back to article Google engineer finds British spyware on PCs and smartphones

Two security researchers have found new evidence that legitimate spyware sold by British firm Gamma International appears to be being used by some of the most repressive regimes in the world. Google security engineer Morgan Marquis-Boire and Berkeley student Bill Marczak were investigating spyware found in email attachments to …

COMMENTS

This topic is closed for new posts.
  1. LarsG

    Honest Guv

    I didn't sell it to them...... Directly!

    Ok so I knew the reseller would pass the product on, but who am I to complain, I only want to make money after all. Not my problem!

    1. Anonymous Coward
      Anonymous Coward

      For once

      For once the Americans are trailing in our wake............

      Nope they are just better at hiding it.

  2. Roger Stenning
    Trollface

    It's actually rather nice to see that we're a market leader in some field or other, for a change. Mind you, the electro-prod and barbedwire codpiece market's a bit thin these days, sadly...!

    1. Anonymous Coward
      Anonymous Coward

      From the headline I was expecting an article about British spook spyware turning up on certain computers controlling critical infrastructure or sensitive projects throughout countries in the middle east.

      I'm kind of disappointed now. It was nice for a while to think that our shadowy services aren't actually as incompetent as they usually seem.

      1. Anonymous Coward
        Anonymous Coward

        It was nice for a while to think that our shadowy services aren't actually as incompetent as they usually seem.

        .. or so they want you to think .. (you never know with that lot)

    2. Anonymous Coward
      Gimp

      what's the point of a thin codpiece?

      Unless you're selling to masochists...

      Do you have a website?

  3. Steve Knox
    Thumb Down

    "legitimate spyware"

    'nuff said.

    1. Spanners Silver badge
      Black Helicopters

      Re: "legitimate spyware"

      That is an oxymoron if ever one existed.

      1. I. Aproveofitspendingonspecificprojects

        Re: "legitimate spyware"

        > That is an oxymoron if ever one existed.

        You doubt that military intelligence is run by moronic bovines?

        Here is my interpretation of The (as yet to happen) Margaret Thatcher icon complete with cheese eater grin:

    2. daveeff

      Re: "legitimate spyware"

      You can have legal spyware the same as you can have legal phone taps, legal guns, legal imprisonment, legal forced entry, ....

      Normal / Legal are what "we" define them to be where "we" is a majority in a democracy - y'know the Tories got over 50% of the country voting for them ... or not.

      DaveF

  4. Destroy All Monsters Silver badge
    Big Brother

    Yeah, but these are _OUR_ repressive regimes.

    Which we finance by subsidies and/or "defense cooperation"

    The evil begins in your minister's office, then oozes outwards!

    1. MrF
      Trollface

      Speaking as an American, I'd like to...

      ...thank you lot for taking the pressure off us, via this delightful demonstration that UK-based slimeballs are at least so cheerfully vile and reprehensible as our home-grown variety. Greatly appreciated.

      Next time we can return the favor -- say, by distracting the world press with a routine Mideaast invasion or perhaps just some despicable human rights violation(s) -- please don't hesitate to ask. ::mwah!::

      1. Anonymous Coward
        Anonymous Coward

        ::mwah!::

        I know you guys are a tad behind in IP6 - I'd revisit that IP address if I were you :).

      2. dssf

        Re: Speaking as an American, I'd like to...

        What are you talking 'bout, "taking the pressure off"? Did you forget that the likes of Cisco still sell hardware that will allow countries to ban facebook, google, g+, and even write and modify on the fly any number of rules that will ban google play but allow g+? Or, do all sorts of pictture-building?

        Eventually, cisco will be back in the news, and maybe even some of their shadow subsids intended to misdirect involvement of parent companies...

        But, as for the spyware, below is a cross-post I ran too long (in the ms facebook bing thread) and part of it sort of fits here:

        "Pretty soon, unless the social sites are delibertately acting as staging grounds for spies, then spies and investigators and brain-fucked repressive regimes will rely on:

        http://www.theregister.co.uk/2012/08/31/finspy_gamma_polcie_spying/

        Anyone besides me find "Gamma" to sound like the name of pron industry or lubrication products? (No, I'm not thinking of the Gamma Quadrant, hahaha). Maybe it was tongue-in-cheek (or, tongue-round-shaft?) for this spook/spy- company. I wonder how they sleep at night knowing that they took profit over someone's life, limb, or liberty. Sure, CERTAIN people (read, miscreants) do need spying on and to be arrested, but selling the shitware to repressive regimes should come with a back door to take down those regimes, not snuff out individuals who might just be a vocal thorn rather than an actual bomber.

        I have a sneaking suspicion that that software can also cripple built-in refresh buttons in the android phones.

        Yet, this could be yet another reason why Google makes it a royal pain in the ass to easily root our devices. It's not just that we might nix the adverts (which indeed would hurt google's bottom line if their reports reflect that to paying sponsors), but the governments with business permit powers would just revoke Google's charter to do business in an affected country, maybe even ban the presence of the software. One would think, however, that if that were the case, then countries like China would INVITE google, g+, and facebook so they can trojan the phones and get at the accounts, even if VPN stuff is in use. Ooops, shit, ideas? No, surely they can think of it or already have. That's why I suspect surgical crippling of Android devices is already in play..."

  5. Robert E A Harvey
    WTF?

    Umm

    I'm kind of flaky on this 'legitimate spyware' idea

    1. Graham Marsden
      Big Brother

      Re: Umm

      Ah, well you see it's only *bad* spyware if someone else developed it.

      When it's ours, it's ok...

  6. Dave Fox
    FAIL

    British spyware?

    Developed by a German conglomerate, and sold by one of their subsidiaries that just happens to be UK based???

    So why is this British as opposed to German? And more to the point, in this day of globalisation, why does it matter where the company is from?

    1. SamCrawford

      Re: British spyware?

      The German company is the subsidiary. It is owned by Gamma Group, which is a British company based in Andover.

      1. dssf

        Re: British spyware?

        And, given hand over fisting and handover fisting, the accused subjects could easily end up in a deep, dank, dark place called "Bend Over", just south of Bendover...

      2. Anonymous Coward
        Anonymous Coward

        Still developed by the Germans

        Gamma may be a British company but the software has been developed by the Germans (German technology, not British, but that's no surprise as Germans are very experienced in spying on their own people!), so all the British part is good at is selling it to regimes that shouldn't really have it.

        1. Levente Szileszky
          FAIL

          Re: Still developed by the Germans

          You are clearly one stupid AC - it is a *British* company, period.

          If they use people/resource in India, Germany, Hungary or Bangladesh or even on the Moon, it's STILL A BRITISH PRODUCT due to the company.

    2. Anonymous C0ward

      Re: British spyware?

      Don't tell him your name, Pike!

  7. Jelliphiish
    Black Helicopters

    Paging Mark Thomas..

    Same malarky as the Royal Ordnance and Hechler/Kock Transhippment-Two-Step, made much easier by the fact that you don't have a physical product. Arms Dealers gone virtual.

    <<< well it's early, and i've only had one coffee..

  8. Anonymous Coward
    Anonymous Coward

    implausible deniability

    "rather that a copy of an old FinSpy demo version was made during a presentation and that this copy was modified and then used elsewhere"

    1. Ben Tasker
      Joke

      Re: implausible deniability

      Reckon they googled 'finspy activation code' and entered it into the demo to enable full functionality?

  9. Blitterbug
    Unhappy

    Oh, the shame...

    ...finally, something we are 'world leaders' in. Only it sucks arse. Bah!

  10. Anonymous Coward
    Anonymous Coward

    You wont find it on IOS

    Obviously once Android is gone we can more easily get back to peaceful ignorance.

    1. Anonymous Coward
      Anonymous Coward

      Re: You wont find it on IOS

      Ummm ....ya think?

      http://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile/

      It was developed for Arm7, built against iOS SDK 5.1 on OSX 10.7.3 and it appears that it will run on iPhone 4, 4S, iPad 1, 2, 3, and iPod touch 3, 4 on iOS 4.0 and up."

      1. Anonymous Coward
        Anonymous Coward

        Re: You wont find it on IOS

        Er no, it was developed on iOS to target arm, but it won't install on anyone's iOS device because iOS is locked down and you can't install apps that have not been granted a distribution certificate by Apple. You could install it on Jailbroken iOS. It's fine holding an opinion on iOS and to dislike its closed nature. It's not ok to try and distort facts and ignore the obvious and real benefit such a closed system brings.

        1. Anonymous Coward
          Anonymous Coward

          Re: You wont find it on IOS

          Q) How do you know that Apple would not grant a distribution certificate?

          A) You don't - Its a closed system!

          1. Eddy Ito

            Re: You wont find it on IOS

            To be fair AC a.k.a. the OP said "you won't find it". Perhaps it was a reference to it being better hidden in the free [insert whatever the kiddies targets are into here] apps.

          2. Anonymous Coward
            Anonymous Coward

            Re: You wont find it on IOS

            "How do you know that Apple would not grant a distribution certificate?"

            You don't know Apple won't grant a distribution certificate. Instead you know all the evidence points to the fact iOS is much more secure, with story after story like this one where iOS is not one of the compromised systems. Your criticism is based on wish, not the reality.

            One day, no doubt, Apple will wrongly grant a distribution certificate to something that does real harm, then for sure there will be big headlines. Evidentially that has not occurred on iOS (the worst so far published being Apple granting a distribution certificate for an App that grabbed user contact data) I expect that will occur with far less frequency than other smartphone platforms, ergo, the user is safer on iOS. When and if it does occur, the app will be quickly revoked.

            The simple fact is, with app submission Apple can run lots of checks for stock exploits. Simply having that extra precaution alone represents a huge reduction of the risk profile of the platform.

            1. Anonymous Coward
              Anonymous Coward

              Re: You wont find it on IOS

              Apple would be required to issue one with a court order. You don't think a the police or the government couldn't get a judge to sign off on the the software to be installed on at least phone? Since that would require a distribution cert, they just got one and now the software could be installed on any iOS device.

              MeeGo was open, it didn't make the list. So be closed doesn't mean it is better. Closed can just make it easier; after all, you could jailbreak an iOS with a specially crafted PDF file. Yeah, that is secure. Oh, the PDF reader was created by Apple.

        2. senti

          Re: You wont find it on IOS

          It would appear that you don't understand why 0-day exploits are so expensive these days, and what they are used for.

          Hint: you don't need Apple to install a trojan.

        3. RICHTO
          Mushroom

          Re: You wont find it on IOS

          But IOS is totally insecure and has over 300 known security vulnerabiities. You can root your phone just be visiting a website. Therefore it would be trivial for a funded attacker to exploit IOS and install whatever they wanted.

          1. Confuciousmobil

            Re: You wont find it on IOS

            If you can 'root' your iPhone just by visiting a website you really should update your OS.

            On the other bandwidth a 0 day going for $250k I can't believe people are willing to pay that much without using it for something nefarious.

        4. Anonymous Coward
          Anonymous Coward

          Re: You wont find it on IOS

          "you can't install apps that have not been granted a distribution certificate by Apple"

          Troll or stupid? I can't decide. Malware, installed for whatever purpose, is either installed inside something legit, or via exploits. There are plenty of exploits for iOS, one of them was most useful when I wanted to root my iPad, so I could run ad blockers and stuff, as it goes.

          Oddly, it was not signed by Apple.

  11. Anonymous Coward
    Anonymous Coward

    A fine British achievement

    Makes you proud, doesn't it?

    Nah. It makes me wonder about the hypocrisy inherent in our desire, along with the US, to spread our democracy around the world.

    That we allow a company based in the UK to sell software which is so easily used to suppress people suggest that the high ground has been well and truly ceded.

  12. Guillermo Lo Coco
    Megaphone

    That the reason for Love CyanogenMod.

    Usually I reject any build made from xda-dev.

    Of course, I do not expect any security in Vodafone, Movistar or any other customized Android build.-

  13. Anonymous Coward
    Anonymous Coward

    I am suprised the Egypt government bothered to pay for the software, if your gonna spy on your citizens then you might as well steal the software to do it. Bet you can find a cracked version on some warez website.

    I have seen cracked copies of the encase software used by the police to search your pc if you get nicked on warez sites and that costs tens of thousands for a legit copy.

  14. gautam

    Indeed Hypocracy.

    Come to think of it, I wanted to send an IBM PC in 1987 (a very basic model, not even windows) to a Tanzanian associate trading office, and had to get a Licence from Department of Trade to "export" it.

    The time and paperwork involved was horrendous.

  15. Magani
    Coat

    Pick the right answer, with Jim Hacker

    a) A proper British gentleman would never stoop to spyware.

    b) Beastly colonials might be tempted to peek once in a while, but know it's wrong.

    c) Bloody Johnny Foreigner has no scruples at all.

    Yes, Minister; the answer's 'C'

  16. AussieCanuck46
    Big Brother

    Legitimate Spyware?

    Maybe I'm a bit slow on the uptake, but I always thought that spyware was the realm of the bad guys. Is there a legal remedy to it, or is it illegal for my legitimate anti-spyware provider to detect and/or remove this legitimate spyware? If it is illegal for them to do that, must I then somehow acquire some illegitimate anti-spyware program in order to keep my system free of all spyware? Do the authorities require a warrant to install that stuff on my machine, or can they simply trick me into installing it like the bad guys do? Is legitimate spyware like legitimate arms dealing, legitimate human trafficking, legitimate murder, etc.? That is, is it OK if the government or the police do it, but not anybody else? I'm getting very confused.

  17. Anonymous Coward
    Anonymous Coward

    new wolrd order

    i hope you like oppression

    1. Anonymous Coward
      Anonymous Coward

      Re: new wolrd order

      I never knew before what New World Order meant. Now I know it means that the letters in world will be written in a different order, I'm not so worried about it. Bring on the ossreppion, I say!

      1. 0_Flybert_0
        Devil

        Re: new wolrd order

        NOOOOOOOO !!!

        anyone but those nasty Ossreppions .. with their laser eyes .. silicon claws .. wireless implants

  18. Ivor 1
    FAIL

    Dunno where you got "Johnny Geds" from - the article clearly references "Johnny Debs" several times.

  19. Anonymous Coward
    Anonymous Coward

    oh noes privacy international! I'm sure they'll be cowering after all the large bomb dropping physical hardware we've sold these regimes privacy international are just the guys needed to take us to task...

  20. dssf

    Time to buy stock (if it is possible) in mfrs of Evidence Bags

    And stylized privacy bags....

    Hell, why buy stock? Why not fashion my own fashion bags and sell THEM. Might make a tidy profit on an untidy business. But, the paperwork would be hell, getting across borders of countries. Or, I might just be made to "disappear", bagged in a super-sized bag-o-mine...

    On second thought, ordinary people may not want to go into that line of work without protection, like a $2billion hit contract on the sourcce of ones disappearance. Is that legal? Forming a bounty on the fuckers who might kill you? Could drive up stocks, though, and get the economy rolling along again -- for a FEW years... A few STRESSFUL-AS-HELL years, no doubt...

  21. Tea Bow Baggins
    Devil

    Oppression, Off The Shelf

    Thanks unfettered Capitalism!

  22. daveeff
    Joke

    Demo version

    You mean it kept popping up a "Do you wish to continue using this spyware" dlg???

    DaveF

  23. Anonymous Coward
    Anonymous Coward

    System 40 ok then?

    So S40 phones are the ones Freddy Freedom Fighter should get then, yeah? Is that what you're telling us?

This topic is closed for new posts.

Other stories you might like