Antivirus Works Too
Well, Gripe Cybercops
By Danny Yadron in the
Wall Street Journal
For years, police have
been in a cat-and-mouse game with an unexpected foe that can frustrate
investigations—antivirus software.
Law enforcement's
battle against Symantec Corp.'s Norton, Intel Corp., McAfee brands and others gained new attention
this month after anonymous activists published documents from FinFisher GmbH, a
secretive German firm that sells computer code to help governments snoop on
targets. Amid customer names and secret price lists, the cache exposed
complaints from authorities that antivirus programs had thwarted their planned
surveillance.
The unusual arms race
offers new detail on the extent to which governments rely on computer-security
holes to snoop.
"A lot of people
rely on antivirus for protection against cybercriminals," said Morgan
Marquis-Boire a senior researcher at the University of Toronto's Citizen Lab
who has done extensive research on cyberspying. "You have the people we
pay to protect us from very real crime trying to prevent this from working
properly. That is somewhat concerning."
Government agencies
across the world operate like hackers to install surveillance software like
FinFisher's on targets' computers to monitor their communications. The Wall
Street Journal reported last year that the Federal Bureau of Investigation had
expanded its use of such tactics.
But the targets'
computers may employ the same electronic defenses as other citizens. These
defenses work against cybercops as well as cybercriminals.
"We certainly do
our best to make sure the antivirus programs that are out there are not going
to be able to detect the presence of the software," said Eric Rabe, a U.S.
spokesman for the Italian company Hacking Team, also known as HT S.r.l, another
maker of surveillance programs for police forces. "If you're trying to do
covert surveillance, which of course is what we are trying to do, obviously it
is something a company like ours has to worry about."
There is no
documentation of U.S. state or local police using Hacking Team or FinFisher to
monitor suspects. The two companies appear often at U.S. law-enforcement
conferences and Hacking Team counts an office in Annapolis, Md., and is used in
about 30 countries.
At a coming conference
in Washington, D.C., a Hacking Team executive is scheduled to give a talk
titled, "Intruding communication devices: live demonstration of latest
attack techniques."
The FBI declined to
comment. The agency uses hacking software with court approval on a case-by-case
basis, former U.S. officials have said.
Ironically, the
revelations come amid questions about the effectiveness of antivirus programs
against a growing array of cyberthreats. Symantec, which pioneered antivirus
software, is now focusing on products to help businesses minimize damage from
hackers after they get into a network.
In 2012, a FinFisher
customer who at one point called himself "Khalid from Pakistan,"
complained that antivirus software from Symantec and Bitdefender could block
his agency's spying, according to the leaked FinFisher documents. FinFisher's
tech support said he needed to upgrade to version 4.2.
A year earlier, a
Qatar agency bemoaned that it couldn't "install the infection file"
if the target used an antivirus program from Avast Software s.r.o. That is what
Avast's software is supposed to do, said Vincent Steckler, chief executive of
the Czech company.
One FinFisher product
allows anyone with access to a target computer to insert a USB drive and
download usernames, passwords and documents, according to previously leaked
documents. But in 2011, the company told an Estonian agency it might need
another way in. "Unfortunately I have to inform you that we aren't able to
bypass the [McAfee antivirus] product with current FinUSB loader," the
FinFisher representative wrote back.
Representatives for
Estonia, Pakistan and Qatar didn't respond to requests for comment.
FinFisher was launched
in 2007 by Gamma Group, a British surveillance firm, and is now an independent
company, according to its website. Neither Gamma nor FinFisher commented on the
authenticity of the leaked documents, first publicized in early August, and
neither responded to multiple requests for comment.
FinFisher may be
gaining an edge against antivirus software. The leaked documents show it has a
working relationship with Vupen, a French surveillance company that boasts in
ads that its tools "bypass all modern security protections and exploit
mitigation technologies," including antivirus.
In a Twitter post
earlier this month, Vupen CEO Chaouki Bekrar said his company only sells to
governments, not other surveillance firms. In a June email exchange with a
reporter, Mr. Bekrar said Vupen only sells to federal agencies in the U.S.
As of April, FinFisher
claimed it could sneak past most antivirus vendors, though it sometimes had
trouble with software from Slovakia-based ESET, Russia's Kaspersky Lab ZAO and
Panda Security SL of Spain, according to one of the leaked documents.
Told his company
appeared to have some luck blocking government-used malware, ESET researcher
Cameron Camp said, "Thanks, I think."
1 comment:
As you are comparing the prices you will want to see if the software is 100% free. If you want to get more interesting details about antivirus security, you may go here.
Post a Comment