Translate

Friday, August 22, 2014

Antivirus Works Too Well, Gripe Cybercops


Antivirus Works Too Well, Gripe Cybercops

 

By Danny Yadron in the Wall Street Journal

For years, police have been in a cat-and-mouse game with an unexpected foe that can frustrate investigations—antivirus software.

Law enforcement's battle against Symantec Corp.'s SYMC in Your Value Your Change Short position Norton, Intel Corp., INTC in Your Value Your Change Short position McAfee brands and others gained new attention this month after anonymous activists published documents from FinFisher GmbH, a secretive German firm that sells computer code to help governments snoop on targets. Amid customer names and secret price lists, the cache exposed complaints from authorities that antivirus programs had thwarted their planned surveillance.

The unusual arms race offers new detail on the extent to which governments rely on computer-security holes to snoop.

"A lot of people rely on antivirus for protection against cybercriminals," said Morgan Marquis-Boire a senior researcher at the University of Toronto's Citizen Lab who has done extensive research on cyberspying. "You have the people we pay to protect us from very real crime trying to prevent this from working properly. That is somewhat concerning."

Government agencies across the world operate like hackers to install surveillance software like FinFisher's on targets' computers to monitor their communications. The Wall Street Journal reported last year that the Federal Bureau of Investigation had expanded its use of such tactics.

But the targets' computers may employ the same electronic defenses as other citizens. These defenses work against cybercops as well as cybercriminals.

"We certainly do our best to make sure the antivirus programs that are out there are not going to be able to detect the presence of the software," said Eric Rabe, a U.S. spokesman for the Italian company Hacking Team, also known as HT S.r.l, another maker of surveillance programs for police forces. "If you're trying to do covert surveillance, which of course is what we are trying to do, obviously it is something a company like ours has to worry about."

There is no documentation of U.S. state or local police using Hacking Team or FinFisher to monitor suspects. The two companies appear often at U.S. law-enforcement conferences and Hacking Team counts an office in Annapolis, Md., and is used in about 30 countries.

At a coming conference in Washington, D.C., a Hacking Team executive is scheduled to give a talk titled, "Intruding communication devices: live demonstration of latest attack techniques."

The FBI declined to comment. The agency uses hacking software with court approval on a case-by-case basis, former U.S. officials have said.

Ironically, the revelations come amid questions about the effectiveness of antivirus programs against a growing array of cyberthreats. Symantec, which pioneered antivirus software, is now focusing on products to help businesses minimize damage from hackers after they get into a network.

In 2012, a FinFisher customer who at one point called himself "Khalid from Pakistan," complained that antivirus software from Symantec and Bitdefender could block his agency's spying, according to the leaked FinFisher documents. FinFisher's tech support said he needed to upgrade to version 4.2.

A year earlier, a Qatar agency bemoaned that it couldn't "install the infection file" if the target used an antivirus program from Avast Software s.r.o. That is what Avast's software is supposed to do, said Vincent Steckler, chief executive of the Czech company.

One FinFisher product allows anyone with access to a target computer to insert a USB drive and download usernames, passwords and documents, according to previously leaked documents. But in 2011, the company told an Estonian agency it might need another way in. "Unfortunately I have to inform you that we aren't able to bypass the [McAfee antivirus] product with current FinUSB loader," the FinFisher representative wrote back.

Representatives for Estonia, Pakistan and Qatar didn't respond to requests for comment.

FinFisher was launched in 2007 by Gamma Group, a British surveillance firm, and is now an independent company, according to its website. Neither Gamma nor FinFisher commented on the authenticity of the leaked documents, first publicized in early August, and neither responded to multiple requests for comment.

FinFisher may be gaining an edge against antivirus software. The leaked documents show it has a working relationship with Vupen, a French surveillance company that boasts in ads that its tools "bypass all modern security protections and exploit mitigation technologies," including antivirus.

In a Twitter post earlier this month, Vupen CEO Chaouki Bekrar said his company only sells to governments, not other surveillance firms. In a June email exchange with a reporter, Mr. Bekrar said Vupen only sells to federal agencies in the U.S.

As of April, FinFisher claimed it could sneak past most antivirus vendors, though it sometimes had trouble with software from Slovakia-based ESET, Russia's Kaspersky Lab ZAO and Panda Security SL of Spain, according to one of the leaked documents.

Told his company appeared to have some luck blocking government-used malware, ESET researcher Cameron Camp said, "Thanks, I think."

 

1 comment:

Alina Smith said...

As you are comparing the prices you will want to see if the software is 100% free. If you want to get more interesting details about antivirus security, you may go here.