Forwarded from BlackBox (Security) Archiv
CCC analyses Munich's state trojan FinSpy
The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.
#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft fΓΌr Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to Β§ 18 para. 2 No. 1 and Β§ 18 para. 5 No. 1 Foreign Trade Act (AWG).
The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players
π‘ The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.
π‘ By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.
π‘ In its report, the CCC also documents references to German-speaking developers that can be found in the source code.
"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."
https://github.com/linuzifer/FinSpy-Dokumentation
https://github.com/devio/FinSpy-Tools
ππΌ Read more:
https://www.ccc.de/de/updates/2019/finspy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
The technical #analysis of copies of the #FinSpy #malware substantiates the reasons for the criminal complaint against the Munich manufacturer of the #StateTrojan. The #CCC publishes its report as well as several variants of FinSpy and a complete documentation of the analysis.
#Security researchers of the Chaos Computer Club (CCC) have analyzed a total of 28 copies of the #spy-#software FinSpy for #Android from 2012 to 2019. The main focus of the investigation was the origin of the malware and the date of its production. The reason for the investigation is the criminal complaint of the Gesellschaft fΓΌr Freiheitsrechte (GFF) and other organizations against the German group of companies #FinFisher because of the deliberate violation of licensing requirements for dual-use software according to Β§ 18 para. 2 No. 1 and Β§ 18 para. 5 No. 1 Foreign Trade Act (AWG).
The CCC today publishes its comprehensive report: Evolution of a private sector malware for governmental players
π‘ The result of the analysis is that a copy of malware, which according to the GFF was used against the Turkish opposition movement in 2016, was clearly created after the EU export control regulations for surveillance software came into force.
π‘ By comparing it with over twenty other copies from a seven-year period, the CCC shows continuity in the further development into which this copy fits. This is seen as a strong indication that it is a variant of the state Trojan "FinSpy". FinSpy is a product of the FinFisher group of companies, which has branches in Munich and elsewhere.
π‘ In its report, the CCC also documents references to German-speaking developers that can be found in the source code.
"Our analysis shows that surveillance software originally from Germany was apparently used against democratic dissidents," said Linus Neumann, one of the authors of the analysis. "How this could have come about, the public prosecutor's office and the customs criminal office must now clarify."
https://github.com/linuzifer/FinSpy-Dokumentation
https://github.com/devio/FinSpy-Tools
ππΌ Read more:
https://www.ccc.de/de/updates/2019/finspy
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Analyzing Analytics (Featuring: The FBI)
Recently while conducting some research, I found myself down the path of Google Analytics IDβs as well as other analytics services. I was investigating ways to not only identify varying analytics code in sites, but to correlate them with other sites that may be linked to the same owner. Please note before further reading: I make some guesses about what I find, though thatβs contrary to the concept of analysis, and I am not presuming to know definitively why I am seeing what I am seeing in this specific case study. Itβs all just very curious to me. Dive in and take a look for yourself!
ππΌ Read more:
https://exploits.run/analytics-analysis-fbi/
#FBI #analytics #analysis
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Recently while conducting some research, I found myself down the path of Google Analytics IDβs as well as other analytics services. I was investigating ways to not only identify varying analytics code in sites, but to correlate them with other sites that may be linked to the same owner. Please note before further reading: I make some guesses about what I find, though thatβs contrary to the concept of analysis, and I am not presuming to know definitively why I am seeing what I am seeing in this specific case study. Itβs all just very curious to me. Dive in and take a look for yourself!
ππΌ Read more:
https://exploits.run/analytics-analysis-fbi/
#FBI #analytics #analysis
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv