Surveillance Company Says It Sent Fake iTunes, Flash Updates
http://blogs.wsj.com/digits/2011/11/...ocuments-show/
Gamma International UK Ltd. touts its ability to send a “fake iTunes
update” that can infect computers with surveillance software, according
to one of the company’s marketing videos.
The Wall Street Journal unveiled on Saturday the “Surveillance Catalog”
– an online database containing highlights from surveillance industry
marketing documents. The documents show dozens of companies making and
selling everything from “massive intercept” gear that can gather all
Internet communications in a country to “hacking” tools that allow
governments to break into people’s computers.
http://projects.wsj.com/surveillance-catalog/
Gamma was one of three companies marketing their skill at the kind of
techniques usually used in “black hat hacking,” the type of intrusion
used by criminals trying to steal people’s financial details.
All of the hacking companies say they sell their tools to law
enforcement and governments to help them track down criminals. People in
this new industry say their tools are necessary because terrorists and
criminals are communicating online and hiding behind encryption and
other techniques.
Perhaps the most extensive marketing materials came from Gamma’s
FinFisher brand, which says it works by “sending fake software updates
for popular software,” from Apple, Adobe and others. The FinFisher
documentation included brochures in several languages, as well as videos
touting the tools.
http://projects.wsj.com/surveillance...arch/FinFisher
Gamma’s FinFisher documents claim its tools can infect files that are
being downloaded. In particular, the FinFly ISP video says it can send a
“fake iTunes update” to the computer government agents want to infect.
The FinFly ISP video file viewed by the Journal was unable to be
reproduced for the original “Surveillance Catalog,” but the Journal was
able to obtain several screenshots Monday.
An Apple spokeswoman was quoted in Saturday’s story as saying the
company works “to find and fix any issues that could compromise [users']
systems.” Apple last week introduced a security update to iTunes that
could stop an attack similar to the type FinFisher claimed to be using,
namely offering bogus software updates that install its spyware. “The
security and privacy of our users is extremely important,” the Apple
spokeswoman said.
The FinFisher documents also say that its tool can allow a website to
pretend that software such as Adobe’s Flash is missing and will prompt
the user to download the software. Adobe declined to comment.
FinFisher documentation offers several examples of how its software
might be used – from fighting organized crime to terrorism to the more
vague “targets.” Gamma did not immediately respond to requests for
comment.
Privacy advocates say they are concerned that such technology is being
marketed to low-level law enforcement because the more people who have
access to such “hacking” tools, the less oversight will be possible.
“The use of this technology represents a huge encroachment on civil
rights and could only be justified during the most serious national
security investigations,” said Eric King, of the U.K. nonprofit Privacy
International.
Der Spiegel published a profile of the techniques described in Gamma’s
FinFisher documents Monday in German.
Reply With Quote