close

Spying

EFF claims Google’s Chromebook stores student’s data

EFF claims Google's Chromebook stores student's data

EFF lodges complaint with the FTC, alleging that Google is mining student data without permission

The civil liberties group, Electronic Frontier Foundation (EFF) has accused Google of using its Chromebooks to store children’s data. According to the complaint filed with the United States Federal Trade Commission (FTC), EFF has claimed that Google Chromebook invaded privacy of students.

The EFF’s complaint alleges that Google has enabled by default the “Sync” feature on its Chrome browser for chromebooks sold to schools, which monitors and collects data on internet searches, websites visited, saved passwords, and videos viewed by US students using the laptops from kindergarten through to the 12th grade in order to improve its digital services.

EFF has also said that the children cant change the Chromebook privacy settings as the privilege of changing those lies with the school administrators. EFF also added that Google has been violating its own Student Privacy Pledge signed in 2014, which it said is legally enforceable under the Federal Trade Commission Act.

“Google is violating the Student Privacy Pledge in three ways. First, when students are logged into their Google for Education accounts, student personal information in the form of data about their use of non-educational Google services is collected, maintained, and used by Google for its own benefit, unrelated to authorized educational or school purposes,” the privacy group alleged in its complaint.

“Second, the ‘Chrome Sync’ feature of Google’s Chrome browser is turned on by default on all Google chromebook laptops — including those sold to schools as part of Google for Education — thereby enabling Google to collect and use students’ entire browsing history and other data for its own benefit, unrelated to authorized educational or school purposes.

“And third, Google for Education’s administrative settings, which enable a school administrator to control settings for all program chromebooks, allow administrators to choose settings that share student personal information with Google and third-party websites in violation of the Student Privacy Pledge.”

Meanwhile Google has stated that its tools complied with the law. Google provides schools with Chromebooks and its Google Apps for Education (GAFE) products – a suite of cloud-based productivity tools. According to Google no ads appear on the following Apps in Chromebooks given to the students.

  • Gmail
  • Drive
  • Calendar
  • Sites

The EFF unearthed the information during its Spying on Students campaign looking into privacy risks of school-supplied devices and software, which was launched on Tuesday.

“Despite publicly promising not to, Google mines students’ browsing data and other information, and uses it for the company’s own purposes. Making such promises and failing to live up to them is a violation of FTC rules against unfair and deceptive business practices,” argued EFF staff attorney Nate Cardozo.

“Minors shouldn’t be tracked or used as guinea pigs, with their data treated as a profit center. If Google wants to use students’ data to ‘improve Google products’, then it needs to get express consent from parents.”

EFF has also released a guide for parents and students on changing chromebook settings to improve privacy.

read more

David Miliband gave GCHQ permission to hack popular software programs according to New Snowden leaks

New Snowden leaks reveal that GCHQ was given permission by David Miliband to hack leading popular software programs

New Snowden leaks reveal that GCHQ was given permission by David Miliband to hack leading popular software programs

In 2008, during his time as Foreign Secretary, David Miliband agreed to give British spy agency GCHQ permission to avoid software copyright law in order to learn new ways to hack computers without being noticed. This information was disclosed today after NSA whistleblower Edward Snowden publicly released the 23 new leaked documents.

According to The Intercept, GCHQ carried out ‘reverse engineering’, a technique that is forbidden by law which lets hackers to discover weak points in encryption software, computer programs and anti-virus deployed by some of the world’s largest organizations.

New Snowden leaks reveal that GCHQ was given permission by David Miliband to hack leading popular software programs
Different Antivirus companies targeted by GCHQ

GCHQ’s attempts in 2008 are uncovered in the leaked documents, when Miliband spearheaded the Foreign Office, to get warrants that let it to violate software copyrights and breach licensing agreements.

Further, GCHQ prevented its authorization protocol for ‘some continuous period of time’, according to ‘top-secret documents’ obtained by The Intercept.

In the end, when it finally managed to get a warrant for reverse engineering, it did so through a section of British intelligence law that ‘does not explicitly authorise’ such activity, as exhibited in a 2008 warrant renewal application to David Miliband.
“The agency’s slippery legal maneuvers to enable computer hacking call into question U.K. government assurances about mass surveillance,” said Andrew Fishman and Glenn Greenwald, authors of today’s report from The Intercept. “To assuage public concern over such activity, the government frequently says spies are subject to rigorous oversight, including an obligation to obtain warrants.”

“As it turns out, such authorisations have, at times, been vague and routine, as demonstrated by top-secret memos prepared by GCHQ in connection with the reverse engineering warrant.”

A number of leading software products that GCHQ hoped to aim with its reverse engineering were identified in the warrant renewal application, that included the anti-virus programs from security company, Kaspersky Lab.

It stated that Kaspersky’s products ‘continued to pose a challenge’ to its computer network exploitation (CNE). Hence, reverse engineering was ‘essential’ for it to make full use of and derive benefit of the software without being noticed.

Cisco, Networking Giant also got a mention, with GCHQ claiming that its hacking of routers through reverse engineering had given it entry to almost any internet user in Pakistan.

Kapersky Labs expressing its reaction on the leaks told The Intercept, “It is extremely worrying that government organizations would be targeting us instead of focusing resources against legitimate adversaries, and working to subvert security software that is designed to keep up safe.”

read more

“Equation Group” NSA had a backdoor in hardware from 12 major manufacturers for snooping operations in 30 countries

"Equation Group" NSA had a backdoor in hardware from 12 major manufacturers for snooping operations in 30 countries

“Equation Group” Hackers Tied to NSA Has Hidden ‘Fanny Worm’ Malware In Hard Drives, Globally

In what could be most damning revelation this year since the 2013 Snowden leaks, Russian security firm Kaspersky has presented a report that the National Security Agency (NSA), the snooping agency for the United States has been involved in a globally-organised hacking campaign aimed at the firmware of hard drives.

Kaspersky report says that NSA undertook firmware method to put a backdoor in the hard drives manufactured by as many as 12 major HD manufacturers. The operation has been dubbed as “Equation Group” by researchers of Kaspersky Lab and took help of hackers to secretly intercept a package in transit, booby-trapped its contents, and sent it to its intended destination. Kaspersky had dubbed the group as Equation Group because it is apparent use of heavy encryption tools and algos, obfuscation methods and advanced delivery mechanism

Kaspersky report notes that somewhere in mid 2002 or 2003, Equation Group members used the Oracle database installation CD to infect multiple targets with malware from the group’s extensive library.

As per Kaspersky the number of victims of this cyber snooping operating can range in ‘tens of thousands of victims’ in over 42 countries spread across the globe.  NSA apparently used this method to infect PCs primarily in Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali at the top of the list.

The NSA victims centred in critical fields including aerospace, nuclear research, government, telecommunications, Islamic activists, energy, and industries, financial concerns, encryption technologies and infrastructure supply chains. Kaspersky researchers say it is difficult to arrive at a absolute number of infections done by the Equation Group because of a self-destruct mechanism built into the malware.

“It seems to me Equation Group are the ones with the coolest toys,” Costin Raiu, director of Kaspersky Lab’s global research and analysis team, told Ars Technica. “Every now and then they share them with the Stuxnet group and the Flame group, but they are originally available only to the Equation Group people. Equation Group are definitely the masters, and they are giving the others, maybe, bread crumbs. From time to time they are giving them some goodies to integrate into Stuxnet and Flame.”

Backdoor through BIOS

Each and every computer may have its own operating system and anti virus/anti snooping detection engines.  But each and every computer has a hardware which runs on its own hardware.  This hardware popularly called as firmware is used at the boot level to start the machine, run system checks and communicate with the PC’s operating system.  NSA and its hacker allies used this part of the PC operation to deliver the tracking backdoor.  This way it not only spied on the victims throughout the PCs lifespan but was also able to avoid detection from all major security service providing software.

Kaspersky’s Costin Raiu has also noted that not only is the malicious payload resistant to any interference at boot-time, but that it can not even be read in normal conditions due to highly leveraged obfuscation methods,

“[For] most hard drives there are functions to write into the hardware firmware area,” says Raiu. “but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware.”

Though Kaspersky cannot directly connect the “Equation Group’ to the NSA but in the report it says that the backdoor malware called ‘Fanny worm’  had links to the deadly NSA-originated Stuxnet malware.  NSA had written Stuxnet to wage a cyberwar against the Irans’ nuclear facilities and is credited with pushing the Iranian uranium enrichment programme back to the ‘dark ages’ and succeeding in bringing it to the negotiating table with the world powers on nuclear proliferation.

Reuters on the other hand has directly pointed towards NSA by stating to have heard from an ex-NSA employee who confirms the verity of the Kaspersky report. Reuter’s another source has also confirmed that the NSA has developed ‘the prized technique of concealing spyware in hard drives’, but could not identify which agency or department was making use of the capability.

The Equation Group’s ‘Fanny worm’ malware is designed to map the topology of air-gapped networks i.e. groups of computers which are not directly connected to each other by using infected USB sticks as a delivery vector between the two unconnected machines. Once the ‘Fanny Worm’ is installed into the PC, it starts retrieving information and broadcasting it to a network of command-and-control (C&C) servers.

Kaspersky report notes that they had been able to identify seven different variants of Fanny worm, including one against the fork of the Firefox web browser which is used in the popular online encryption tool Tor anonymiser network.

China apparently knew about the malware and backdoor because in 2014, it decided to replace the IBM technology for its PCs with its Tiansuo K1 system with Chinese-originated servers from Inspur.

read more

Verizon’s new App, Verizon Voice Cypher comes with a built in backdoor for NSA

Verizon's new App, Verizon Voice Cypher comes with a built in backdoor for NSA

Verizon’s New, Encrypted Calling App Comes Pre-Hacked for the NSA

Verizon has introduced a new product called Verizon Voice Cypher in the US markets yesterday.  The Verizon Voice Cypher has been developed by Verizon in collaboration with a encryption company called Cellcrypt and offers end-to-end encryptions to enterprises and government customers for voice calls on iOS, Android and BlackBerry devices.  This can be done with a special App that is being offered by Verizon which will allow Verizon customers to speak securely regardless of their wireless carrier. This App will also connect the users to their organisations secure system.

Sounds good!!! Well there is a catch in this App comes with a built in backdoor which will let the law enforcement agencies access to otherwise secure phone conversations.

Both Verizon and CellCrypt have stated that government agencies will be able to access communications that take place over Voice Cypher as long as they give legitimate proof of the requirement for doing so.  Cellcrypt’s VP, Seth Polansky denies leaving such a backdoor is a security risk, “It’s only creating a weakness for government agencies,” he says. “Just because a government access option exists, it doesn’t mean other companies can access it.”

To be fair to Verizon, the US Communications Assistance for Law Enforcement Act requires it to build network which can be wiretapped by law enforcement agencies. But the corollary for this law is that Verizon has to decrypt communications for government authorities only if they have technology of doing it.  In other words, If Verizon and Cellcrypt had build their encryption that they didnt have technology to decrypt, they wouldn’t come under the purview of this act.  Google and Apple have structured their end-to-end encryption in iOS 8 and Android 5.0 lollipop similarly.

While Verizon and Cellcrypt believe that they have done nothing wrong in keeping a backdoor open for the authorities and hope that big businesses and governments will opt for Verizon Voice Cypher, privacy activists beg to differ. With Verizon courting controversy over putting headers in the HTTP section to track its customers and gauge their spending habits and the pre-installed DT Ignite App shipped on Android smartphones and tablets, it may just be giving ammo to the privacy advocacy groups to raise further banner of  rights violations. ACLU believes this product will fail, ACLU’s Chris Soghoian believes that Verizon’s approach is unlikely to have wide appeal because of Verizon’s decision not to keep out law enforcement.

Other set of people believe that a pre-designed backdoor or access point is a open door invitation for cybercriminals to exploit. Only time will tell if indeed, Voice Cypher succeeds in making enterprises and governments believe in it inspite of a big gaping hole which authorities can tune into anytime.

read more

Australian Security Intelligence Organisation (ASIO) Spies on itself

Australian Security Intelligence Organisation Spies on itself

Caught spying on itself, The Australian Security Intelligence Organisation says ‘Technical Glitch’ is to be blamed

How can you trust a National level security intelligence Agency making silly mistake of spying on its itself, this is exactly what happened when Australian Security Intelligence Organisation (ASIO) accepted that they accidentally intercepted calls made by one of its own regional offices. Though ASIO agreed to it being an accident, its kind of weird to know that you are stalking your own people.

The interception was in breach of the Telecommunications (Interception and Access) Act, which allows ASIO to use listening devices and computer access on on anti-state actors and websites.

The breach or the error was reported by Australian Security Intelligence Organisation (ASIO) itself and was revealed in the agency’s annual report blaming on a ‘technical glitch’. ASIO deleted the intercepted information and says processes have been put in place to prevent the error occurring again.

ASIO has recently gained a right to spy on every device on the internet, with just a single warrant, under newly contained anti-terror Bills that were accepted by the Tony Abbot government and made into a law.

However it seems like ASIO took the right to spy pretty seriously to spy on itself or it needs lot of practice and technical assistance from its ‘Five Eyes’ big brother, the National Security Agency of USA.

read more

Sandworm : Russia backed cyber criminals targeted EU, NATO

Virginia Police Have Been Secretively Stockpiling Private Phone Records

NATO, European Union and European Government websites compromised

A group of cyber criminals supposedly from Russia have been found using a previously unknown flaw in Microsoft’s Windows operating system to attack and spy on government agencies across Europe. This zero day attack apparently gave them access to all versions of Windows from Vista onwards. ironically, the only Windows version not susceptible to this attack turns out to be Windows XP which is no longer supported by Microsoft.

The cyber criminals are thought to be of Russian origin because of the various signatures seen on the malware affecting the systems.

Sandworm : Russia backed cyber criminals targeted EU, NATO

Team Sandworm

This security loophole was uncovered by cyber-intelligence firm iSight Partners. They dubbed this group of cyber criminals as Sandworm due to the constant reference of “Frank Herbert’s Dune” in their code. The espionage was perpetrated since August and is still on.

Thankfully, the technical details (PoC) of the loophole were held back from the public eye till Microsoft was ready with the patch. Microsoft  will be release the patch for this vulnerability along with their other patches today.

This is very critical considering that it would not take long for malware using a flaw to appear once a flaw becomes known. The victims of this cyber espionage include NATO, the European Union, Ukraine, Poland and a multi national communications company.

The Attack

Sandworm targeted machines using a malicious PowerPoint presentation. When the presentation was opened, it caused an executable file to run which would open a backdoor into the system. Using this backdoor, the machine could now be accessed remotely by the cyber criminals to spy on the activities of that particular system.

It is not been made known exactly what data has been stolen, but looking at the victim list, one can guess very fairly what information was targeted.  All the victims of this crime are conveniently related to the ongoing Ukrainian conflict and it is very likely that this conflict started the espionage in  the first place.  In addition to diplomatic and sensitive information, Sandworm might have also targeted SSL keys and code-signing certificates, both useful to launch attack in  the future.

Russian Link

Why we say this group can be linked to the Russian state ? The attack was based on a flaw of an operating system. It is not a cakewalk to find out loopholes in an OS, especially one of the scale on Windows. It requires an abundance of resources (both human and technical) and efforts, which points to a state funding. Files in Russian have also been found on the servers used by Sandworm . In addition to this, why would this team focus on cyber espionage ? A hacker would, under normal circumstances, indulge in cyber crime. What good would top secret state information do to an individual ? The only entity that can logically benefit from such level of espionage seems to be a government. Since all the targets are directly linked with the Ukrainian conflict, it doesn’t take time to add 2 and 2 together. And of course, such intel during a ongoing war can be priceless.

Other attacks using Sandworm

The team even seems to have targeted known academics with interest in the Ukrainian conflict. They also targeted a few Ukrainian government officials systems utilising spear-phishing techniques. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.  The malicious messages claimed to have information gathered by Ukrainian security services on Russian sympathizers, such as a list of pro-Russian extremists.

Back Energy

As per iSight report the previous activity of this group involves the Back Energy exploit. Back Energy started out as a kit used to create botnets to launch Distributed Denial of Service (DDoS) attacks which later on evolved to become a tool used to commit banking frauds. DDoS to cyber espionage is quite a big promotion. They were caught in the act by F-Secure researchers when some samples of Back Energy began harvesting data from the Ukrainian government was found in the wild. F-Secure labelled them “Quedach” and informed the concerned parties about the compromise.

The threat doesn’t seem to be over with the patch release by Microsoft. With the data they have collected, the agencies and governments supporting anti Russian Ukrainian regime better be ready for a long drawn cyber war.

Source : iSIGHT Partners

read more

Erich Möchel leaks photos of NSA spying on United Nations

Erich Möchel leaks photos of NSA spying on United Nations

Journalist Erich Möchel leaks photos of alleged NSA monitoring stations in Vienna to spy on United Nations.

In what could be confirmation of the allegations made by the serial NSA whistleblower, Edward Snowden, Journalist Erich Möchel has published a series of photographs of NSA monitoring facilities on the United Nations regional office in Vienna.

Erich Möchel leaks photos of NSA spying on United Nations

Erich Möchel himself feels so and has stated such in his German language blog, “Wie eine Fotoserie zeigt, befindet sich der in den Snowden-Dokumenten erwähnte “Vienna Annex” in den Dachgeschoßen des IZD-Towers neben der UNO-City.” which loosely translated means that what Snowden documents showed was proved by the photographs which give out details of installation of NSA monitoring facilities on the UN in Vienna

Erich Möchel leaks photos of NSA spying on United Nations

The photos published by him pertain to the National Security Agency’s deployment of monitoring stations on  “Vienna Annex”, in the attics of IZD Towers.  Erich says that though the Snowden leaks didnt mention Austria and/or Vienna explicitly in his leaks, Snowden had maintained that NSA was monitoring United Nations facilities across the world.

Erich Möchel leaks photos of NSA spying on United Nations

The photos published by Erich prove that  NSA has deployed a monitoring station in Vienna used for listening in on what’s happening at the UN complex where nations of the world deliberate on issues surrounding humanity at current juncture.  It also shows that the NSA monitoring station isnt far from the UN headquarters.

The photos show a hut on the roof, which cannot be seen from the street, that is enclosed by solid steel bars and protected by a significant video surveillance system equipped with a ten cameras. Erich explains that that the hut which looks like any other maintenance buildings around the world is in fact hiding high tech spying/snooping equipment used by the US intelligence to monitor mobile networks.

United Nations facility or whole of Vienna?

Erich Möchel leaks photos of NSA spying on United Nations

Though both the monitoring facilities are near to the UN regional headquarters.  He has also found proof that the NSA is spying on whole of Vienna city.  He has deducted the fact that NSA monitoring facility above along with the US Embassy in Vienna’s 9th district and the ‘NSA villa’ in Pötzleinsdorf which he assumes to be a listening post, the NSA could be spying on the whole city.

Erich Möchel leaks photos of NSA spying on United Nations

Erich who specialises in photo journalism speculated that by placing the monitoring facility at the roof of the tower which is about 100 meters in a straight line with the United Nations headquarter,  NSA has a privileged position to intercept most of communications emanating from the United Nations.

Erich Möchel leaks photos of NSA spying on United Nations

NSA will be subjected to another round of public outburst with the release of this photographs.  Vienna citizens, in particular may take offence at a foreign government listening to their personal communications.  This leaks comes nearly a year after the journalists Glenn Greenwald and Stefania Maurizi discovered similar structures also in Italy, and provided further information on the surveillance network that is extended to many other European cities, including Berlin and Milan.

All images in this post are taken courtesy of Erich Möchel

read more

China hacked into PENTAGON contractor networks 9 times

China hacked into PENTAGON contractor networks 9 times

SUPERPOWER HACKING WARS

Earlier in May, United States had accused five members of the Chinese military of hacking computers for economic espionage purposes. It accused them of hacking into five US nuclear and technology companies’ computer systems and a major steel workers union’s system, conducting economic espionage and stealing confidential business information, sensitive trade secrets and internal communications for competitive advantage.  The US-China cyber warfare is now headed for a worse turn after a declassified Senate report says that Chinese military actors successfully hacked into Pentagon contractor networks nine times.

AS per the latest report submitted in the US Senate, Chinese military actors hacked into the computer networks of civilian transportation companies hired by the Pentagon at least nine times.

The Chinese military actors are believed to have broken into computer networks aboard a commercial ship hired by Pentagon. They also targeted logistics companies and uploaded malicious software onto an airline’s computers, Senate investigators said in a filing on Wednesday.

The investigation which lasted a whole year and its report was submitted by the Senate Armed Services Committee. The SASC identified at least 20 break-ins or other unspecified cyber events targeting US interests.  These 20 attempts include the above said nine successful break-ins of Pentagon contractor networks.

The SASC has blamed the Chinese government and its military, the PLA, for all the most sophisticated intrusions, although it did not provide any detailed evidence to prove their claims. The Senate report also did not identify the transportation companies which were targeted for hacking. However the report said that the commercial ship contracted by Transcom for logistics routes and the airlines used by US military were among those targets which were compromised.

Investigators said the hackers was able to steal emails, documents, user accounts and computer codes from above machines.

PUNISHING THE GUILTY – A DISTANT DREAM FOR US AUTHORITIES

Although Attorney General Eric Holder vowed to bring the Chinese state actors to United States to face the US law it is felt as a empty threat as US has no extradition treaty with China nor will China handover its military personnel to US for judicial indictment.

China’s government did not immediately respond to telephone messages and emails from The Associated Press requesting comment in Beijing and to its embassy in Washington.

Whosoever said that the next war will be fought in the cyber arena is probably correct in his prognosis of the current situation in the cyber world.

read more

Seventeen countries used FinSpy to spy on their citizens – Wikileaks

Seventeen countries used FinSpy to spy on their citizens - Wikileaks

A astounding new leak made by the Wikileaks has stunned the world tech and internet user community across the globe. As per the latest revelations by Wikileaks, almost all countries used a spying software manufactured by a German firm to spy on their unsuspecting citizens (mostly journalists, activists, political dissidents and those considered as pariahs).  The leaks operation is being called Spy Files 4 by Wikileaks and it seems that most countries are guilty of violation of personal freedom of its citizens whosoever it may be, by using this software.

The Software which known as FinSpy and its different versions are manufactured by a German firm Gamma International.  Gamma International is a renowned company which develops powerful software for companies to monitor computers use.  According the first reports about this huge leak published by Reporters Without Borders (RWB), “Gamma has offices and subsidiaries in the United Kingdom, including the Channel Islands, and Germany, but also in Southeast Asia and the Middle East.”

RWB says “Gamma International sells interception equipment to government and law enforcement agencies exclusively.”

“Its FinFisher Suite (which includes Trojans to infect PCs, mobile phones, other consumer electronics and servers, as well as technical consulting) is regarded as one of the most advanced in today’s market,” RWB says.

It gave examples of how governments use FinFisher spyware products to monitor activities.

“A computer or smartphone is remotely infected by a Trojan, which is then controlled by government agencies through command and control servers. A computer can be infected via false update notifications of software, malicious emails or through physical access to a machine. Finfisher also offers technology to infect an entire Internet cafe in order to survey all possible users. When installed, it is almost impossible to safely remove the Trojan. Also, there are no safe ways to circumvent Finfisher on an infected machine.”

The spyware, FinSpy is essentially a malware and once the computers are infected,  it allows widespread access to computer records, including extracting files from hard drives, grabbing images of computer screens, full Skype monitoring, logging keystrokes and monitoring email and chat communications.  In normal scenario any malware has to be infected but in this case, the government themselves are creating the backdoor by installing this malware without the knowledge of the end user, the citizen of that country.

Another source added that,

“FinFisher malware is installed in various ways, including fake software updates, emails with fake attachments, and security flaws in popular software. Sometimes the surveillance suite is installed after the target accepts installation of a fake update to commonly used software. Code which will install the malware has also been detected in emails. The software, which is designed to evade detection by antivirus software, has versions which work on mobile phones of all major brands.”

These are the countries who bought the FinSpy software from Gamma international

Australia (New South Wales Police)  : The NSW government reportedly paid 2 million USD to buy this software. It was used by the NSW police to spy on NSW citizens using a special type of covert search warrant.  This search warrant is not disclosed to the intended victim and is obtained from an “eligible judge” of the supreme court.

South Africa : South Africa reportedly paid €2,021,400 to Gamma International to implement this software to spy on South African dissidents.

Pakistan : Pakistan reported purchased all the three versions from Gamma International.  The FinSpy for €396,900, FinFly USB  software for €4620 and the FinIntrusion Kit €30600.  In total it paid around €432000 to spy on its citizens. The software was probably used to spy on the political opponents of the ruling regime.

Qatar : The Kingdom of Qatar is perhaps a the biggest customer of Gamma International after South Africa and has been using FinSpy and its versions since 2011.  It has paid upto € 1.790,580 to Gamma International to spy persons whom Qataris ruling junta considers problematic.

Bahrain : The adjoining Kingdom of Bahrain is not far behind Qatar in spying on Bahrainis.  It purchased the FinSpy and its ancillary software for € 855,660.

Mongolia : This landlocked country has also been at the forefront of spying on its citizens.  It bought € 1,346,460 worth of spying software from Gamma when 22.4% of its population lives on less than US$1.25 a day. 

Vietnam : Ruled by a communist regime Vietnam spent € 805,200 buying the mobile version of the software called FinSpy mobile mostly to spy on political dissidents.

Nigeria : Nigeria, an impoverished African country which has been fighting a bloody war against Boko Haram had spent  € 700,000 for buying this software to spy on its citizens.

Bangladesh : This South Asian country is also a customer of Gamma International.  Bangladeshi Government spent nearly  € 850,000 on FinSpy to spy on the main opposition parties by the ruling regime.

European nations like Italy, Slovakia, Belgium, Hungary and Bosnia are also prominent buyers of this malware.  Together they spent  € 500,000 to spy on their private citizens who were mostly journalists, political opponents and dissidents.

Netherlands police force,  Korps landelijke politiediensten or KLPD as its called, is also a buyer of this software since 2012. It has spent € 2,300,000 to keep tabs on the Dutch citizens.

Singapore : The Singapore company which is said to have purchased the products is apparently PCS Security Pte Ltd, which was incorporated in 1998, and headed by five Singaporeans.

The full customer lists are published by Wikileaks here

read more

Pakistani security firm involved in Cyber Espionage over India

Pakistani security firm involved in Cyber Espionage over India

A recent cyber espionage campaign generating from Pakistan involves India as its primary target, recent reports from FireEye and ThreatConnect have suggested.

This international level cyber espionage operation is dubbed as “Arachnophobia” and was apparently started in early 2013 involving a Pakistani Cyber Security firm possibly funded by Pakistan Government.  It is not known whether the Cyber Security firm is a government entity or not.

Operation Arachnophobia has all features of a advanced cyber espionage activity which feature a custom malware family dubbed Bitterbug malware (Trojan horse) which opens a backdoor on the compromised system or computer and enables its operator to remotely download and execute files/Documents on the infected computer.

While the researchers did not specify any particular Indian Government organization as the target, however, they did said that they have spotted malware bundled with decoy documents related to mostly Indian issues of national interest. 

The Pakistani security firm used a US virtual private server to hide there identity, the malware which was hosted on the U.S VPN server, used to receive the command and send the stolen documents to a server hosted and located in Pakistan. 

On studying few  samples of the malware, researchers found  that, “The ‘Tranchulas’ name was present in a string of the malware. Incidentally, Tranchulas is a Islamabad, Pakistan based Security Company with its link to Pakistani Government. the offensive cyber initiative services offered by Tranchulas is offered to “national-level cyber security programs” suggesting a commercial demand from “national-level” customers,” the researchers said in their report.

The Malware “Bitterbug” which was discovered by Symantec on 6th  August this year and has ability to affect/infect almost all Microsoft Windows run PCs like Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Vista and Windows XP.

India and Pakistan have a known history of bitterness since the partition. while hackers from both countries have been targeting the Cyber space of one another, mostly engaging in defacing or data leaks. the allegations of Cyber-Espionage can only worsen the relations between the two countries.

read more