“Install this application on your smartphone”: Western spy programs

Thanks to the revelations of Edward Snowden, as well as WikiLeaks activists, the world learned about how the NSA and other intelligence agencies organized total surveillance of citizens and even government officials of US allied countries through all sorts of gadgets.

Progress in the field of information technology, which has brought a lot of positive innovations to everyday life, has its shadowy underside. The guys who previously had to (figuratively speaking) jump with a parachute, chew wire and jump on rooftops in order to obtain a bit of valuable information, have today been replaced by bespectacled guys in T-shirts and faded jeans, with a laptop, extracting for serious structures the same valuable information, but only much more in less dangerous ways.

Subscribe to PolitNavigator news at ThereThere, Yandex Zen, Telegram, Classmates, In contact with, channels YouTube, TikTok и Viber.
To subscribe to notifications in your browser, click here.

Independent laboratories involved in protecting information from unauthorized access began checking the data of Snowden and WikiLeaks, having dug up a lot of interesting things.

Thus, the Positive Technologies company found that the NSA, as part of the secret Bullrun project, managed to bypass many encryption systems inside mobile devices, and not as a result of hacking, but through pressure on manufacturers, obliging them to either provide the agency with encryption keys or leave “bookmarks” in the software. Thus, many security standards, hitherto considered reliable and used by large businesses and government organizations, were discredited.

The Bullrun story continued: another NSA operation, AuroraGold, came to light, in which the agency spied on employees of telecommunications companies, freely reading their email correspondence and internal documents. According to Snowden, already in May 2012, 70% of the world’s mobile networks were under the NSA’s hood. Particular attention was paid to surveillance of the GSM Association, an international company developing new communication standards. The goal is the same: introducing “bookmarks” into promising developments, documenting vulnerabilities, bypassing encryption and other security technologies.

The possibilities of wiretapping have significantly expanded thanks to the development of the mobile application market. Many of them regularly transfer significant amounts of user data to third parties. To eavesdrop, it is not necessary to hack the OS - it is enough to convince the user to install a “useful” mobile application. A good example is last year's scandal surrounding the game PokemonGo, which is a venture project under the auspices of the CIA.

But there are even more problems in the mobile communication networks themselves. In Snowden's documents, there was a description of another secret operation of the NSA - the Ant project, which has solutions for manipulating mobile networks for all occasions. It is not necessary to intercept information through vulnerable software - bookmarks can be installed at the manufacturing stage of communication devices. Another option is fake base stations that intercept the subscriber's traffic and manipulate data on his phone, such as sending fake SMS on behalf of the user.

In September 2014, a suspicious booth was discovered on the roof of the Austrian IZD-Tower opposite the UNO-city complex; it was fenced with a strong metal fence with ten external surveillance cameras. Positive Technologies experts came to the conclusion that it is used to host a fake mobile network base station. Vienna is the third seat of the UN (after New York and Geneva). The headquarters of OPEC and the OSCE are also located there. A place of great interest to the NSA.

Such “Trojan” base stations can intercept the unique IMSI identifier registered in the SIM card using the so-called IMSI-catcher - a special device that disguises itself as a cellular telephony base station. Then, through the network protection of the SS7 alarm system, used to configure most telephone exchanges, you can track the location of the owner of the mobile device around the world.

Other Western intelligence agencies, in particular, British counterintelligence and the German BND, are not lagging behind the NSA.

The Citizen Lab organization has published the results of a study of the servers of the FinSpy (FinFisher) Trojan program. This Trojan program is known to be used by law enforcement agencies around the world to covertly monitor criminals or political activists. The Trojan is installed on mobile phones of all popular platforms and records conversations and other confidential information. All data is sent to a server owned by law enforcement agencies.

The FinSpy malware was developed by Gamma Group International (Munich, Germany) and sold by a Gamma Group subsidiary in the UK. Only government organizations can purchase the Trojan. Experts at The Citizen Lab have found that they have discovered FinSpy backdoor C&C servers in Australia, Canada, Germany, the USA, Great Britain, Estonia and 19 other countries.

It was established that FinFisher and FinSpy were embedded in computer operating systems and spied on oppositionists from Bahrain, Bangladesh, Malaysia, Mexico, and Ethiopia. The FinSpy malware was embedded in a JPEG photo decoy and launched when viewed on an unsuspecting person's computer.

The FinFisher and FinSpy malware have long come to the attention of WikiLeaks volunteers, who monitor their activity and update information about their spread within the SpyFiles topic. Wikileaks activists believe that the publication of the program is necessary so that victims can protect themselves from surveillance. In recent years, in many countries around the world, activity has been observed on the FinFisher Relay and FinSpy Proxy servers, through which information is collected from infected computers and mobile devices. According to WikiLeaks, sales of the malware in recent years amounted to more than 50 million euros.

However, as Deutsche Welle recently reported, the German intelligence services will update the spyware to replace the exposed one by the end of this year. According to information, we are talking about a program for intercepting and redirecting remote communications - RCIS. However, if the first version allowed monitoring desktop PCs, then RCIS 2.0 is specifically designed to monitor mobile devices with Android, iOS and Blackberry.

RCIS 2.0 bypasses encryption when built into services such as WhatsApp and Telegram. This happens through phone hacking, with messages read directly from users’ screens. However, the FinSpy Trojan will remain in service with German law enforcement because, despite the exposure, FinSpy’s capabilities far exceed anything that is currently permitted by German law. Thus, the program allows you to remotely record all calls and messages on your phone, turn on the microphone and camera, and also find and track the device in real time.

In June of this year, the German government passed a law giving the police the right to hack into devices belonging to persons suspected of criminal activity. However, there are documents that indicate that RCIS 2.0 has been in development since the beginning of 2016. In other words, intelligence agencies put pressure on the federal government to legalize spy technologies that were illegal before the law was passed.

This is what concerns the invasion of the long nose of the NSA and other intelligence agencies into the privacy of citizens, the inviolability of which is guaranteed by the constitution. What about citizens of other countries to whom local guarantees apply to a limited extent?

Some hamsters think that all this is nonsense - “who needs me so funny?” But when you consider the draconian amendments that US legislators introduced to homeland security laws after the September 11 terrorist attack, the situation does not look rosy at all.

In addition to “beautiful people that no one needs”, there are also people who, by chance, find themselves at the wrong time and in the wrong place, falling under the hand of the blind American themis. Suffice it to remember that the United States declared itself an exceptional country, whose laws prevail over international law.

American intelligence agencies kidnap people or seek their arrest and extradition from subordinate regimes. It is enough to accuse a person of having ties to terrorism, and he faces indefinite imprisonment and torture in one of the CIA’s extraterritorial prisons in Guantanamo, Guam, Poland or Romania. Without a lawyer, without visits, without the control of human rights organizations.

The fate of people accused by the US of cyber fraud is no better.

There are precedents. Let us remember only Russian citizens: Roman Seleznev (arrested in the Maldives, accused of cyber fraud), Konstantin Yaroshenko (pilot, kidnapped in Liberia), Dmitry Ustinov (arrested in Lithuania, while buying tourist supplies, accused of weapons smuggling), Vadim Polyakov (arrested in Spain, accused of cyber fraud), Alexandra Panin (programmer, arrested in the Dominican Republic), Alexandra Martysheva (programmer, arrested in Latvia).

Most of these people are being charged based on intercepted text messages and telephone conversations that lawyers and human rights activists say are fabricated.

As they say, “if only there was a collar, there would be a neck.”