[kictanet] Catalog of the mass surveillance industry

Gideon gideonrop at gmail.com
Tue Apr 9 15:33:24 EAT 2013 

You Only Click Twice: FinFisher’s Global Proliferation

*March 13, 2013*

Download PDF version<https://citizenlab.org/wp-content/uploads/2013/04/15-2013-youonlyclicktwice.pdf>

*Authors:* Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri, and John
Scott-Railton.

*This post describes the results of a comprehensive global Internet scan
for the command and control servers of FinFisher’s surveillance software.
It also details the discovery of a campaign using FinFisher in Ethiopia
used to target individuals linked to an opposition group. Additionally, it
provides examination of a FinSpy Mobile sample found in the wild, which
appears to have been used in Vietnam.*
Summary of Key Findings

   - We have found command and control servers for FinSpy backdoors, part
   of Gamma International’s FinFisher “remote monitoring solution,” in a total
   of 25 countries: Australia, Bahrain, Bangladesh, Brunei, Canada, Czech
   Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia,
   Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore,
   Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam.


   - A FinSpy campaign in Ethiopia uses pictures of Ginbot 7, an Ethiopian
   opposition group, as bait to infect users. This continues the theme of
   FinSpy deployments with strong indications of politically-motivated
   targeting.


   - There is strong evidence of a Vietnamese FinSpy Mobile Campaign. We
   found an Android FinSpy Mobile sample in the wild with a command & control
   server in Vietnam that also exfiltrates text messages to a local phone
   number.


   - These findings call into question claims by Gamma International that
   previously reported servers were *not* part of their product line, and
   that previously discovered copies of their software were either stolen or
   demo copies.

https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/
http://surveillance.rsf.org/en/gamma-international/
http://en.wikipedia.org/wiki/FinFisher
https://www.f-secure.com/weblog/archives/00002114.html
http://www.f-secure.com/weblog/archives/finfisher.pdf
  (in arabic)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20130409/33639d37/attachment.htm>

More information about the KICTANet mailing list