Английская Википедия:FinFisher

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description

Файл:Finfisher spyware.jpg
Suspected FinFisher government users that were active at some point in 2015.

FinFisher, also known as FinSpy,[1] is surveillance software marketed by Lench IT Solutions plc, which markets the spyware through law enforcement channels.[1]

FinFisher can be covertly installed on targets' computers by exploiting security lapses in the update procedures of non-suspect software.[2][3][4] The company has been criticized by human rights organizations for selling these capabilities to repressive or non-democratic states known for monitoring and imprisoning political dissidents.[5] Egyptian dissidents who ransacked the offices of Egypt's secret police following the overthrow of Egyptian President Hosni Mubarak reported that they had discovered a contract with Gamma International for €287,000 for a license to run the FinFisher software.[6] In 2014, an American citizen sued the Ethiopian government for surreptitiously installing FinSpy onto his computer in America and using it to wiretap his private Skype calls and monitor his entire family's every use of the computer for a period of months.[7][8]

Lench IT Solutions plc has a UK-based branch, Gamma International Ltd in Andover, England, and a Germany-based branch, Gamma International GmbH in Munich.[9][10] Gamma International is a subsidiary of the Gamma Group, specializing in surveillance and monitoring, including equipment, software, and training services.[9] It was reportedly owned by William Louthean Nelson through a shell corporation in the British Virgin Islands.[11] The shell corporation was signed by a nominee director in order to withhold the identity of the ultimate beneficiary, which was Nelson, a common system for companies that are established offshore.[12]

On August 6, 2014, FinFisher source code, pricing, support history, and other related data were retrieved from the Gamma International internal network and made available on the Internet.[13]

The FinFisher GmbH opened insolvency proceedings at the Munich Local Court on 02.12.2021,[14] however this is only a restructuring and the company is to continue as Vilicius Holding GmbH.[15]

Elements of the FinFisher suite

In addition to spyware, the FinFisher suite offered by Gamma to the intelligence community includes monitoring of ongoing developments and updating of solutions and techniques which complement those developed by intelligence agencies.[16] The software suite, which the company calls "Remote Monitoring and Deployment Solutions", has the ability to take control of target computers and to capture even encrypted data and communications. Using "enhanced remote deployment methods" it can install software on target computers.[17] An "IT Intrusion Training Program" is offered which includes training in methods and techniques and in the use of the company-supplied software.[18]

The suite is marketed in Arabic, English, German, French, Portuguese, and Russian and offered worldwide at trade shows offering an intelligence support system, ISS, training, and products to law enforcement and intelligence agencies.[19]

Method of infection

FinFisher malware is installed in various ways, including fake software updates, emails with fake attachments, and security flaws in popular software. Sometimes the surveillance suite is installed after the target accepts installation of a fake update to commonly used software.[2] Code which will install the malware has also been detected in emails.[20] The software, which is designed to evade detection by antivirus software, has versions which work on mobile phones of all major brands.[1]

A security flaw in Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs.[3][4] Gamma International offered presentations to government security officials at security software trade shows where they described how to covertly install the FinFisher spy software on suspects' computers using iTunes' update procedures.

The security flaw in iTunes that FinFisher is reported to have exploited was first described in 2008 by security software commentator Brian Krebs.[3][4][21] Apple did not patch the security flaw for more than three years, until November 2011. Apple officials have not offered an explanation as to why the flaw took so long to patch. Promotional videos used by the firm at trade shows which illustrate how to infect a computer with the surveillance suite were released by WikiLeaks in December, 2011.[10]

In 2014, the Ethiopian government was found to have installed FinSpy on the computer of an American citizen via a fake email attachment that appeared to be a Microsoft Word document.[7]

FinFisher has also been found to engage in politically motivated targeting. In Ethiopia, for instance, photos of a political opposition group are used to "bait" and infect users.[5]Шаблон:Dead link

Technical analysis of the malware, methods of infection and its persistence techniques has been published in Code And Security blog in four parts.[22]

Use by repressive regimes

  • FinFisher's wide use by governments facing political resistance was reported in March 2011 after Egyptian protesters raided State Security Investigations Service and found letters from Gamma International UK Ltd., confirming that SSI had been using a trial version for five months.[23]
  • A similar report in August 2012 concerned e-mails received by Bahraini activists and passed on (via a Bloomberg News reporter) to University of Toronto computer researchers Bill Marczak and Morgan Marquis-Boire in May 2012. Analysis of the e-mails revealed code (FinSpy) designed to install spyware on the recipient's computer.[1][20] A spokesman for Gamma claims no software was sold to Bahrain and that the software detected by the researchers was not a legitimate copy but perhaps a stolen, reverse-engineered or modified demonstration copy.[24] In August 2014 Bahrain Watch claimed that the leak of FinFisher data contained evidence suggesting that the Bahraini government was using the software to spy on opposition figures, highlighting communications between Gamma International support staff and a customer in Bahrain, and identifying a number of human rights lawyers, politicians, activists and journalists who had apparently been targeted.[25]
  • According to a document dated 7 December 2012 from the Federal Ministry of the Interior to members of the Finance Committee of the German Parliament, the German "Bundesnachrichtendienst", the Federal Surveillance Agency, have licensed FinFisher/FinSpy, even though its legality in Germany is uncertain.[26]
  • In 2014, an America citizen sued the Ethiopian government for installing and using FinSpy to record a vast array of activities conducted by users of the machine, all whilst in America. Traces of the spyware inadvertently left on his computer show that information – including recordings of dozens of Skype phone calls – was surreptitiously sent to a secret control server located in Ethiopia and controlled by the Ethiopian government. FinSpy was downloaded on the plaintiff's computer when he opened an email with a Microsoft Word document attached. The attachment contained hidden malware that infected his computer.[7] In March 2017, the United States Court of Appeals for the District of Columbia Circuit found that the Ethiopian government's conduct was protected from liability by the Foreign Sovereign Immunities Act.[27][28]
  • In 2015, FinFisher was reported to have been in use since 2012 for the 'Fungua Macho' surveillance programme of Uganda's President Museveni, spying upon the Ugandan opposition party, the Forum for Democratic Change.[29]
  • In 2015 it is reported that FinFisher executives sold, illegally, the system to Turkey to enable their security services to spy on government opposition parties. Four former executives were charged in 2023 in Munich with failure to apply for an export licence for the $5.4 million contract.[30]

Reporters Without Borders

On 12 March 2013 Reporters Without Borders named Gamma International as one of five "Corporate Enemies of the Internet" and “digital era mercenaries” for selling products that have been or are being used by governments to violate human rights and freedom of information. FinFisher technology was used in Bahrain and Reporters Without Borders, together with Privacy International, the European Center for Constitutional and Human Rights (ECCHR), the Bahrain Centre for Human Rights, and Bahrain Watch filed an Organisation for Economic Co-operation and Development (OECD) complaint, asking the National Contact Point in the United Kingdom to further investigate Gamma's possible involvement in Bahrain. Since then research has shown that FinFisher technology was used in Australia, Austria, Bahrain, Bangladesh, Britain, Brunei, Bulgaria, Canada, the Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Latvia, Lithuania, North Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Turkey, Turkmenistan, the United Arab Emirates, the United States, Venezuela and Vietnam.[9][10][31][32][33]

Firefox masquerading

FinFisher is capable of masquerading as other more legitimate programs, such as Mozilla Firefox. On April 30, 2013, Mozilla announced that they had sent Gamma a cease-and-desist letter for trademark infringement.[34] Gamma had created an espionage program that was entitled firefox.exe and even provided a version number and trademark claims to appear to be legitimate Firefox software.[35]

Detection

In an article of PC Magazine, Bill Marczak (member of Bahrain Watch and computer science PhD student at University of California, Berkeley doing research into FinFisher) said of FinSpy Mobile (Gamma's mobile spyware): "As we saw with respect to the desktop version of FinFisher, antivirus alone isn't enough, as it bypassed antivirus scans".[36] The article's author Sara Yin, an analyst at PC Magazine, predicted that antivirus providers are likely to have updated their signatures to detect FinSpy Mobile.[36]

According to announcements from ESET, FinFisher and FinSpy are detected by ESET antivirus software as "Win32/Belesak.D" trojan.[37][38]

Other security vendors claim that their products will block any spyware they know about and can detect (regardless of who may have launched it), and Eugene Kaspersky, head of IT security company Kaspersky Lab, stated, "We detect all malware regardless its purpose and origin".[39] Two years after that statement by Eugene Kaspersky in 2012 a description of the technique used by FinFisher to evade Kaspersky protection was published in Part 2 of the relevant blog at Code And Security.

FinFisher has also made headlines in the past because its products were found to be used by authoritarian regimes against opponents in several Middle Eastern countries.[40]

See also

Шаблон:Columns-list

References

Шаблон:Reflist

External links

Шаблон:Commons category-inline

Шаблон:Hacking in the 2010s Шаблон:Malware

  1. 1,0 1,1 1,2 1,3 Шаблон:Cite news
  2. 2,0 2,1 Шаблон:Cite news
  3. 3,0 3,1 3,2 Шаблон:Cite news
  4. 4,0 4,1 4,2 Шаблон:Cite news
  5. 5,0 5,1 Шаблон:Cite news
  6. Шаблон:Cite news
  7. 7,0 7,1 7,2 Шаблон:Cite news
  8. Шаблон:Cite news
  9. 9,0 9,1 9,2 "Corporate Enemies: Gamma International" Шаблон:Webarchive, The Enemies of the Internet, Special Edition: Surveillance, Reporters Without Borders, 12 March 2013.
  10. 10,0 10,1 10,2 Шаблон:Cite news
  11. Шаблон:Cite web
  12. Шаблон:Cite web
  13. Шаблон:Cite news
  14. Шаблон:Cite web Шаблон:Cite web
  15. Шаблон:Cite web
  16. Шаблон:Cite web Шаблон:Cite web
  17. Шаблон:Cite web Шаблон:Cite web
  18. Шаблон:Cite web Шаблон:Cite web
  19. Шаблон:Cite web Шаблон:Cite web
  20. 20,0 20,1 Шаблон:Cite news
  21. Шаблон:Cite news
  22. Шаблон:Cite news
  23. Шаблон:Cite web
  24. Шаблон:Cite news
  25. Шаблон:Cite web
  26. Шаблон:Cite news
  27. Шаблон:Bluebook journal
  28. Шаблон:Cite court
  29. Шаблон:Cite news
  30. Шаблон:Cite web
  31. "FinFisher Mobile Spyware Tracking Political Activists" Шаблон:Webarchive, Mathew J. Schwartz, Information Week, 31 August 2012
  32. "Researchers Find 25 Countries Using Surveillance Software" Шаблон:Webarchive, Nicole Perlroth, The New York Times, 15 March 2013
  33. "For Their Eyes Only: The Commercialization of Digital Spying" Шаблон:Webarchive, Morgan Marquis-Boire with Bill Marczak, Claudio Guarnieri, and John Scott-Railton, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 1 May 2013
  34. "Protecting our brand from a global spyware provider" Шаблон:Webarchive, Mozilla Foundation, April 30, 2013
  35. Шаблон:Cite web
  36. 36,0 36,1 Шаблон:Cite web
  37. Шаблон:Cite web
  38. Шаблон:Cite web
  39. Шаблон:Cite web
  40. Шаблон:Cite web