[liberationtech] Finfisher Spy Kit Revealed in Bahrain

Fri Jul 27 03:58:38 PDT 2012

On 07/26/2012 04:27 AM, Jacob Appelbaum wrote:
> The FinSpy network traffic is also really interesting - the fact that they don't stand up to the most
obvious of traffic analysis is *hilarious* and so fitting. All the best,
Jake

That should be a necessary feature AND NOT a bug. Remember, this is the
"export" version of the malware. Quite like the "law enforcement"
versions all these derivatives lack one or two essential security
features that could have been implemented easily. How come?  One guess
allowed.

This malware crap is being produced for primary use by the "national
security agencies". They'd never let you [= malware producer] sell the
same intrusion suite to foreign agencies as well without some "necessary
adaptations". Let alone to clumsy cops and - moreover - in Mid East.

Here is my take  [German alas] on that matter including the reaction of
the Social Democrat fraction in Europarl. MEP Leichtfried from .AT has
been the rapporteur and the guy who managed to introduce surveillance
software into the catalogue of "dual use" goods. Conservatives tried to
kick that provision out - so the process was stalled for more than a year.

http://fm4.orf.at/stories/1702246/

Current state of "compromise": obligation to notify own governments on
such exports only ex post.  And only in cases the vendor has reason to
believe that the software is abused to violate human rights instead of
sticking to "lawful interception".
LOL
So the rule is yet rather tothless but it is to be contained in the
"dual use" catalogue. Europarl plenary vote is yet due in October.

The last time I had to do with "dual use" goods dates back to 1998/9.
That was when I marched into the "Wassenaar office" twice, one time
together with ACLU icon Barry Steinhardt here in Vienna. The "Wassenaar
Arrangement" is a treaty on dual use goods. Cryptopgraphy was in there
as a "munition" demanding export controls. So browsers at that time
sported only 40 bit "crypto" by default.
Around 2000 crypto was thrown out from the Wassenaar Arrangement which
is the blueprint to the EU dual use goods catalogue.
Now monitoring centers and trojan malware are moving in.
See the difference, even if there is just a rather toothless set of
sanctions yet? Very small changes in the wording could change that to
make sanctions work.

Any reliable news on the abuse of such hard/software coming up until
October will support our cause. So: research and inform!
Gruesse aus Wien
Erich

post/scrypt @jake: My journo colleague from ORF TV Patrick Hafner is
desperately trying to reach you. His documentary will cover issues
above. Would you kindly come back to him, Jake? I am ready to organize
the rest of our cross media reporting bundle, including two ORF radio
channels, podcasts, web reporting and even good old Teletext [Videotext
on TV]  

-- http://moechel.com/kontakt.html PGP KEY 0xEA7DC174 fingerprint 02AA
B2E7 C609 307D 34FE 4B5C ACC6 A796 EA7D C174 --... ...-- -.. . . .-. ..
-.-. .... --- . ...-- . -- -...