Spyware officially used by police in 30 countries

    Surveillance of citizens by the government and the secret installation of malware on users' phones is no longer science fiction and not some conspiracy theories, but a common practice in the daily activities of law enforcement agencies.

    Mikko Hypponen, research director of the Finnish antivirus company F-Secure, made a presentation at the Black Hat hacking conference these days in Las Vegas. In his speech, he said that spyware is officially used by the police in at least 30 countries.

    In fact, the history of malware created for state needs has been going on since the discovery of Stuxnet - probably the first virus made under the direct supervision of the president as part of an operation codenamedThe Olympic Games .

    “More recently, the idea that a democratic Western government would be involved in writing malware seemed ridiculous,” says Hüppönen. - The idea that one democratic western state will develop an espionage program to monitor another democratic state? That is what we are observing now. ”

    Mikko Hyppönen says public services have several reasons for developing malware. This is an operational-search activity, commercial intelligence, surveillance of citizens, sabotage and cyber war.

    For example, in Finland, the police now have the right to legally install spyware on the mobile phone of a citizen who is suspected of committing crimes. The gravity of the crimes and the degree of confidence in the involvement of a citizen remain at the discretion of the police.

    Mikko Hyppönen believes that such a practice is unacceptable. Especially when it turns out that surveillance was carried out on an innocent person. “I would like [in such a situation] to apologize. It will be honest, ”he says.

    In addition to Stuxnet, the expert cited several examples of other malicious programs developed by order of government agencies: among them Gauss, FinFisher, Flame and Careto.

    Various methods are used to install malware on citizens' smartphones, including fake digital certificates, which redirect traffic from legitimate sites to exploit pack sites, said Hupponen, citing an example of a hacking of the Diginotar certification center in 2011, when attackers were able to generate valid Digital certificates for many sites, including Google, Mozilla, Twitter, and Microsoft.

    Also popular now: