[liberationtech] Finfisher Spy Kit Revealed in Bahrain
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Fri Jul 27 05:53:44 PDT 2012
On 7/27/12 12:58 PM, Erich M. wrote:
> On 07/26/2012 04:27 AM, Jacob Appelbaum wrote:
>> The FinSpy network traffic is also really interesting - the fact that they don't stand up to the most
> obvious of traffic analysis is *hilarious* and so fitting. All the best,
> Jake
>
> That should be a necessary feature AND NOT a bug. Remember, this is the
> "export" version of the malware. Quite like the "law enforcement"
> versions all these derivatives lack one or two essential security
> features that could have been implemented easily. How come? One guess
> allowed.
>
> This malware crap is being produced for primary use by the "national
> security agencies". They'd never let you [= malware producer] sell the
> same intrusion suite to foreign agencies as well without some "necessary
> adaptations". Let alone to clumsy cops and - moreover - in Mid East.
"National Security Agencies" of which Nation?
* Gamma Group have an origin in Germany.
* Then moved all the companies to UK (offshore or real moving of busines?)
* mail.gammagroup.com mailserver is in Beirut, Lebanon.
So it's interesting that it's not very clear "where they are based".
Also on Linkedin there is *not a single person* that worked for one of
their group company.
In any case as far as i know there's no "export version" of software
like this, not like it is for "crypto" if it reside under dual-use
wassenaar agreement.
The trojan producer just differentiate the products based on their
capabilities and feature, basing on that the pricing.
I also know of companies that asked for export permission (of monitoring
technologies) to national authorities (in italy) and just because it was
"difficult to understand what it is", the authorities are not able to
answer within 90days, and so it's "by default allowed" .
As an additional fun conspiracy theory, at 4.1km from their Munich
office there is SecurStar GmbH that in 2006 developed a mobile trojan:
http://pastebin.com/caxxuNe8
-naif
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list