from the a-taste-of-one's-own-medicine dept.
netzpolitik.org reports that the network of the surveillance technology company Gamma International has been hacked and 40 gigabytes of internal data, including source code (yeap! uploaded on GitHub), support and marketing/sales info, are available for download (torrent warning).
If Gamma FinFisher doesn't ring a bell for you: the Reporters Without Frontiers lists them as one of "The Enemies of Internet" in the "Surveillance" special edition:
Gamma International offers advanced spyware, which has repeatedly been discovered in countries who mistreat journalists, like Bahrain and the United Arab Emirates. The Finfisher Technology sold by Gamma International is able to read encrypted files, emails and listen in to voice over IP calls. Among the targeted was Ala'a Shehabi, a journalist, university lecturer and activist from Bahrain, now living in London.
Related Stories
Spanish police have arrested three people they linked to the hacking of Gamma Group and Hacking Team:
Spanish police have arrested three people over a data breach linked to a series of dramatic intrusions at European spy software companies — feeding speculation that the net has closed on an online Robin Hood figure known as Phineas Fisher.
A spokesman with Mossos d'Esquadra, Catalonia's regional police, said a man was arrested Tuesday in Salamanca on suspicion of breaking into the website of the Mossos labor union, hijacking its Twitter feed and leaking the personal data of more than 5,500 officers in May of last year. Another man and a woman were arrested in Barcelona in connection to the same breach, he said. No more arrests are expected, he added, speaking on condition of anonymity in line with force policy.
May's breach was claimed by Phineas Fisher, who first won notoriety in 2014 for publishing data from Britain's Gamma Group — responsible at the time for spyware known as FinFisher. The hacker cemented their reputation by claiming responsibility for a breach at Italy's Hacking Team in 2015 — a spectacular dump which exposed the inner workings of government espionage campaigns — and appearing as a hand puppet in an unusual interview for a 2016 documentary on cybermercenaries .
Also at Motherboard and The Hill.
Previously: Gamma FinFisher Hacked - 40 GB of Code and Docs Available
WikiLeaks Releases German Surveillance Malware
Italian Security Firm "Hacking Team" Has Been Compromised
Hacking Team Complains That its Leaked Zero-Days Will be Misused
Hacking Team Break-in Explained
(Score: 2, Interesting) by crAckZ on Thursday August 07 2014, @05:11PM
not to sound to noobish but can someone explain to me how releasing the data will prove useful? i am not saying it was a good move or bad move but i am wondering what all can "be done" with it. i am a programmer and i understand open source but will this just let others mod their code and break the encryption? i keep rereading what i am typing and i do sound really dumb but i would rather ask than sit in the dark.
(Score: 5, Informative) by dyingtolive on Thursday August 07 2014, @05:24PM
Reading the code will allow for understanding of present capabilities. They do surveilience. Understanding how and what they do leads to being able to protect yourself against it.
Don't blame me, I voted for moose wang!
(Score: 5, Informative) by frojack on Thursday August 07 2014, @05:38PM
Not only that, but researchers can close or avoid many of the backdoors these services rely upon.
You know for instance, that any company claiming that they can "able to read encrypted files, emails and listen in to voice over IP calls." is using some weaknesses that they are guarding as secret.
Better encryption, client side end-to-end encryption instead of server side can prevent those exploits.
Lets hope that 40gig torrent gets widely dispersed.
No, you are mistaken. I've always had this sig.
(Score: 4, Informative) by mojo chan on Thursday August 07 2014, @08:25PM
I'm downloading it now and as well as the viruses themselves it contains removal tools and methods to detect existing infections. That alone is very valuable.
const int one = 65536; (Silvermoon, Texture.cs)
(Score: 3, Interesting) by hemocyanin on Thursday August 07 2014, @11:57PM
I don't get the joke so I don't understand the funny mod.
The user manual is a must read: https://netzpolitik.org/wp-upload/0F28548C.pdf [netzpolitik.org]
And yes, the program does contain a tool to delete infections which strikes me as quite useful.
And yes, apparently there are methods to get a shell, do keylogging, and skype monitoring in Linux. OSX allows all that plus screen and webcam viewing. And Windows allows a lot more features of course. But, a shell is pretty darn powerful.
(Score: 5, Insightful) by Ethanol-fueled on Thursday August 07 2014, @05:25PM
It is not about being "useful" but about poetic justice -- If you want to fuck with peoples' right to privacy, then don't be surprised when your own privacy is invaded.
If you have anything to do with "security" but with little popular support, then don't be surprised when others compromise your security.
The usefulness of the leaked source and documents is only a windfall to others.
(Score: 2) by kaszz on Thursday August 07 2014, @05:56PM
Yeah, being the major asshole of the internet can concentrate a lot of resources to "solve" that problem. Perhaps their offices will also get cow orifice output delivered by the courtesy of French farmers specialty department too.
(Score: 0) by Anonymous Coward on Thursday August 07 2014, @11:36PM
FTFY
(Score: 0) by Anonymous Coward on Thursday August 07 2014, @07:45PM
First, it will make people aware of vulnerabilities in current encryption and privacy software, so those programs can be fixed to make FinFisher ineffective
Second, it will make it much easier for new organizations to enter the massive surveillance and privacy invasion market. Where before this technology might be restricted to tyrannical governments set on oppressing their citizens, it is now available to more modest organizations. Say, the Russian mafia and your neighbor's angsty kid. The one who's always trying to hack your wifi.
(Score: 4, Interesting) by tibman on Thursday August 07 2014, @07:51PM
Just read through the iframe one. It's an elaborate way to get someone to download an executable (fake adobe flash). In this case it takes a user action to complete. Checkout the image used: https://github.com/FinFisher/FinFly-Web/blob/master/iframe/missing.jpg [github.com]
Over 80% of the iframe sourcecode is some developer's personal library. It extends the language and adds features that older browsers don't have. Some of the features added aren't even used to execute the payload. This speaks to me that they have developed a framework around identifying the target browser/version and a set of standard tools that will work for all of them.
I don't have time today to look into what's in the fake adobe_flash_player.exe or into others.
SN won't survive on lurkers alone. Write comments.
(Score: 4, Interesting) by SparkyGSX on Thursday August 07 2014, @08:28PM
I would be awfully nice if the Adobe legal department had their field day with this... impersonation, computer fraud, trademark infringement, damage to brand name by distribution of malware, and I'm sure they can come up with a few more if they'd try!
Their product is basically useless now, within hours it will probably be added to many anti-virus and intrusion detection lists, their capabilities will be known and negated, and any zero-day exploits they may be using will become public and hopefully fixed quickly.
I wonder if there is a list of customers somewhere in that pile of data.
If you do what you did, you'll get what you got
(Score: 3, Interesting) by tibman on Thursday August 07 2014, @09:03PM
That would be a lot of fun to see. FinFisher gets in trouble for trademark infringement and hopefully spills its customer list in the process. I also noticed the .htaccess file which means they run the tech demos on apache. They could put the demo on nearly anything, even a raspberry pi.
SN won't survive on lurkers alone. Write comments.
(Score: 2, Interesting) by takyon on Thursday August 07 2014, @05:12PM
This comes a couple days after FinFisher documents leaked:
Leaked docs reveal power of malware-for-government product 'FinFisher' [theregister.co.uk]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1) by takyon on Thursday August 07 2014, @05:15PM
I'm trying to say there was no suggestion of leaked source code when the story broke.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by carguy on Thursday August 07 2014, @07:47PM
But there was a license price -- at the end of your link,
(Score: 1) by takyon on Thursday August 07 2014, @10:23PM
I wonder if any/which spy agencies and other entities will use it from the leaked source without paying.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by SlimmPickens on Friday August 08 2014, @04:06AM
They are the less well funed ones
(Score: 5, Insightful) by Nerdfest on Thursday August 07 2014, @06:03PM
Why can these people get away with selling the same thing that would get you or I thrown in jail for close to the rest of our lives? Sounds like the usual "If you ain't cops, you're little people".
(Score: 1, Insightful) by Anonymous Coward on Thursday August 07 2014, @07:55PM
What makes you think this was not developed for a government? It reads like an NSA wish list, and I would expect that having such capabilities would move a company to the top of the NSA-contractor list. It also seems like such a company would be silly to contract with only one government. If you're selling bullets, you really want to sell to both sides of the war.
(Score: 2) by tynin on Thursday August 07 2014, @09:41PM
I agree with you, however part of me also thinks that the product they are selling is equivalent to them being a weapons manufacturer/seller... which I suspect is how they get away with it. Government loves control.
I suspect we are saying the same thing the more I read into, "If you ain't cops, you're little people".
(Score: 1) by jelizondo on Friday August 08 2014, @07:00AM
At Eastasia we do not consider our little brothers to be "little people," because everyone is part of the security. We depend on each other for security against our enemies, even if only a few of us work directly with the government.
Suggesting otherwise means you have been infected with the lies of our enemies and must be cured.
Please report immediately to the nearest reeducation center.
(Score: 3, Informative) by takyon on Thursday August 07 2014, @10:57PM
Leaked Files: German Spy Company Helped Bahrain Hack Arab Spring Protesters [firstlook.org]
A notorious surveillance technology company that helps governments around the world spy on their citizens sold software to Bahrain during that country’s brutal response to the Arab Spring movement, according to leaked internal documents posted this week on the internet.
The documents show that FinFisher, a German surveillance company, helped Bahrain install spyware on 77 computers, including those belonging to human rights lawyers and a now-jailed opposition leader, between 2010 and 2012—a period that includes Bahrain’s crackdown on pro-democracy protesters. FinFisher’s software gives remote spies total access to compromised computers. Some of the computers that were spied on appear to have been located in the United States and United Kingdom, according to a report from Bahrain Watch.
Earlier this week, an anonymous hacker released 40 gigabytes of what appears to be internal data from FinFisher on Twitter and Reddit, including messages between people who appear to be Bahraini government officials and FinFisher customer service representatives.
In those messages, Bahraini software administrators complained to FinFisher that they were “losing targets daily†due to faults in its software. In one message employing the language of a frustrated consumer, a spy appeared to complain that he or she had to keep re-infecting a targeted computer, risking detection: “[W]e cant stay bugging and infecting the target every time since it is very sensitive. and we don’t want the target to reach to know that someone is infecting his PC or spying on him†one message reads...
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by hemocyanin on Thursday August 07 2014, @11:44PM
Holy moly, how many tweets is that?
(Score: 1) by takyon on Friday August 08 2014, @12:10AM
Somewhere between one and 71.429 million tweets.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1) by modecx on Friday August 08 2014, @04:09AM
Germany has really strong laws regarding arms orders to countries antagonistic to their own citizens; to the point of harassing their own arms companies over deals between foreign governments who they have no control over.
The $60k question is this: Germany also has strong privacy laws, amongst the strongest in the world. This is well known. Could privacy-busting software and hardware tools be considered 'arms', if unfriendly governments are using them? I'd say yes.
(Score: 2) by cafebabe on Friday August 08 2014, @08:24AM
Software may be regarded as arms but software is also regarded as speech.
The US previously classed cryptography as munitions. However, this was changed after Daniel J. Bernstein successfully argued that it impinged on his freedom of speech [wikipedia.org].
1702845791×2
(Score: 1, Funny) by Anonymous Coward on Friday August 08 2014, @11:15AM
I remember when $60k was worth $64k. I must be getting old.
(Score: 2) by Fnord666 on Thursday August 07 2014, @11:58PM
(Score: 0) by Anonymous Coward on Friday August 08 2014, @11:37AM
is it so difficult to release data as text?
why must it be .doc, .pdf, .torrent, or similar?
(Score: 0) by Anonymous Coward on Friday August 08 2014, @12:34PM
don't forget to bring alot of coins when hocking up the acoustic coupler to the pay phone ...