[liberationtech] The SmartPhone Who Loved Me: FinFisher goes mobile?

Wed Aug 29 06:05:30 PDT 2012

Hi LibTech

Below are details of a new Citizen Lab publication this a.m. focusing on more findings relating to the FinFisher spy kit,
and building on our prior report and the research of Rapid7 on the location of FinFisher C&C servers.   This report
provides a very exhaustive analysis of several mobile Trojans.  Authorship and other details below.  

The SmartPhone Who Loved Me: FinFisher goes mobile?

For Immediate Release

August 29, 2012 -- The Citizen Lab announces the publication of a detailed and collaborative research report written and coordinated by Morgan Marquis-Boire analyzing several samples we believe to be mobile variants of the FinFisher Spy Kit targeting iPhone, Android, Blackberry, Windows Mobile and Symbian platforms.  The report also provides details on the geographic locations of FinFisher command and control servers.

FinFisher is a commercial Spy Kit marketed by the Hampshire, England-based Gamma International Ltd, part of the U.K. Gamma Group.

The report is a follow-on to a previous Citizen Lab research post, From Bahrain with Love: FinFisher’s Spy Kit Exposed? that analyzed several pieces of malware targeting Bahraini dissidents, shared with us by Bloomberg News, and which were determined to be part of the FinFisher commercial surveillance kit.  

The new report provides yet another window into the secretive but growing commercial market for computer network attack, exploitation, and targeted surveillance products and services.  In this case, the report focuses on attacks targeting the growing mobile and smartphone marketplace.  Among the capabilities of the Spy Kit samples we analyzed are:

· Recording of common communications like Voice Calls SMS/MMS and Emails 
· Live Surveillance through silent calls 
· File Download (Contacts, Calendar, Pictures, Files)
· Country Tracing of Target (GPS and Cell ID) 
· Full Recording of all BlackBerry Messenger communications
· Covert Communications with Headquarters 

The clients of Gamma's products and services are not publicly disclosed by the company.  However, our report also analyzes the results of an ongoing scan for FinFisher command and control servers, and identifies potential servers in the following countries: Bahrain, Brunei, the Czech Republic, Ethiopia, Indonesia, Mongolia, Singapore, the Netherlands, Turkmenistan, and the United Arab Emirates.  We also confirm prior research undertaken by Rapid7 showing the presence of servers in Indonesia, Ethiopia, USA, Mongolia and the UAE.

For the full report, please see https://citizenlab.org/?p=14828

For press inquiries, please contact info at citizenlab.org

The SmartPhone Who Loved Me is a Morgan Marquis-Boire and Bill Marczak production. 

Windows mobile sample analysis by Claudio Guarnieri.

Additional Analysis

Thanks to Pepi Zadowsky for OSX expertise and assistance.
Thanks to John Larimer and Sebastian Porst for Android expertise.

Additional Thanks

Special thanks to John Scott-Railton.
Additional thanks to Marcia Hofmann, Eva Galperin and the Electronic Frontier Foundation.
Tip of the hat to John Adams for scanning advice.

Ronald Deibert
Director, the Citizen Lab 
and the Canada Centre for Global Security Studies
Munk School of Global Affairs
University of Toronto
(416) 946-8916
PGP: http://deibert.citizenlab.org/pubkey.txt
http://deibert.citizenlab.org/
twitter.com/citizenlab
r.deibert at utoronto.ca

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120829/467c9adb/attachment.html>