I somehow love this story… we had great fun and made it from total outsider with no chances into the final, almost winning against the overlords. My dear colleague Marcel Hilzinger and me were so close to really, really embarrassing Microsoft – but in the end, Sauron’s powers were stronger. Maybe next time, we thought, but they never invited us Linux-Magazine Journalists again. I guess they had good reason to do so. 🙂
Here’s the original (short) reference to the Linux-User editorial with a paragraph about the sensational event.
I wonder how much money our government has thrown out of the window for this, and I wonder how the truely great work from Microsoft pays off here. They claim to block Finfisher which is a large part of our German Bundestrojaner, and here is a wonderful and detailed blogpost about how they did it and about the amazing findings they made in the multiple layers of virtualization and obfuscations. “FinFisher is such a complex piece of malware that, like other researchers, we had to devise special methods to crack it.”
(Image source: https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/)
Finfisher is using an onion-like shell system of six layers around their payload (whatever that may be). And it has several virtual machines built-in with up to 32 opcodes specifically created for this system, all but to protect, obfuscate and hide the payload. But what does the payload do? On that, Microsoft’s engineers write:
“It is evident that the ultimate goal of this program is to steal information. The malware architecture is modular, which means that it can execute plugins. The plugins are stored in its resource section and can be protected by the same VM. The sample we analyzed in October, for example, contains a plugin that is able to spy on internet connections, and can even divert some SSL connections and steal data from encrypted traffic.”
A really good read this article is. And if you find the time, read this amazing work by Tora.
A recent Intercept post once more shows great insight into history and state of NSA technologies. This time it’s about voice recognition and recognizing “who’s speaking” within very little time. Things have changed since the cold war, but I was not aware of secret services creating so-called voiceprints of all of us – including and focusing on non-US citizens. There’s an NSA program called Voice RT (link), but also China and Europe are involved:
In November, a major international speaker recognition effort funded by the European Union passed its final test, according to an Interpol press release. More than 100 intelligence analysts, researchers, and law enforcement agents from over 50 countries — among them, Interpol, the U.K.’s Metropolitan Police Service, and the Portuguese Polícia Judiciária — attended the demonstration, in which researchers proved that their program could identify “unknown speakers talking in different languages … through social media or lawfully intercepted audios.”
NSA documents reviewed by The Intercept outline the contours of a similarly expansive system — one that, in the years following 9/11, grew to allow “language analysts to sift through hundreds of hours of voice cuts in a matter of seconds and selects items of potential interest based on keywords or speaker voice recognition.”
Last week the US senate agreed on extending these surveillance measures, and the NSA’s goal is clear, not only since the 2010 conference where its directors clarified:
“It is all about locating, tracking, and maintaining continuity on individuals across space and time. It’s not just the traditional communications we’re after — It’s taking a ‘full arsenal’ approach.”