Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Finfisher Spy Kit Revealed in Bahrain

Fabio Pietrosanti (naif) lists at infosecurity.ch
Fri Jul 27 05:53:44 PDT 2012


On 7/27/12 12:58 PM, Erich M. wrote:
> On 07/26/2012 04:27 AM, Jacob Appelbaum wrote:
>> The FinSpy network traffic is also really interesting - the fact that they don't stand up to the most
> obvious of traffic analysis is *hilarious* and so fitting. All the best,
> Jake
> 
> That should be a necessary feature AND NOT a bug. Remember, this is the
> "export" version of the malware. Quite like the "law enforcement"
> versions all these derivatives lack one or two essential security
> features that could have been implemented easily. How come?  One guess
> allowed.
> 
> This malware crap is being produced for primary use by the "national
> security agencies". They'd never let you [= malware producer] sell the
> same intrusion suite to foreign agencies as well without some "necessary
> adaptations". Let alone to clumsy cops and - moreover - in Mid East.


"National Security Agencies" of which Nation?

* Gamma Group have an origin in Germany.

* Then moved all the companies to UK (offshore or real moving of busines?)

* mail.gammagroup.com mailserver is in Beirut, Lebanon.

So it's interesting that it's not very clear "where they are based".
Also on Linkedin there is *not a single person* that worked for one of
their group company.

In any case as far as i know there's no "export version" of software
like this, not like it is for "crypto" if it reside under dual-use
wassenaar agreement.
The trojan producer just differentiate the products based on their
capabilities and feature, basing on that the pricing.

I also know of companies that asked for export permission (of monitoring
technologies) to national authorities (in italy) and just because it was
"difficult to understand what it is", the authorities are not able to
answer within 90days, and so it's "by default allowed" .

As an additional fun conspiracy theory, at 4.1km from their Munich
office there is SecurStar GmbH that in 2006 developed a mobile trojan:
http://pastebin.com/caxxuNe8

-naif



More information about the liberationtech mailing list