[liberationtech] For Their Eyes Only: The Commercialization of Digital Spying

Wed May 1 04:28:25 PDT 2013

Dear LibTech

The Citizen Lab is pleased to announce the release of our latest report.  Details are below:

For Their Eyes Only: The Commercialization of Digital Spying
https://citizenlab.org/2013/04/for-their-eyes-only-2/

April 30, 2013

by: Morgan Marquis-Boire,  Bill Marczak, Claudio Guarnieri & John Scott-Railton

Citizen Lab is pleased to announce the release of “For Their Eyes Only: The Commercialization of Digital Spying.”

Read the Report [PDF] https://citizenlab.org/storage/finfisher/final/fortheireyesonly.pdf

The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies.

Our new findings include:

	• We have identified FinFisher Command & Control servers in 11 new Countries. Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria, Austria.
	• Taken together with our previous research, we can now assert that FinFisher Command & Control servers are currently active, or have been present, in 36 countries.
        * Locations of FinFisher Command & Control Servers Found To Date:  Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam.

	• We have also identified a FinSpy sample that appears to be specifically targeting Malay language speakers, masquerading as a document discussing Malaysia’s upcoming 2013 General Elections.
	• We identify instances where FinSpy makes use of Mozilla’s Trademark and Code. The latest Malay-language sample masquerades as Mozilla Firefox in both file properties and in manifest. This behavior is similar to samples discussed in some of our previous reports, including a demo copy of the product, and samples targeting Bahraini activists.
	*Our previous research uncovered evidence that FinFisher (commercial network intrusion malware) developed by UK-based company Gamma International was targeting activists in Bahrain. It analyzed mobile variants of the FinFisher suite.  It also exposed the use of commercial surveillance malware developed by Italy-based company Hacking Team to target a dissident in the United Arab Emirates.  Most recently, we documented the global proliferation of FinFisher command and control servers.

This research is one of the first extended projects to attempt to map out the operation and prevalence of commercial surveillance software.  Our work opens a window into this space, but it remains crucial that the nature and impact of the commercial surveillance market be better understood. Technical research in this field has only just begun, but it is already clear that the stakes are high. We hope this report will contribute to discussions on this issue in technical, civil society, and policy making communities.

This research represents the joint work of Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri, and John Scott-Railton.

Also, see Mozilla's blog for details of their cease and desist letter here:
http://blog.mozilla.org/blog/2013/04/30/protecting-our-brand-from-a-global-spyware-provider/

Ronald Deibert
Director, the Citizen Lab 
and the Canada Centre for Global Security Studies
Munk School of Global Affairs
University of Toronto
(416) 946-8916
PGP: http://deibert.citizenlab.org/pubkey.txt
http://deibert.citizenlab.org/
twitter.com/citizenlab
r.deibert at utoronto.ca

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130501/48f39045/attachment.html>