Canada is among 25 countries linked to a spyware network that is being used by repressive governments to stifle dissent, according to researchers at the University of Toronto.
A new study from the Citizen Lab at the Munk School of Global Affairs has identified Canada as one of the countries where servers are hosted for FinFisher, a trojan horse program that can log keystrokes on a computer, turn on cameras and microphones, grab screen images and even listen in on Skype chats.
Also known as FinSpy, the software first came to researchers’ attention in the spring of 2011, when protesters in Egypt raided a government office and found a proposal from FinSpy’s makers to sell the program to the government of then-Egyptian President Hosni Mubarak.
The software’s makers, U.K.-based Gamma International, say the software is meant to be used “against pedophiles, terrorists, organized crime, kidnapping and human trafficking,” according to the New York Times.
But the Citizen Lab researchers say the software is "regularly obtained by countries where dissenting political activity and speech is criminalized."
“A FinSpy campaign in Ethiopia uses pictures of Ginbot 7, an Ethiopian opposition group, as bait to infect users. This continues the theme of FinSpy deployments with strong indications of politically-motivated targeting,” the Citizen Lab report states.
“There is strong evidence of a Vietnamese FinSpy Mobile Campaign. We found an Android FinSpy Mobile sample in the wild with a command & control server in Vietnam that also exfiltrates text messages to a local phone number.”
The researchers identified a server operated by Softcom Inc., a web hosting service located in Canada, as hosting FinSpy. But because this is a hosting service, it’s difficult to say who is operating FinSpy from that location, or for what purposes.
"They (Gamma) claim that they only sell to government, law enforcement and intelligence communities," said Morgan Marquis-Boire, a San Francisco-based engineer for Google who is one of the authors of the Citizen Lab report, in an interview with The Canadian Press.
"Given that hosting in (the web hosting company's) ranges is acquirable with the use of money, it's difficult to provide strong attribution."
Among the other countries where FinFisher servers are located are Mexico, Bangladesh, Malaysia, Serbia, Vietnam and the United States.
No government has ever admitted to using FinSpy, the New York Times reports.
“This is dual-use equipment,” Eva Galperin of the internet civil liberties activist group Electronic Frontier Foundation told the Times. “If you sell it to a country that obeys the rule of law, they may use it for law enforcement. If you sell it to a country where the rule of law is not so strong, it will be used to monitor journalists and dissidents.”
But “if you look at the list of countries that Gamma is selling to, many do not have a robust rule of law,” Marquis-Boire told the New York Times. “Rather than catching kidnappers and drug dealers, it looks more likely that it is being used for politically motivated surveillance.”
The Japanese government counter-terrorism practice of <a href="http://www.reuters.com/article/2007/11/20/us-japan-fingerprinting-idUST23858020071120" target="_hplink">fingerprinting foreigners who enter the country</a> may have inspired Doctor Tsutomu Matsumoto to invent "fingerprinting gels", a way of <a href="http://cryptome.org/gummy.htm" target="_hplink">faking fingerprints for scanners</a>. <a href="http://www.dansdata.com/uareu.htm" target="_hplink">Learn how</a> to make your own here.
White Noise Generator
Worried someone around you is <a href="http://articles.businessinsider.com/2011-07-28/strategy/29998051_1_bank-employee-consent-conversation" target="_hplink">secretly recording everything you do?</a> No fear! There's a relatively low-tech way to defeat such snoops, via white-noise-producing <a href="http://www.amazon.com/Productive-Home-Security-Prducts-Jammer/dp/B002PJ7PYS" target="_hplink">audio jammers</a>. These tiny devices use good ol' white noise to blur the sound picked up by hidden microphones and other surreptitious recording devices.
<a href="http://www.technologyreview.com/view/421768/silence-smart-phones-at-thanksgiving-dinner-with/" target="_hplink">MIT's Technology Review</a> calls it the newest, hottest Thanksgiving accessory -- but you can use phone-size "<a href="http://en.wikipedia.org/wiki/Faraday_cage" target="_hplink">Faraday cages</a>" like this (sold by <a href="http://www.uncommongoods.com/product/phonekerchief?9gtype=search&9gkw=phone kerchief&9gad=6315569457&gclid=CKWq9s2krLICFcRM4AodwDoAAw" target="_hplink">uncommongoods</a>) to block your cellphone's call signal, WiFi and GPS. Handy now that<a href=" http://arstechnica.com/tech-policy/2012/08/federal-court-rules-cops-can-warantlessly-track-suspects-via-cellphone/" target="_hplink"> federal courts are ruling that cops can track suspects via cellphone sans warrant</a>, and <a href="http://www.zdnet.com/apple-patent-could-remotely-disable-protesters-phone-cameras-7000003640/" target="_hplink">Apple can remotely disable your phone camera with a click</a>. As security researcher <a href="http://nplusonemag.com/leave-your-cellphone-at-home" target="_hplink">Jacob Appelbaum said in an interview with N+1 back in April</a>, "Cell phones are tracking devices that make phone calls." So shouldn't you be prepared for when you <em>don't</em> want to be tracked?
Hidden cameras got you down? Blind them all with a simple baseball cap lined with infrared LEDs. <a href="http://creator.wonderhowto.com/amiehold/" target="_hplink">Amie, a hacker on WonderHowTo</a>, shows the world <a href="http://mods-n-hacks.wonderhowto.com/how-to/make-infrared-mask-hide-your-face-from-cameras-201280/#" target="_hplink">how to make one</a>, while <a href="http://translate.google.com/translate?u=http%3A%2F%2Fwww.oberwelt.de%2Fprojects%2F2008%2FFilo%2520art.htm&langpair=de%7Cen&hl=en&ie=UTF8" target="_hplink">this German art exhibition</a> lays out how these ingenious devices work.
These receivers reveal the telltale electronic crackle of hidden mics and cameras. Strangely enough, they were around long before "surveillance culture" became a <a href="http://digitalcommons.law.yale.edu/ylsspps_papers/64/" target="_hplink">common phrase</a>. Today they're sold in all sorts of <a href="http://www.gadget-playground.com/bug-detection.html" target="_hplink">shops for surveillance paranoids</a>.
Sometimes hiding your face isn't enough; sometimes you don't want to be seen at all. For those days, there's camera maps. The <a href="http://www.mediaeater.com/cameras/locations.html " target="_hplink">NYC Surveillance Camera Project</a> is currently working to document the location of and working status of every security camera in New York City. This project has been replicated by others in <a href="http://www.notbored.org/boston.html" target="_hplink">Boston</a>, <a href="http://www.notbored.org/chicago-SCP.html" target="_hplink">Chicago</a> and <a href="http://www.bloomingtonsecuritycameras.com/map.html" target="_hplink">Bloomington</a>, Indiana. <a href="http://www.notbored.org" target="_hplink">Notbored.org</a> has even published a guide to making your own surveillance camera maps (<a href="http://www.notbored.org/map-making.html " target="_hplink">here</a>).
Credit to artist <a href="http://ahprojects.com/" target="_hplink">Adam Harvey</a> for this one. Inspired by the <a href="http://www.bobolinkbooks.com/Camoupedia/DazzleCamouflage.html" target="_hplink">"dazzle camouflage" </a>used on submarines and warships during World War I, he designed a series of face paint principles meant to fool the facial recognition schemas of security cameras. Check out <a href="http://dismagazine.com/dystopia/evolved-lifestyles/8115/anti-surveillance-how-to-hide-from-machines/ " target="_hplink">The Perilous Glamour of Life Under Surveillance</a> for some tips on designing your own camera-fooling face paint.
Walmart may be the premier symbol of corporate America, but its disposable cellphone selection can help you start a thoroughly maverick lifestyle. <a href="http://www.walmart.com/ip/TracFone-Samsung-S125G-Prepaid-Cell-Phone-Bundle/20933059" target="_hplink">$10 TracFones</a> work on most major networks, including <a href="http://www.prepaidphonenews.com/2011/12/how-to-get-tracfone-net10-or-straight.html" target="_hplink">AT&T, T-Mobile, Sprint and Verizon</a>, and come with minutes prepaid so you can dispose of the devices when you're done.
Radio-Frequency Identification (RFID) chips are now <a href="http://electronics.howstuffworks.com/gadgets/high-tech-gadgets/rfid.htm" target="_hplink">regularly implanted</a> in passports, ID cards, credit cards and travel papers. These tiny chips make machine-reading your documents easier -- but could also let anyone with the right type of scanner <a href="http://articles.cnn.com/2006-07-10/tech/rfid_1_rfid-industry-rfid-journal-rfid-chips?_s=PM:TECH " target="_hplink">scrape your information <em>and</em> track your whereabouts</a>. Luckily, gadget geeks have come to the rescue again, this time with<a href="http://www.thinkgeek.com/product/8cdd/" target="_hplink"> RFID-blocking wallets</a>. Working on the same principle as the "phonekerchief", these wallets create a Faraday cage around your items, keeping their data secure until you take them out to be scanned where they're supposed to be scanned. Destroying the chip is simpler: <a href="http://www.instructables.com/id/How-to-blockkill-RFID-chips/" target="_hplink">just nuke it in the microwave for five seconds</a>. Of course, whatever you're microwaving might <a href="http://www.youtube.com/watch?v=4_5UYcyO3Pg" target="_hplink">burst into flames</a> first...
Earlier on HuffPost: