“Technology can work for us [and] happen to us” says Morgan
Marquis-BoireExcerpt, minor edit by Carolyn Bennett
Critical issue: Secreted surveillance
When targeted surveillance is opaque and technological
capabilities remain secret, citizens lack the knowledge to fully comprehend the
scope and nature of surveillance and lack the ability to challenge it, say the
authors of For Their Eyes Only: The Commercialization of Digital Spying.
Report’s authors
 |
| MarCzack andMarquis-Boire |
Morgan Marquis-Boire (a Security Researcher and Technical Advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto, working as a Security Engineer at Google specializing in Incident Response, Forensics and Malware Analysis; and serving as a Special Advisor to Google Ideas).
With Bill MarCzack (a Computer Science Ph.D. student at UC Berkeley, a founding member of Bahrain Watch, a monitoring and advocacy group that seeks to promote effective, accountable, and transparent governance in Bahrain through research and evidence-based activism).
Claudio GUArnieri (a security researcher at Rapid7, specialized in tracking, dissecting and understanding malware and botnets, also working with and a core member of the non-profit organizations The Honeynet Project and The Shadowserver Foundation; and develops Cuckoo Sandbox and other open source projects).
John Scott –Railton (a Citizen Lab Fellow conducting research on electronic attacks in MENA, co-developer of the Voices Projects to support the free and secure flow of information from Egypt and Libya during the Arab Spring; his dissertation at UCLA focused on the human security implications of climate change adaptation failure in West Africa).
 |
| Their report |
F
|
or Their Eyes Only: The Commercialization of
Digital Spying “is one of the first extended projects attempting to map out
the nature of commercial surveillance software. The work “opens a window into
this space, but it remains crucial that the nature and impact of the commercial
surveillance market be better understood,” says Morgan Marquis-Boire. “Technical
research in this field has only just begun, but it is already clear that the
stakes are high.
“The proliferation of increasingly powerful commercial
surveillance tools has serious implications not just for dissidents and activists,
but for all of us, no matter our citizenship.
Cover of darkness
“There is extremely limited candor from companies about the
nature and scope of the due-diligence performed when sales are contemplated.
“In what has been referred to as ‘permissive’
standard, companies have sometimes stated that they will only sell to states that are not on official blacklists
established by the European Union or the United States.
They have been similarly opaque
about what actions, if any, they have taken as a consequence of the cases in
countries like Morocco, Bahrain, and the UAE where there is strong evidence the
tools are being abused.
Intrusion, malware
“…While hacking as a means of data-gathering has existed
since the inception of the Internet, in the last few years as lawful
interception products have grown, so has an industry that provides
commercial intrusion and malware.… Once a boutique capability possessed by few
nation states, Morgan Marquis-Boire continues:
…commercial intrusion and monitoring
tools are now being sold globally for dictator pocket change.
While this technology is frequently
marketed as lawful intercept capability, in countries where criminal activity
is broadly defined or where dissent is criminalized, these tools are used as a
mechanism for repression.
The concept of ‘lawful interception’
does not apply in countries where the rule of law is absent.
With the increased ability of regimes
to purchase advanced surveillance capabilities from ‘Western countries,’ this
technology has been used to target activists, journalists, dissidents and human
rights workers.
“
|
An investigation uncovering the use of ‘governmental IT
intrusion’ software against a group of Middle Eastern activists last year has
grown into a body of research displaying the ubiquity of commercialized
surveillance software.
“While there are undoubtedly legitimate uses for targeted
surveillance, historical abuses of secret surveillance are manifold.
“When such activity is opaque and technological capabilities
remain secret, citizens lack the knowledge to fully comprehend the scope and
nature of surveillance and hence lack ability to challenge it.
“Technology can work for us,” Morgan Marquis-Boire writes, “but
it can also happen to us.”
FINDINGS
The reported findings of Citizen Lab and Canada Centre for
Global Security (Security Studies Munk School of Global Affairs, University of Toronto)
were these.
FinSpy Command and Control servers were
operating in countries scanned: two servers in Brunei, one in Turkmenistan’s
Ministry of Communications, two in Singapore, one in the Netherlands, a new
server in Indonesia, and a new server in Bahrain.
Partial replication of earlier
findings in a Rapid7 analysis, which reported finding FinSpy Command and Control
servers in ten countries: Indonesia, Australia, Qatar, Ethiopia, Czech Republic,
Estonia, USA, Mongolia, Latvia, and the UAE; Citizen Lab’s scan confirmed the presence of FinSpy on all of the
servers reported by Rapid7 that were still available to be scanned: FinSpy
servers in Indonesia, Ethiopia, USA, Mongolia, and the UAE confirmed; remaining
servers were down at time of scanning; the server in the USA appeared to be an
IP-layer proxy (e.g., in the style of Network Address Translation)
 |
| Citizen Lab Munk School of Global Affairs University of Toronto |
RECOMMENDATIONS
Citizen Lab recommends that all users run Anti-Virus
software, promptly apply (legitimate) updates when they become available, use screen
locks, passwords and device encryption (when available).
Do not run untrusted
applications and do not allow third parties access to mobile devices.
A
|
s technology “can … happen to us,” Morgan Marquis-Boire’s
hope, as the result of this research, he says, is that it “will help us make an
informed decision about what is happening.”
Sources and notes
“For Their Eyes Only: The Commercialization Of Digital
Spying” by Morgan Marquis-Boire (a Security Researcher and Technical Advisor at
the Citizen Lab, Munk School of Global Affairs, University of Toronto, working
as a Security Engineer at Google specializing in Incident Response, Forensics
and Malware Analysis; and serving as a Special Advisor to Google Ideas). [Citizen Lab and Canada Centre for Global Security, Security
Studies Munk School of Global Affairs, University of Toronto, Wednesday, May 1,
2013], https://citizenlab.org/for-their-eyes-only; Licensed under Creative
Commons Attribution 2.0
WITH
Bill MarCzack (a Computer Science Ph.D. student at UC
Berkeley, a founding member of Bahrain Watch, a monitoring and advocacy group
that seeks to promote effective, accountable, and transparent governance in
Bahrain through research and evidence-based activism).
Claudio GUArnieri (a security researcher at Rapid7,
specialized in tracking, dissecting and understanding malware and botnets, also
working with and a core member of the non-profit organizations The Honeynet
Project and The Shadowserver Foundation; and develops Cuckoo Sandbox and other
open source projects).
John Scott –Railton (a Citizen Lab Fellow conducting
research on electronic attacks in MENA, co-developer of the Voices Projects to
support the free and secure flow of information from Egypt and Libya during the
Arab Spring; his dissertation at UCLA focused on the human security
implications of climate change adaptation failure in West Africa).
https://citizenlab.org/storage/finfisher/final/fortheireyesonly.pdf
ACM TechNews ─ “Software Meant to Fight Crime Is Used to Spy
on Dissidents,” by The New York Times, August 31, 2012, http://cacm.acm.org/news/154827-software-meant-to-fight-crime-is-used-to-spy-on-dissidents/fulltext
“Government-operated
spyware on the rise around the world – report,” May 03, 2013 19:51,
http://rt.com/news/citizen-lab-finfisher-wikileaks-spyware-788/
Ref: Gamma Group Finfisher IT intrusion; Citizen Lab;
Mozilla Foundation
__________________________________________
Bennett's books are available in New York State independent bookstores: Lift Bridge Bookshop: www.liftbridgebooks.com [Brockport, NY]; Sundance Books: http://www.sundancebooks.com/main.html [Geneseo, NY]; Mood Makers Books: www.moodmakersbooks.com [City of Rochester, NY]; Dog Ears Bookstore and Literary Arts Center: www.enlightenthedog.org/ [Buffalo, NY]; Burlingham Books – ‘Your Local Chapter’: http://burlinghambooks.com/ [Perry, NY 14530]; The Bookworm: http://www.eabookworm.com/ [East Aurora, NY] • See also: World Pulse: Global Issues through the eyes of Women: http://www.worldpulse.com/ http://www.worldpulse.com/pulsewire http://www.facebook.com/#!/bennetts2ndstudy
__________________________________________
No comments:
Post a Comment