Feeds

Inside the shadow world of commercialised spook spyware

'We'll penetrate commsats, undersea cables, Skype ...'

Internet Security Threat Report 2014

Mubarak regime offered 'full control' of computers of 'targeted elements'

After being offered a free trial, SSI investigators reported in seized Arabic documents (PDF) that the software “could get into email accounts of Hotmail, Gmail and Yahoo", as well as allowing "full control" of the computers of "targeted elements". SSI also reported “success in breaking through personal accounts on Skype network, which is considered the most secure method of communication used by members of the elements of the harmful activity because it is encrypted".

Gamma International has claimed to the press that it “has not supplied any of its Finfisher suite of products or related training to the Egyptian government". It has refused to comment on the documents recovered in Cairo.

'How many dictatorships did they think I was representing?' – PI investigator Eric King

In France last month, PI lead investigator Eric King netted the offer of an expenses-paid trip to Beijing to visit China Top Communications (CTC), a government-owned company whose overt product range includes China’s version of GPS and military communications hardware.

Privately, CTC claims to be “devoted to high-tech special equipments for security agency, interior department, police, and military” and to employ 400 engineers. If he came to Beijing, King was told, he would receive private demonstrations of Wind Catcher, a mobile phone surveillance system and Internet Watcher, which automatically attacks web security systems.

The Beijing company claimed that Wind Catcher can decrypt the A5.1 cypher used in all GSM mobile phones in 0.3 of a second, covering 11 or more channels at once, with a success rate of 90 per cent. Working in conjunction with direction-finding systems, CTC claims that phone users can be located and their conversations monitored over a 1km radius, even in a city centre.

CTC’s Internet Watcher claims to be able to provide real time decryption of https web connections in order to attack the privacy of Gmail and Hotmail users.

“The shock of the Chinese offer was not what they were trying to sell me,” King told The Register. “It was the fact that they were only one of several dozen companies all making the same claims and pushing their own brand of repressive technologies. How many dictatorships did they think I was representing?”

Privacy International will be relaunching their Big Brother Incorporated project, intended to highlight the menace of the new surveillance companies that are trying to profit from the previously dark and secret arts of hackers and signals intelligence agencies alike.

One target will be the 2012 Farnborough show, which the government claims “gives companies a platform to show the global policing and security community their equipment and capability".

“Why is the government allowing space to people like Gamma Group, whose equipment helps destroy human rights abroad?” King asked.

“They should have learned from what happened in Egypt and Libya that equipment like that is just as lethal to life and liberty as looking down the barrel of a gun.”

The investigators

Privacy International investigator Eric King worked for a year with the legal action charity Reprieve international human rights organisation while still a law undergraduate at LSE. He enlarged his focus on privacy after graduating.

King and his PI colleagues came up with the idea of penetrating the new global surveillance industry during a 2010 visit to the Googleplex. Although the Tech Talk fellow privacy activists then gave to Google was amiable, they decided they were fed up “banging heads” with the giant new net companies.

They realised that focusing on the relative intransigence of Facebook and Google on personal privacy was distracting the more important focus on the use of the same and more advanced technologies for social and political repression, as the discoveries of the Arab Spring soon revealed.

The PI team asked the assorted search engine luminaries if they actually knew what governments could do and were doing with their tapping, intercepting, locating and processing capabilities – and how that was being linked in some states to deliberate and intended harm.

“Even Google couldn’t give the answer to that question.” ®

Remote control for virtualized desktops

More from The Register

next story
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Post-Microsoft, post-PC programming: The portable REVOLUTION
Code jockeys: count up and grab your fabulous tablets
Twitter App Graph exposes smartphone spyware feature
You don't want everyone to compile app lists from your fondleware? BAD LUCK
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.