F-Secure: security firms should block state malware
By Stewart Mitchell
Posted on 8 Mar 2011 at 10:19
Anti-virus companies should spot and block state-sponsored intrusion, according to security company F-Secure.
The company was reacting to revelations that the Egyptian authorities may have purchased and employed a German-made surveillance system to use on its citizens, as suggested in documents taken from former Government buildings.
F-Secure said the documents came from the headquarters of the Egyptian State Security, but admitted they had yet to be confirmed as genuine. The papers suggested the security services had received offers to use a product called FinFinder.
According to Elaman, the German company that makes the suite, FinFinder offers governments a range of tools to tap into user or business computers.
If the US Government would ask us not to detect something and we complied, then what?
Under the heading “Governmental security solutions”, Elaman offers products such as FinSpy, “which guarantees full and real-time remote access and control of the target's computer”, and FinFly, which is “an infection proxy used to deliver intrusion software”.
Whether the Egyptian authorities used the software or not remains unknown, but the possibility raises interesting questions about the independence of security companies and how they should treat states' cyber activity.
Should Government trojans be blocked?
The big question for security companies, claimed F-Secure, is whether these tools should be treated in the same way as general criminal viruses, trojans and other security threats.
“It would be a slippery slope to stop detecting government trojans,” said Mikko Hypponen, chief research officer at F-Secure, on the company blog.
“If the US Government would ask us not to detect something and we complied, then what? Should we avoid detecting hacking software used by goverments ... of which country? Germany? UK? Israel? Egypt? Iran?"
“We are in the business of selling protection," he added. "We're selling products to protect our customers from attack programs - regardless of the source of such programs."
However, because the code for FinFinder and other government-backed trojans are closely-guarded secrets, F-Secure admits it can't currently add them to its list of malware signatures.
“The obvious question here is: do we detect FinFisher? And the answer is: we don't know, as we don't have a sample at hand we could use to confirm this,” said Hypponen.
“It's perfectly possible that we have already received a sample of FinFisher or some similar tools from our customers. However, if that has happened, we have been unable to distinguish them from 'normal' criminal trojans. We don't have any known government intrusion tools in our possession.”
Is your business a social business? For helpful info and tips visit our hub.
do we detect FinFisher? And the answer is:
Buy a copy?
Or is this only available to governments - and if so, which?
By greemble on 8 Mar 2011
Re: do we detect FinFisher? And the answer is:
1) You didn’t follow the link and look at the prices.
2) You’re right in thinking about government restrictions. Rapid7 LLC will sell Metasploit Pro to most people, but the laws in the US and the EU are not the same. Laws in the EU are less favourable for sales of such dual-use products.
3) No company is obliged to sell to F-Secure. If F-Secure were to buy the product through deception and use it in a way not permitted in the contract, it would open itself up to significant financial liability in court.
By pacid on 9 Mar 2011
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords