Government malware (e.g. FinFisher) - what's the situation in various countries?

11 replies [Last post]
traxter
Offline
Joined: 03/23/2018

Hi everybody,

I would like to talk about malware used by government agencies and what is known about it around the world.

Information is often hard to find, so I would like to collect all that has become known to public audiences so far.

An example is the infamous FinFisher - various countries use it, but many also have developed their own malware.

In my eyes, this is not only a problem in countries ruled by dictators (where it leads to violation of human rights); it also bears risks for people in democratic countries (since such malware often depends on security holes, which are kept secret from public and thus is also affecting innocent people).

So raising information would mainly have two benefits:
- helping journalists and human rights activists living in China, Russia and similar countries
- giving people in the (still?) free world enough knowledge to recognize the risks and start a public discourse

I'm mainly interested in the following points:
- names of such malware
- used in what country
- affected operating systems
- capabilities
- ways of infection

I want to make clear that this thread is only about collecting information that is known or can be researched by public anyway, since I don't want to get anybody in trouble.

Looking forward to your replies

freemedia
Offline
Joined: 09/14/2018

one of the sites my library links to is the citizen lab, who did this report on finfisher in 2013: https://citizenlab.ca/2013/04/for-their-eyes-only-2/

but you might find more up to date information here: https://citizenlab.ca/category/research/targeted-threats/

as i just went there and found stories like:

sept 18 (this year): HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
dec 6 (last year): Commercial Spyware: The Multibillion Dollar Industry Built on an Ethical and Legal Quagmire
same day: Champing at the Cyberbit: Ethiopian Dissidents Targeted with New Commercial Spyware

theres a tonne of information on this, for example the 2013 report says:

"We have identified FinFisher Command & Control servers in 11 new Countries. Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria, Austria."

old news, but probably still relevant. i mean, id follow up on those countries.

"Taken together with our previous research, we can now assert that FinFisher Command & Control servers are currently active, or have been present, in 36 countries." (and it lists them)

so from those two links, you could be researching this for hours and hours. and i too would be interested in what replies this thread brings.

incidentally, when i found out a certain v-named company that rhymes with "horizon" was participating in something like that, i terminated my mobile contract. i dont like any of the mobile companies, and i would sooner stop purchasing internet than use the death star (old nickname for verizons biggest competitor) but nonetheless i always try to use the least evil company for mobile. no, im not sure who that is either.

traxter
Offline
Joined: 03/23/2018

Thanks for this long and good reply :)

I will take a closer look at the sources you mentioned over the next days, they seem very promising.

I'm really concerned to hear that companies seem to cooperate in such a way...but actually it's not that surprising

nadebula.1984
Offline
Joined: 05/01/2018

Name of malware: WeChat
Used in: China and "Belt and Road" countries
Affected OSes: Windows, Android, macOS, iOS (thankfully, Tencent refuses to "support" GNU/Linux)
Capabilities: A universal malware
Ways of infection: Social inertia (thanks to the (in)famous Chinese Firewall blocking nearly all competitors)

traxter
Offline
Joined: 03/23/2018

I recently saw a documentation on WeChat and how people are almost forced to use it, it's incredible...

Good to hear it doesn't even run on GNU/Linux. I wonder how effective it would be on GNU/Linux.

You are from China, aren't you? How does it affect your digital life that you don't use this app?

nadebula.1984
Offline
Joined: 05/01/2018

In such a repressive tyrannical regime like China, nothing is incredible.

We are resisting the tyrannies as well as we could.

traxter
Offline
Joined: 03/23/2018

Are there any alternatives to WeChat that you can use? Or do you have to do all your communication over calls and SMS messages?

I would really like to hear more about your situation in China and how you handle it, if this is okay for you.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>a documentation

If by that you mean 'documentary' please post the relevant link. I will thank you in advance posting a link back, and yes it is quite on topic.. cheers o/

https://www.imdb.com/title/tt5971920/

it's not bad, watch it

traxter
Offline
Joined: 03/23/2018

Yes, I meant 'documentary'...my English still isn't perfect :-/

However, it was about the basic situation in China (regarding civil and human rights) and the part about surveillance via WeChat was rather short.

But if my research over the next weeks brings up any good stuff about it, I will post it here.

Thanks for the link, definitely sounds interesting.

freemedia
Offline
Joined: 09/14/2018

apart from things like intel me, which certainly dont make non-free os more reasonable (or, if it doesnt matter: then if youre handcuffed, you might as well have leg irons too?) china also makes a ridiculously large percentage of our hardware.

as it becomes cheaper and even trivial to implement malicious firmware and hardware (and microcode) china (and not only china) will be able to do terrible things with regards to computing. of course if they go to far, it will start a war. but short of that, lenovo has already implemented malicious firmware that only targets windows (but doesnt have to stop there.)

imo one of two things is strictly inevitable: free (faif) hardware, or losing control of our computing to malicious chip manufacturers, including chinese ones. dont let the obvious (relevant) example of china make you think im picking on anybody. any virtual monopoly in this regard is dangerous, china is just a particularly bad one. free hardware will be a necessity (sooner or later) for computing to remain free. im glad people are already working on it, however modest (and financially costly) the efforts-- of course, that will continue until we get there. but i dont think the present monopolies will ever behave significantly better.

i do think we should be proud of our free software. i think its important (my opinion) to openly admit that its no longer enough-- even though we dont yet have the hardware alternatives we need, and wont soon-- the best we can do in this regard today is "better than ever before." ryf is really really good, lemote was (is?) really good (did i read some policy changed with them that makes them a little less free? i used to own one.) but even if hardware "ryf" its of course not the same level of autonomy that free sw provides. that would be impossible so far-- unfortunately.

it means that manufacturers can behave badly and theres nothing we can do except shop elsewhere, which is basically the situation we were in with software prior to gnu/linux. im not saying its bleak, just ultimately important. firmware aside, hardware is the digital equivalent of software implemented with circuits. things like rowhammer prove there are additional considerations (we mitigate that with kernel improvements) but nothing proves the basic equivalence like qemu (or you know, alan turing. though between the two, qemu is more accessible to non-"computer people" if you explain it. "what tape? i dont understand...")

traxter
Offline
Joined: 03/23/2018

> lenovo has already implemented malicious firmware that only targets windows (but doesnt have to stop there.)

Preinstalled in Windows by Lenovo? Or are you talking about BIOS/UEFI?

I definitely agree on the importance of free hardware and that more people should be working on it, but I think one point is that public perception has to be improved for that.

I remember conversations with friends, relatives and co-workers who had never heard about topics like free (as in freedom) software before.

freemedia
Offline
Joined: 09/14/2018

https://arstechnica.com/information-technology/2015/08/lenovo-used-windows-anti-theft-feature-to-install-persistent-crapware/

i originally thought this was in the firmware, as ive already heard it described. i have not followed the story since the year it came out, but it seems to be as deep into hardware as any publically-known exploit was ever made from the vendor itself (in other words, not by a state actor or other 3rd party but by lenovo themselves.)

and i am only including laptops and desktops in that statement. i wouldnt dream of getting into the gsm stack or iot addons, im sure there are plenty more problems there.