Technology
Cash Rules Everything Around Me: Online Spying
A LibTech Seminar Series exploring how dictatorships and other types of state governments are employing malware that spies on dissidents.
Livetweeting the @liberationtech seminar "Cash Rules Everything Around Me: The Commercialization of Online Spying" on @latoyapeterson acct
The talk will "detail the cat and mouse game between authoritarian regimes and dissidents." More info here: stanford.io/UWsneF #onlinespy- Speaker bios from the website:
Morgan Marquis-Boire works as a Security Engineer at Google specializing in Incident Response, Forensics and Malware Analysis. He is a security researcher and Technical Advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto. Recently, he has been working with the Electronic Frontier Foundation on issues surrounding dissident suppression in Syria.
Bill Marczak is a Computer Science PhD student at UC Berkeley working on developing new languages, abstractions, and tools for distributed programming. Bill is also a founding member of Bahrain Watch, a monitoring and advocacy group that seeks to promote effective,accountable, and transparent governance in Bahrain through research and evidence-based activism.
- The talk starts with a short video called Dark Secrets. Watch it here: vimeo.com/36090385 #onlinespying
- "Once a platform attracts a critical mass of activists, it will be used to target them." MMB, CuteCats.exe Theory #onlinespy
- Read more about the Cute Cat Theory here: en.wikipedia.org/wiki/Cute_cat_… #onlinespy
- MMB breaks down how Syrian anti-regime activists were hacked (Burhan Ghalioun Facebook) and tracing the hackers attacks. #onlinespy
- Pro-regime forces created fake UN sites & fake Skype sites. The sites asked users to log in w/ credentials & collected the data. #onlinespy
- When pro-regime activists caught on, they changed the messaging to promote fake anti-hacking and encryption software. #onlinespy
- Pro-Syrian Government Hackers Target Activists With Fake Anti-Hacking Tool | Electronic Frontier FoundationNew Trojan Spread Over Skype as Cat and Mouse Game Between Syrian Activists and Pro-Syrian-Government Hackers Continues
- States are now seeking the right to enable their own trojan horses, install malware, & conduct remote searches and delete files. #onlinespy
- MMB hands the mic over to @billmarczak who switches the conversation to the environment in Bahrain. #onlinespy
- BM: Activists in Bahrain received "dodgy emails" with .rar attachments. Ala'a Shehabi, activist, noted may be Trojans . #onlinespy
- AS tried to open the .rar file 10 times, trojan trying to connect to an IP address from Batelco ADSL jowned by gov't & private #onlinespy
- The activists debated what to do - expose gov't, feed false info - ultimately emailed reporter who reported on SMS spying. #onlinespy
- Reporter connected BM & MMB, the Trojan was equipped w/ Anti-Analysis techniques! (Illustrated with a pic from Labyrinth, 2 pts!) #onlinespy
- Trojan did custom anti-virus evasion, virtualized obfuscation, attacked popular analysis tools, infected the master boot record. #onlinespy
- By dissecting lines of code, MMB discovered a reference to "finspy" - a kind of mythical malware. #onlinespy
- MMB explains that Finfisher and other companies commercialize threats - ISS World (aka the Wiretapper's Ball), arms fairs. #onlinespy
- MMB & BM explain their process in testing Kingfisher, watched the malware adapt. Keylogging, screengrabs are basic. #onlinespy
