14 September 2017

Governments hack your computer through Microsoft's vulnerabilities

Forget Russian children breaking out of kindergartens or hacking election results.

It's your 'friendly' federal governments that (unlawfully) hack into your PC, where they may even get a bit of help from the software manufacturers with the advent of back doors or even exploitable vulnerabilities.

It is only when they are 'busted' that a patch comes out in order to give the masses a sense of privacy, until the next vulnerability is detected (by those Russians?).

See article from 13 Sep 2017 by motherboard.com of the headline:

Researchers Catch Microsoft Zero-Day Used To Install Government Spyware

A cybersecurity firm has discovered yet another unknown vulnerability used to install government spyware. The vulnerability has now been patched.

Government hackers were using a previously-unknown vulnerability in Microsoft's .NET Framework, a development platform for building apps, to hack targets and infect them with spyware, according to security firm FireEye.

The firm revealed the espionage campaign on Tuesday, on the same day Microsoft patched the vulnerability. According to FireEye, the bug, which until today was a zero-day, was being used by a customer of FinFisher, a company that sells surveillance and hacking technologies to governments around the world.

Read more: For 20 Years, This Man Has Survived Entirely by Hacking Online Games

The hackers sent a malicious Word RTF document called "Проект.doc" to a "Russian speaker," according to Ben Read, FireEye's manager of cyber espionage research. Read said FireEye doesn't know who the hackers are, other than the fact that they are presumably FinFisher customers.

The document was programmed to take advantage of the recently-patched vulnerability to install FinSpy, spyware designed by FinFisher. The spyware masqueraded as an image file called "left.jpg," according to FireEye.

This is the second time in the last six months that security researchers catch an ongoing espionage operation that uses FinFisher malware and exploits. In April, FireEye and independent security researcher Claudio Guarnieri found that unknown government hackers were using a Microsoft Word zero-day to install FinFisher spyware on Russian victims.

"[This] shows that the company behind FinSpy has significant financial resources," Read told Motherboard in a phone call. "These types of vulnerabilities aren't cheap to obtain, whether you're buying them on the underground market or developing them in house. It shows that basically they got some cash to play with and that they have a healthy customer base willing to pay them to use the vulnerabilities."

FinFisher did not immediately respond to a request for comment.

No comments: