Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Governments around the world are spying on their citizens using FinFisher
03-18-2013, 10:52 PM,
#1
Governments around the world are spying on their citizens using FinFisher
Quote:Governments around the world are spying on their citizens using FinFisher
http://en.ocworkbench.com/tech/governments-around-the-world-are-spying-on-their-citizens-using-finfisher/

FinFisher is a spyware that is installed onto PCs by governments around the world to spy on their citizens. To our surprise, a lot number of countries are actually tracking their citizens through this spy ware FinFisher.

So, how are you affected and how are you protecting yourself from these scans and probes. Read below.

[Image: youonlyclicktwice-map-500.jpg]

Figure 1. Map of global FinFisher proliferation Around October 2012, we observed that the behavior of FinSpy servers began to change. Servers stopped responding to our fingerprint, which had exploited a quirk in the distinctive FinSpy wire protocol. We believe that this indicates that Gamma either independently changed the FinSpy protocol, or was able to determine key elements of our fingerprint, although it has never been publicly revealed. In the wake of this apparent update to FinSpy command & control servers, we devised a new fingerprint and conducted a scan of the internet for FinSpy command & control servers. This scan took roughly two months and involved sending more than 12 billion packets. Our new scan identified a total of 36 FinSpy servers, 30 of which were new and 6 of which we had found during previous scanning. The servers operated in 19 different countries. Among the FinSpy servers we found, 7 were in countries we hadn’t seen before. New Countries Canada, Bangladesh, India, Malaysia, Mexico, Serbia, Vietnam

In our most recent scan, 16 servers that we had previously found did not show up. We suspect that after our earlier scans were published the operators moved them. Many of these servers were shut down or relocated after the publication of previous results, but before the apparent October 2012 update. We no longer found FinSpy servers in 4 countries where previous scanning identified them (Brunei, UAE, Latvia, and Mongolia). Taken together, FinSpy servers are currently, or have been present, in 25 countries. Australia, Bahrain, Bangladesh, Brunei, Canada, Czech Republic, Estonia, Ethiopia, Germany, India, Indonesia, Japan, Latvia, Malaysia, Mexico, Mongolia, Netherlands, Qatar, Serbia, Singapore, Turkmenistan, United Arab Emirates, United Kingdom, United States, Vietnam. Importantly, we believe that our list of servers is incomplete due to the large diversity of ports used by FinSpy servers, as well as other efforts at concealment. Moreover, discovery of a FinSpy command and control server in a given country is not a sufficient indicator to conclude the use of FinFisher by that country’s law enforcement or intelligence agencies. In some cases, servers were found running on facilities provided by commercial hosting providers that could have been purchased by actors from any country.

The table below shows the FinSpy servers detected in our latest scan. We list the full IP address of servers that have been previously publicly revealed. For active servers that have not been publicly revealed, we list the first two octets only. Releasing complete IP addresses in the past has not proved useful, as the servers are quickly shut down and relocated.* IPOperatorRouted to Country117.121.xxx.xxxGPLHostAustralia77.69.181.162Batelco ADSL ServiceBahrain180.211.xxx.xxxTelegraph & Telephone BoardBangladesh168.144.xxx.xxxSoftcom, Inc.Canada168.144.xxx.xxxSoftcom, Inc.Canada217.16.xxx.xxxPIPNI VPSCzech Republic217.146.xxx.xxxZone Media UVS/NodesEstonia213.55.99.74Ethio TelecomEthiopia80.156.xxx.xxxGamma International GmbHGermany37.200.xxx.xxxJiffyBox ServersGermany178.77.xxx.xxxHostEurope GmbHGermany119.18.xxx.xxxHostGatorIndia119.18.xxx.xxxHostGatorIndia118.97.xxx.xxxPT TelkomIndonesia118.97.xxx.xxxPT TelkomIndonesia103.28.xxx.xxxPT Matrixnet GlobalIndonesia112.78.143.34Biznet ISPIndonesia112.78.143.26Biznet ISPIndonesia117.121.xxx.xxxGPLHostMalaysia187.188.xxx.xxxIusacell PCSMexico201.122.xxx.xxxUniNetMexico164.138.xxx.xxxTilaaNetherlands164.138.28.2TilaaNetherlands78.100.57.165Qtel – Government RelationsQatar195.178.xxx.xxxTri.d.o.o / Telekom SrbijaSerbia117.121.xxx.xxxGPLHostSingapore217.174.229.82Ministry of CommunicationsTurkmenistan72.22.xxx.xxxiPower, Inc.United States166.143.xxx.xxxVerizon WirelessUnited States117.121.xxx.xxxGPLHostUnited States117.121.xxx.xxxGPLHostUnited States117.121.xxx.xxxGPLHostUnited States117.121.xxx.xxxGPLHostUnited States183.91.xxx.xxxCMC Telecom Infrastructure CompanyVietnamSeveral of these findings are especially noteworthy:

Eight servers are hosted by provider GPLHost in various countries (Singapore, Malaysia, Australia, US). However, we observed only six of these servers active at any given time, suggesting that some IP addresses may have changed during our scans.
A server identified in Germany has the registrant “Gamma International GmbH,” and the contact person is listed as “Martin Muench.”
There is a FinSpy server in an IP range registered to “Verizon Wireless.” Verizon Wireless sells ranges of IP addresses to corporate customers, so this is not necessarily an indication that Verizon Wireless itself is operating the server, or that Verizon Wireless customers are being spied on.
A server in Qatar that was previously detected by Rapid7 seems to be back online after being unresponsive during the last round of our scanning. The server is located in a range of 16 addresses registered to “Qtel – Corporate accounts – Government Relations.” The same block of 16 addresses also contains the website http://qhotels.gov.qa/.
“Today’s scientists have substituted mathematics for experiments, and they wander off through equation after
equation, and eventually build a structure which has no relation to reality. ” -Nikola Tesla

"When the power of love overcomes the love of power the world will know peace." -Jimi Hendrix
Reply
03-19-2013, 01:48 AM,
#2
RE: Governments around the world are spying on their citizens using FinFisher
A more in depth description may be found here :
https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher
[Image: Signature2.gif]
Reply
03-19-2013, 02:55 PM,
#3
RE: Governments around the world are spying on their citizens using FinFisher
I had never heard of this. Thanks.

Short version: https://en.wikipedia.org/wiki/FinFisher#Method_of_infection

Quote:The software, which is designed to evade detection by anti-virus software, has versions which work on mobile phones of all major brands.

...Gamma International offered presentations to government security officials at security software trade shows where they described to security officials how to covertly install the FinFisher spy software on suspect's computers using iTunes' update procedures.

...Apple did not patch the security flaw for more than three years, until November 2011. Apple officials have not offered an explanation as to why the flaw took so long to patch.
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
Information The Singularity: Five Technologies That Will Change the World (and One That Won't) FastTadpole 10 4,736 01-28-2014, 05:53 PM
Last Post: FastTadpole
Information False Flag: Internet is out of IP addresses! The IPV6 Pillar to the Real World Web FastTadpole 3 1,837 12-03-2011, 03:50 PM
Last Post: sekular
Video Brave New World with Stephen Hawking FastTadpole 1 1,284 11-24-2011, 08:45 AM
Last Post: nwo2012
Exclamation Save MySQL, The World's Largest Open Source Database, from Oracle's Clutches FastTadpole 8 2,671 08-01-2011, 06:06 AM
Last Post: psilocybin
  Large Hadron Collider Could Be World's First Time Machine drummer 0 859 03-23-2011, 12:30 AM
Last Post: drummer
  The “ten second” guide to the world of skeptics icosaface 13 2,467 03-11-2011, 10:33 PM
Last Post: hubbabubba
  What in the world are they spraying? Defendfreedom 6 1,561 02-24-2011, 10:34 AM
Last Post: rena42war
  Artificial life will revolutionize our world --- 1 817 02-18-2010, 01:27 AM
Last Post: jack
  Our world may be a giant hologram drummer 0 691 01-07-2010, 10:12 PM
Last Post: drummer
  Copenhagen climate conference: Nick Griffin calls world leaders mass murderers TriWooOx 3 1,092 12-16-2009, 09:25 AM
Last Post: humbug

Forum Jump:


Users browsing this thread: 1 Guest(s)