many nation-states target individuals. However, this is the exact situation where being a member of the media, involvement in what are usually considered innocuous civil rights groups, or being related to or friends with either sorts, get you targeted for arrest, prison sentences, and/or death. I've been following civil rights news for decades now and that all happens on a depressingly regular basis.

The one difference between the great powers and smaller nation-states is that the "little guys" keep it personal. Usually. Piss off my government, it's death from above and who the fuck cares who you are with. The "right" IMEI number is good enough for that.

Pardon me while I go throw up.

3
1
Silver badge
Black Helicopters

Re: VLC + WinRar

I guess the ISP can redirect the page with the MD5 on to somewhere else too.

You'd need to compare versions from several different places I guess.

1
1
Silver badge

Re: VLC + WinRar

Except they'd probably be able to catch ALL of them by using on-the-fly stream searches for the filenames, hashes, etc.

Even HTTPS is no th immune to the key being copied or the government mandating their store be added. If done at the outset, it'll be their certificate pinned, solving that problem.

0
1
Anonymous Coward

"countries with a poor reputation for human rights"

So the UK and USA then?

19
3
Silver badge

Cmon, have guts

And post with "real" name.

I would add Spain, Portugal, France and Germany, as countries that do not respect the law and illegally spy on their citizens.. oh, and add Australia, Canada and New Zealand, as the five eyes alliance members are the worst of the lot...

5
3
Anonymous Coward

Re: Cmon, have guts

I'm in the UK, I just see us and America being the worst of the bunch when it comes to doing these sorts of things.

The rest are playing catch up.

There's a reason I post AC and that's because I have opinions and when I share them I don't want some smart arse trawling though previous comments looking for something unrelated to invalidate something I have written because lets be honest people are stupid. Me included. Currently on 18904 Up and 3267 Down which I don't care about but it's just to illustrate that people don't always agree and that's great because it gives me the opportunity to question myself and my own opinion.

8
2
Silver badge

Re: Cmon, have guts

Worse than China? Saudi Arabia? North Korea? Really?

4
2
Silver badge

Re: Cmon, have guts

... Iran? Sudan?

2
1
Anonymous Coward

Re: Cmon, have guts

"... Iran? Sudan?"

I am reminded of a D.H.Lawrence poem - to do with what you expect of people.

Good Husbands Make Unhappy Wives (1929)

Good husbands make unhappy wives

so do bad husbands, just as often;

but the unhappiness of a wife with a good husband

is much more devastating

than the unhappiness of a wife with a bad husband.

4
1

Re: Cmon, have guts

Ummm, HELLLLOOOO! You still had to register to be able to Post here. And tracking you down would be fairly easy for any government or law enforcement.

0
4
Anonymous Coward

Re: Cmon, have guts

"And tracking you down would be fairly easy for any government or law enforcement"

Throwaway one-use email account? Tor entry point to access El Reg?

2
1
Silver badge

Re: Cmon, have guts

Tor entry point to access El Reg?

They have ways of making your browser talk.

0
1
Silver badge

Re: Cmon, have guts

Worse than China? Saudi Arabia? North Korea? Really?

Worse, because those in government in the 'Free World' should know better - and they hold their citizens to a higher standard (supposedly) so they should reciprocate.

2
1

Re: Cmon, have guts

Worse than Turkey, Russia, Venezuela ?

1
1
Silver badge

Certificates

And this is why web certificates as they are are worse than useless, as anyone is "trusted".. and will issue fake ones to three digit agencies, governments, big companies, etc.

3
1
Silver badge

Re: Certificates

But were the packages not signed with the public key of the software vendor/distributor ? Or are we dealing with a bunch like slack ?

OK: I don't know how this is done in the windows world, and if you have never installed anything from the vendor you will not have the key (so getting it could be spoofed) ... but Skype is from Microsoft and so the Windows machine will have their signing key ... so if the installer does not complain we need to ask how the spooks got their malware signed to make it look legitimate.

0
1
Silver badge
Big Brother

Re: Certificates

If someone is in the position to run a MITM attack, especially at the ISP level, then all bets are off.

0
1
Silver badge

Re: Certificates

The installer for VLC on Windows is signed (twice actually, sha1 and sha256), and as long as you've not turned off 'SmartScreen', you'll get a warning if the signature isn't trusted. You can also check the sig before running the installer. It's co-signed by "Symantec Time Stamping Services Signer - G4", which may or may not make you feel more secure.

Of course, a nation state might be able to subvert this, but if you've pissed of a country enough that they're creating fake VLC installers just for you, then you should probably not be watching videos right now...

0
1
Silver badge
Big Brother

Who?

ESET is not naming the countries involved ("so as not to put anyone in danger," it said"

Who are they protecting? The evil bastards running these campaigns or the poor buggers being targeted?

If it's such a threat then least they could do is give those affected a heads up to warn them that they might be a target.

Looks a bit spineless to me, unless of course, they are frightened of stepping on some big toes and then it's all for their own protection.

5
1
Silver badge

Re: Who?

ESET just report it, they can't police it.

Its kinda the point, the police police it and who's watching the Watchmen?

2
2

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017