Leaked Docs Offer Win 8 Tip: FinFisher Spyware Can't Tap Skype's Metro App 74
mask.of.sanity (1228908) writes "A string of documents detailing the operations and effectiveness of the FinFisher suite of surveillance platforms appears to have been leaked. The documents, some dated 4 April this year, detail the anti-virus detection rates of the FinFisher spyware which German based Gamma Group sold to governments and law enforcement agencies. The dump also reveals Windows 8 users should opt for the Metro version of Skype rather than the desktop client because it cannot be tapped by FinFisher."
Irrelevant (Score:4, Insightful)
Skype belongs to Microsoft, Microsoft is in the US, the US records your calls.
Re: (Score:1)
US needs to file paperwork to get the phone records; no need to make it any easier for them.
Re: (Score:3, Informative)
Re: (Score:3)
All the marketing folks want to do is sell you stuff. The Gov wants to throw you in prison, or worse.
Re: (Score:3)
Huh? No, they don't. They want to protect us against enemies — and are willing to sacrifice our freedoms to that end. Most (all?) people in government get rather cavalier about the subjects' freedoms and rights — as well as monies. In their arrogance, they — both politicians and bureaucrats — quickly develop the opinion, that "they know better"...
But there is no malicious intent to throw everyone into prison.
Re: (Score:2)
But there is no malicious intent to throw everyone into prison.
I really do believe this. But we shouldn't just let our guard down; the powers we grant our government today may one day be abused by someone who actually does want to throw everyone in prison, or worse [wikipedia.org].
Re: (Score:2)
But there is no malicious intent to throw everyone into prison.
They have no desire to throw you imprison, unless you are a threat to their job security/power or you disagree with the way they are running the country.
From their point of view they have a benevolent intent to throw you in prison.
Re: (Score:2)
So not only do we have to worry about incompetence indistinguishable from malice, we also have to worry about righteousness indistinguishable from malice.
Re: (Score:2)
Actually, I would have reversed that and said that the latter implies malicious intent.
All the marketing folks want to do is sell you stuff. The Gov wants to throw you in prison, or worse.
all of them actually want you buying stuff constantly.
but on a pure semantical level, marketing naturally implies profit, while government should be synonymous of "caring for the res publica", even though in our particular reality government is nothing but another marketing tool.
Re: (Score:2, Insightful)
Which is absolute 100% nonsense. We killed people based on metadata. Paul Revere could have been found with metadata. Furthermore, people letting telecoms use their metadata is their choice; that doesn't mean they also opt to let the government use it. Their logic is, "You let one person see your metadata, so everyone in the world, including the government, should be able to do so."
Re: (Score:1)
Re: (Score:3)
Yes, marketing is worse than government surveillance...
So a service provider gathering data on the way its customers use the service for marketing purposes (which the customer agreed to by contract) is worse than the government secretly surveilling its own citizens?
Nice!
Re: (Score:3, Informative)
>> Much of electronic collection is metadata
No. This is theory. In practice, they record everything for later (mis)use :
http://gawker.com/5991731/cias... [gawker.com]
http://www.theguardian.com/com... [theguardian.com]
Re: (Score:1)
Much of electronic collection is metadata, which is explicitly NOT under the 4th Amendment primarily because most telecom providers already require you to authorize them to datamine your metadata for marketing purposes. SCOTUS, many years ago, reasoned that metadata can't be protected because people already let telecoms use their metadata for things much more scummy than warrantless wiretapping. (Yes, marketing is worse than government surveillance - technically they're both panopticons, but the former implies malicious intent)
Wow. Do you have your judgements bass-ackwards. Whether figuring out if they should be trying to sell you Pampers or Depends is perhaps a little embarrasing, it's not evil. Evil is government tracking who you call, and when, which can be massively abused to sculpt the political landscape of opponents.
This ignores that it's trivial to listen in on convetsations without a warrant and not get caught. It's the 40th anniversary of Nixon's resignation. All it takes is one G. Gordon Liddy type, and presto! A
Re: (Score:2)
No, EVUL CORPORATION is a distractionary meme.
Like the author Jeffrey Grupp explains, corporatism (as Mussolini called it) is the idea that the government, the major corporations, and the military function as one entity. It's always been this way since the kings of old; read up on the East India Company sometime. Eisenhower focused on the military and defense contract aspects and referred to it as the military-industrial complex. Sometimes it's called the military-industrial-media complex (so how 'bout those scary WMDs Iraq was supposedly threatenin
Re: (Score:2)
Torture is also against our laws too, but apparently that doesn't concern the CIA.
Re: (Score:2)
Not quite irrelevant.
Microsoft probably sells Skype data to some law enforcement and intel agencies but not to others.
Re: (Score:1)
The only agencies MS will not take money from are those it isn't legally permitted to. And for those, they just get a dummy corp to act as the middleman for plausible deniability.
Re: (Score:2)
It's irrelevant anyway, because the info is from April.
I don't know how much a workplace for FinFisher costs but we're talking about the military/intelligence/law enforcement sector here. It would be kind of stupid to assume that they haven't written an access module by now. And if not, these types of companies are surely happy to provide a suitable exploit as an upgrade upon request - provided that the client has the necessary credentials and is willing to throw enough money at it.
Re: (Score:2)
If you're in China, they also record your calls (TOM Skype).
You should not be using Skype for anything that you dont want a nationstate to hear, full stop. Microsoft is one of a number of companies known to cooperate in surveillance requests in countries like China.
Metro Skype is useless (Score:5, Informative)
That would be a good idea if Metro Skype wasn't so utterly useless. It's almost as if they didn't even try. It is missing such basic features as marking yourself as "Busy" and is even missing the screen sharing feature.
Re: (Score:3, Insightful)
Re: (Score:2)
IIRC, Metro apps have additional sandboxing so I'd presume that is the reason it is more difficult to exploit.
What about security against Microsoft? (Score:2, Insightful)
"People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties.
What about security against Microsoft? Every non-free program is a 'just trust me program'. 'Trust me, we're a big corporation. Big corporations would never mistreat anybody, would we?' Of course they would! They do all the time, that's what they are known for. So basically you mustn't trust a non free programme."
"There are three kinds: those that spy on the user, those that
That's what they want you to think (Score:1)
"The dump also reveals Windows 8 users should opt for the Metro version of Skype rather than the desktop client because it cannot be tapped by FinFisher."
That's what they want you to think!
Or maybe... (Score:4, Interesting)
...the docs were leaked by spy agencies, because the Metro version is *easier* to spy on?
Re: (Score:2)
Re: (Score:2)
They will, after their third tablet has broken because the batteries died.
Re: (Score:2)
I drink Mt Dew (pr Mello Yello) anyway.
Re: (Score:2, Funny)
No one cares, Ballmer.
"partners" are able to bypass win firewall (Score:2)
This of course is very old news, but relevant.
Nothing to see here. (Score:2)
Re: (Score:3)
No kidding, FinFisher 5.0 can't do the metro app, finfisher 5.1 can. FinFisher 6 has been out for 2 years.....
IT'S A TRAP (Score:2)
This is just another one of the recent MS gimmicks to get you to switch to the Metro version.
I just received a very official Skype Team email stating my desktop version would be automatically removed. That's exactly what it said: YOUR SKYPE VERSION WILL BE REMOVED. If a company would add such a trigger on an application (even one that highly depends on a single external cloud service to do anything at all), I would call that heavy persuasion.
Re: (Score:3)
2. They have nothing to hide.
No, they mistakenly believe they have nothing to hide. But they are not the ones who decide; the government does. If you do something the government doesn't like, and it notices, you may find yourself in a very unfortunate situation.
Re: (Score:2)
Mine said I was signed out because I was using an outdated version and would not let me sign back in until I upgraded it.
I have to use it for work.
Switch away from Skype and Windows (Score:1)
And it doesn't end there. To really get a high-security setup, boot chain, you need to do a lot of start-up work.
To start, you need a pre-boot scan. The occasional scan from a USB image would provide an integrity check: EFI settings (boot order), bootloader, kernel image, and initrd. You'd need to validate the boot loader against the installed package, validate the installed ClamAV database signature, pull ClamAV updates if the signature doesn't validate, validate kernels against installed packages,
Re: (Score:3)
To start, you need a pre-boot scan. The occasional scan from a USB image would provide an integrity check: EFI settings (boot order), bootloader, kernel image, and initrd.
You mean like the Windows 8 UEFI Secure Boot?
Re: (Score:1)
Windows 8 Secure boot is a pretty flimsy facility that says 'yep, this code was blessed by microsoft'. It does nothing to vouch for whether the configuration leading up to or the configuration of the payload is what you actually want (e.g. a specific user expects they hve put in Windows 8, but instead Red Hat loading with malicious configuration would be a sort of misbehavior that SecureBoot does nothing for).
Of course, the proposed scheme isn't exactly nice. Notably handwaving about 'file is known safe'.
Re: (Score:2)
Windows 8 Secure boot is a pretty flimsy facility that says 'yep, this code was blessed by microsoft'. It does nothing to vouch for whether the configuration leading up to or the configuration of the payload is what you actually want (e.g. a specific user expects they hve put in Windows 8, but instead Red Hat loading with malicious configuration would be a sort of misbehavior that SecureBoot does nothing for).
UEFI secure boot validates everything (configuration) until the boot-loader load. The boot-loader sits in signed cabinet files and the UEFI firmware will not load the boot-loader if the boot-loader cabinet files do not check out (invalid signature).
The boot-loader will check the operating system - Windows 8 - core before relinquishing control of the boot process to the OS. Windows 8 sits in signed cabinet files and the boot-loader will not boot the OS if the files have been tampered with (invalid signatures).
Right after the kernel has started - relying *only* on information from the signed cabinet files and signed kernel drivers (all drivers which load in kernel space in Windows 64 bit versions must be signed), the antivirus providers will be allowed to load. AV must *also* be signed by MS to be allowed to load at this stage. The AV can now control loading the rest of the OS. Still, any kernel level drivers *must* be signed.
You are correct that the boot-loader will also boot other signed OSes - like RH Linux and those *could* be used to start Win8 or some other OS in a VM and under control of the "signed" OS. You can bet that MS has requirements that the booting of non-Windows OS is obvious (something must happen at the screen clearly identifying the OS being booted).
But at the whole, UEFI Secure Boot along with Windows 8 signed boot-loader and OS is *very* hard to circumvent. I haven't heard of any successful attack yet. There was some spin on an attempt that did not use UEFI Secure Boot (it used BIOS).
Re: (Score:2)
But at the whole, UEFI Secure Boot along with Windows 8 signed boot-loader and OS is *very* hard to circumvent.
If you are paying attention during boot, and the attack comes from within the OS. Of course, MS could have afforded the within the OS protection themselves by being very special in how they treated the system partition without requiring firmware to verify it. If you have full control of the console and/or device, you can do exactly what you describe, boot a valid OS using a malicious configuration designed to rootkit the OS that's there or impersonate the OS that was supposed to be there to gain informati
Re: (Score:2)
That depends on a TPM, which depends largely on a secret key in the OS RAM (magic cookie) that can be accessed if you have a kernel exploit. From there, you can modify the TPM.
Re: (Score:2)
There's a few things that seem off in that statement...
IIRC, Secure Boot didn't actually hook into the TPM.
Another, I'm not sure what you imply with 'modify the TPM'. You can have perhaps the TPM bind some stuff that the legitimate user wouldn't want you to do but you couldn't defeat sealing to a sufficient set of PCRs by having os level control of the TPM facilities afaik.
Re: (Score:2)
Oh, huh. SecureBoot isn't Palladium; it's some new-fanegaled UEFI feature.
It looks like you can insert new keys into the SecureBoot DB with dpkg-reconfigure secureboot-db in Ubuntu, so sufficient OS-level access should allow for bypassing SecureBoot in UEFI. This is a little easier than it was with the TPM, I guess.
Re: (Score:2)
Oh, huh. SecureBoot isn't Palladium; it's some new-fanegaled UEFI feature.
It looks like you can insert new keys into the SecureBoot DB with dpkg-reconfigure secureboot-db in Ubuntu, so sufficient OS-level access should allow for bypassing SecureBoot in UEFI. This is a little easier than it was with the TPM, I guess.
No, not unless the OEM did *not* follow the specs. If they followed the UEFI specs this should not be possible.
On top op that, it is a specific requirement for "Designed for Windows 8 certification" that the keys cannot be manipulated from the operating system.
The only way to change the key store is through physical (like in at the keyboard) control of the UEFI firmware in the pre-boot "maintenance mode" *or* through a firmware upgrade. Firmware upgrades *must* be signed as well, so no, you can not use that
Re: (Score:2)
After these databases have been added, and after final firmware validation and testing, the OEM locks the firmware from editing, except for updates that are signed with the correct key or updates by a physically present user who is using firmware menus, and then generates a platform key (PK). The PK can be used to sign updates to the KEK or to turn off Secure Boot.
So if you have the PK, you can sign updates to the KEK. Okay, so this requires the user to intentionally load a PK first, and store it on the machine. Makes sense.
So then the chain is shorter: have your kernel load a signed initrd, perform useful scans, and then load the real initrd and engage the boot process. I likes this.
Re: (Score:2)
" To really get a high-security setup, boot chain, you need to do a lot of start-up work. "
No. To get a high-security setup, you simply never connect to the internet.
If you have internet access, you're fucked. Man can make it, man has repeatedly proven man can break it.
There is ZERO other alternative.
Re: (Score:3)
Security: Confidentiality, Integrity, Accessibility. Removing Accessibility is called a Denial of Service.
It's like you just said the only way to be safe from murder is to kill yourself.
Re: (Score:2)
"It's like you just said the only way to be safe from murder is to kill yourself. "
Is it wrong? The only way to avoid being killed or dying is to already be dead. The only way to avoid getting compromised online is to not be online at all.
There is no such thing as 100% security.
Re: TrueCrypt (Score:2)
Likely the virus just replaces the bootloader with one that logs the passphrase.
Not much you can do about that, except making sure that USB/removable media boot is disabled and there is adequate tamper evident physical security on the computer hardware casing.
Not much point in the OS driver validating the bootloader. If things have already got that far, it's game over. OK, you would get a warning and that would be nice, but at that point it's too late.
Good to remember (Score:3, Informative)
http://www.theguardian.com/wor... [theguardian.com]
Microsoft wasn't called out as an "enthusiastic" partner in the NSA's documents for nothing. Definitely consider all versions of Skype to be damaged goods - along with all other Microsoft products - can't imagine how excited the NSA was for the Xbox One and its always on audio monitoring and (originally) required connected video camera.
Not worth it (Score:4, Funny)
cannot be tapped... (Score:1)
Very funny... Pull the other other one...