Elusive FinSpy Spyware Pops Up in 10 Countries. Gamma GroupGamma Group markets its FinFisher surveillance product to governments, but researchers say it may be used more broadly. It is one of the more elusive commercial cyberespionage tools available. It is marketed as a way for governments to spy on criminals. And for over a year, virus hunters unsuccessfully tried to track it down. Now it is popping up across the globe, from Qatar to an Amazon server in the United States.
FinFisher is a spyware product manufactured by the Gamma Group, a British company that sells surveillance technology. Security researchers who studied the spyware last month said it can grab images of users’ computer screens, record their Skype chats, remotely turn on cameras and microphones, and log keystrokes. The spyware first attracted attention in March 2011 after protesters in Egypt raided the country’s state security headquarters and found an offer to buy FinFisher for 287,000 euros, or $353,000.
Security researchers say their findings contradict Mr. Mr. Virus Seeking Bank Data Is Tied to Attack on Iran. A security firm said Thursday that it had discovered what it believed was the fourth state-sponsored computer virus to surface in the Middle East in the last three years, apparently aimed at computers in Lebanon. The firm, Kaspersky Lab, said that the virus appeared to have been written by the same programmers who created Flame, the data-mining computer virus that was found to be spying on computers in Iran in May, and that it might be linked to Stuxnet, the virus that disrupted uranium enrichment work in Iran in 2010.
The latest virus, nicknamed Gauss after a name found in its code, has been detected on 2,500 computers, most in Lebanon, the firm said. Its purpose appeared to be to acquire logins for e-mail and instant messaging accounts, social networks and, notably, accounts at certain banks — a function more typically found in malicious programs used by profit-seeking cybercriminals. “The United States has had a number of Lebanese banks under the microscope for a while,” said Bilal Y. Exclusive: Computer Virus Hits U.S. Drone Fleet | Danger Room. A computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military’s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas.
Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech’s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military’s most important weapons system. “We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. But despite their widespread use, the drone systems are known to have security flaws. Mahdi, the Messiah, Found Infecting Systems in Iran, Israel | Threat Level. Mahdi has targeted computers primarily in Iran and Israel, though it has also infected computers elsewhere in the Middle East. Courtesy of Seculert Who knew that when the Messiah arrived to herald the Day of Judgment he’d first root through computers to steal documents and record conversations?
That’s what Mahdi, a new piece of spyware found targeting more than 800 victims in Iran and elsewhere in the Middle East, has been doing since last December, according to Russia-based Kaspersky Lab and Seculert, an Israeli security firm that discovered the malware. Mahdi, which is named after files used in the malware, refers to the Muslim messiah who, it’s prophesied, will arrive before the end of time to cleanse the world of wrongdoing and bestow peace and justice before Judgment Day. But this recently discovered Mahdi is only interested in one kind of cleansing – vaccuuming up PDFs, Excel files and Word documents from victim machines. Russia's Top Cyber Sleuth Foils US Spies, Helps Kremlin Pals | Danger Room. Eugene Kaspersky, Soviet officer turned software tycoon.Photo: Stephen Voss It’s early February in Cancun, Mexico.
A group of 60 or so financial analysts, reporters, diplomats, and cybersecurity specialists shake off the previous night’s tequila and file into a ballroom at the Ritz-Carlton hotel. At the front of the room, a giant screen shows a globe targeted by crosshairs. Cancun is in the center of the bull’s-eye. A ruddy-faced, unshaven man bounds onstage. He’s bragging to be sure, but Kaspersky may be selling himself short.
But this still doesn’t fully capture Kaspersky’s influence. Kaspersky has 300 million customers. Serving at the pinnacle of such an organization would be a remarkably powerful position for any man. What is mentioned is Kaspersky’s vision for the future of Internet security—which by Western standards can seem extreme. These are not exactly comforting words from a man who is responsible for the security of so many of our PCs, tablets, and smartphones. LinkedIn eHarmony password leak: What Russian hackers do with your personal information. Illustration by Robert Neubecker. The news on Wednesday sounded like the setup for a lame Silicon Valley joke.
Russian hackers stole 6 million passwords from LinkedIn. Did they mistranslate “world’s largest professional network” as “professional network that people actually use”? Where will they strike next, Google+? What are they going to do now that they’ve hacked all of those accounts, sell a bunch of résumés on the black market? Use your contact list to spam you with even more LinkedIn email invitations than you already get?
Amid the yawns and derision, one small group of people took the LinkedIn breach very seriously: security experts. The answers to the facetious questions above are, in all probability, no, no, yes, and yes. The full dimensions of the breach are not yet clear. The bottom line: If you have a LinkedIn or eHarmony account, you should be concerned. So how exactly do cyber-crooks use these passwords once they have them?