Saturday, 11 August 2012

Government Finfisher Spyware Spreading Across the Globe

A commercially available spyware tool intended for law enforcement agencies is turning up in countries where it should never have been sold, raising concerns that it could be commandeered by cyber crooks.

Security firm Rapid7 has managed to identify the the IP addresses of a handful of command and control (C&C) servers using the FinFisher snooping tool, which is developed by Gamma Group.

The firm said it has analysed characteristics that enable it to identify communications between the tool and C&C servers.

Rapid7 used this fingerprint to track the spyware and found 12 C&C servers in the US, Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, Mongolia, Latvia and Dubai.

Security researcher Claudio Guarnier said that while the company could not confirm whether agencies or governments were actively using the tool to mount cyber spying campaigns, it was unlikely the spy tool was yet being used by cyber criminals.


"We are not able to determine whether they're actually being used by any government agency, if they are operated by local people or if they are completely unrelated at all," wrote Guarnier.

"The malware seems fairly complex and well protected/obfuscated, but the infection chain is pretty weak and unsophisticated. The ability to fingerprint the C&C was frankly embarrassing, particularly for malware like this. Combined, these factors really don't support the suggestion that thieves refactored the malware for black market use."

Last month, Bloomberg reported Gamma Group claims that copies of its software that were found in Bahrain must have been stolen.

However, Guarnier warned that given the nature of cyber crime, it was likely that FinFisher would soon be adopted by criminals.

"Once any malware is used in the wild, it's typically only a matter of time before it gets used for nefarious purposes," wrote Guarnier.

"The infosec community needs to pay attention and take malware exposure seriously. Take action to protect infrastructure and discourage the spread, production and purchase of malware. As we've seen countless times before, and will certainly see again, it's impossible to keep this kind of thing under control in the long term."

FinFisher is able to record Skype and other voice-over-IP (VoIP) communications, log keystrokes and turn on a computer's webcam and microphone. FinFisher can also steal files from a hard disk and is built to bypass numerous anti-virus systems. Source-V3
by Alastair Stevenson 09 Aug 2012 

No comments:

Post a Comment