Re: [liberationtech] Finfisher Spy Kit Revealed in Bahrain

On 7/27/12 12:58 PM, Erich M. wrote:
On 07/26/2012 04:27 AM, Jacob Appelbaum wrote:
The FinSpy network traffic is also really interesting - the fact that they don't stand up to the most obvious of traffic analysis is *hilarious* and so fitting. All the best, Jake
That should be a necessary feature AND NOT a bug. Remember, this is the "export" version of the malware. Quite like the "law enforcement" versions all these derivatives lack one or two essential security features that could have been implemented easily. How come? One guess allowed.
This malware crap is being produced for primary use by the "national security agencies". They'd never let you [= malware producer] sell the same intrusion suite to foreign agencies as well without some "necessary adaptations". Let alone to clumsy cops and - moreover - in Mid East.
"National Security Agencies" of which Nation? * Gamma Group have an origin in Germany. * Then moved all the companies to UK (offshore or real moving of busines?) * mail.gammagroup.com mailserver is in Beirut, Lebanon. So it's interesting that it's not very clear "where they are based". Also on Linkedin there is *not a single person* that worked for one of their group company. In any case as far as i know there's no "export version" of software like this, not like it is for "crypto" if it reside under dual-use wassenaar agreement. The trojan producer just differentiate the products based on their capabilities and feature, basing on that the pricing. I also know of companies that asked for export permission (of monitoring technologies) to national authorities (in italy) and just because it was "difficult to understand what it is", the authorities are not able to answer within 90days, and so it's "by default allowed" . As an additional fun conspiracy theory, at 4.1km from their Munich office there is SecurStar GmbH that in 2006 developed a mobile trojan: http://pastebin.com/caxxuNe8 -naif _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
participants (1)
-
Fabio Pietrosanti (naif)