[liberationtech] Finfisher Spy Kit Revealed in Bahrain
Erich M.
erich at moechel.com
Sat Jul 28 18:24:03 PDT 2012
On 07/27/2012 02:53 PM, Fabio Pietrosanti (naif) wrote:
tnx to the other voices that tuned in meanwhile, I agree on close to all
Andre R. posted
>
> "National Security Agencies" of which Nation?
German Bundesnachrichtendienst in this case. See more below on Ipoque,
Utimaco and a venerable SIGINT company named R&S.
>
> * Gamma Group have an origin in Germany.
>
> * Then moved all the companies to UK (offshore or real moving of busines?)
offshore, to avoid questions in Germany. "There were never any exports
from Germany to this and that country" - True. The export was via UK ;)
>
> * mail.gammagroup.com mailserver is in Beirut, Lebanon.
>
> So it's interesting that it's not very clear "where they are based".
> Also on Linkedin there is *not a single person* that worked for one of
> their group company.
Fabio, would you expect people so close to the agencies will make a
coming out there? Many of the vendors and sales staffers are former
agency men and still sport a security clearance. This is a highly
specialized branch, so that is very common.
>
> In any case as far as i know there's no "export version" of software
> like this, not like it is for "crypto" if it reside under dual-use
> wassenaar agreement.
Sure there is one but an _informal_ "export version". Sales would of
course never ever name it thus but emphasize that theirs was of course a
completely reliable full scale solution. ;)
Professional _intrusion_ software suites or telco monitoring set ups
exported to the Mid East etc. are always backdoored in one way or another.
> The trojan producer just differentiate the products based on their
> capabilities and feature, basing on that the pricing.
ack / syn . BUT: the trojan producer is in most cases not identical with
the company that integrates the trojan into a surveillance suite. That
is why I am not that optimistic as to extracting a possible virus
signature. These suites all work on a modular base. You just screw
another armorbreaker warhead onto this deep penetration missile, so to
say, if you change your intrusion method but keep the rest of the sw
modules.
> I also know of companies that asked for export permission (of monitoring
> technologies) to national authorities (in italy) and just because it was
> "difficult to understand what it is", the authorities are not able to
> answer within 90days, and so it's "by default allowed" .
Business as usual, very familiar, Fabio.
>
> As an additional fun conspiracy theory, at 4.1km from their Munich
> office there is SecurStar GmbH that in 2006 developed a mobile trojan:
> http://pastebin.com/caxxuNe8
It is not a conspiracy but only historic, concerning the federal
Bavarian goverment.The Siemens telco surveillance unit has been there
from the 80ies.
Take a look how far the HQ of Bundesnachrichtendienst in Munich/Pullach
is from "Siemens Allee" ;) You should find Trovicor rather close by as
well.
> http://maps.google.com/maps?q=Pullach+BND&oe=utf-8&client=ubuntu&channel=fs&gbv=1&um=1&ie=UTF-8&hl=en&sa=N&tab=wl
There are even more such companies bunkered in on the outskirts of
Munich. Radio comms longtime SIGINT specialist Rohde & Schwarz is
located there.
<OE3EMB mode>
R&S adorable spectrum & vertical network analyzers! Omnipotent signal
generators! 2 Hz => 20 GHz in one piece of equip! Ahh! Oh no I am
getting a hard-on...
</OE3EMB mode>
R&S has acquried ISS regular Ipoque recently and became exclusive
distributor of core Utimaco products. Oh that is another ISS regular.
All that deutsche Wertarbeit stuff is just a drive around two corners
from Pullach.
Must close now. OE3EMB needs a towel
Erich
>
> -naif
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>
> You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
>
--
http://moechel.com/kontakt.html PGP KEY 0xEA7DC174
fingerprint 02AA B2E7 C609 307D 34FE 4B5C ACC6 A796 EA7D C174
--... ...-- -.. . . .-. .. -.-. .... --- . ...-- . -- -...
More information about the liberationtech
mailing list