Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Can FinFisher infect Ubuntu?

  1. #1
    Join Date
    May 2013
    Beans
    6

    Question Can FinFisher infect Ubuntu?

    https://en.wikipedia.org/wiki/FinFisher
    https://wikileaks.org/spyfiles/files...ION_V02-08.pdf
    https://wikileaks.org/spyfiles/list/...ame/gamma.html

    It is important for activists and dissidents to know how to defend against such attacks.

    How can a person protect oneself from FinFisher?

    Is Ubuntu safe from such attacks? The Wikileaks documents mention that it can infect GNU/Linux systems as well as Windows and Mac OS.

    One of the components of FinFisher is the FinFly transparent HTTP proxy that can fake signatures and also inject malicious code into programs and other files. Are there any methods to defend against those kinds of attacks?
    Last edited by D7Gd; May 12th, 2013 at 06:18 PM.

  2. #2
    Join Date
    Mar 2006
    Location
    The Internet
    Beans
    1,817
    Distro
    Ubuntu

    Re: Can FinFisher infect Ubuntu?

    'Infect' is an odd way to think of this one. It is more of a targeted trojan for government computer systems that have been Windows.

    In short I would not worry about it,
    Last edited by stmiller; May 12th, 2013 at 09:07 PM.

  3. #3
    Join Date
    Jul 2007
    Location
    Magic City of the Plains
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Can FinFisher infect Ubuntu?

    Moved to Security Discussions.

  4. #4
    Join Date
    May 2013
    Beans
    6

    Re: Can FinFisher infect Ubuntu?

    Quote Originally Posted by stmiller View Post
    'Infect' is an odd way to think of this one. It is more of a targeted trojan for government computer systems that have been Windows.
    If they target a system running Ubuntu, can they get root access to it? For example by using the FinFly HTTP transparent proxy?

    If so, is there any way to detect them and protect yourself if you are targeted by FinFisher?

  5. #5
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Can FinFisher infect Ubuntu?

    If you are running a default Ubuntu install, the root account is disabled, so no worries there. The user is the biggest security problem, make sure you set a strong password, and practice safe computing.

  6. #6
    Join Date
    Oct 2008
    Beans
    2

    Re: Can FinFisher infect Ubuntu?

    would love to hear more on how to handle this rogue.

  7. #7
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Can FinFisher infect Ubuntu?

    Quote Originally Posted by nexus604 View Post
    would love to hear more on how to handle this rogue.
    Seeing as it doesn't affect Linux based systems, you may need to go elsewhere to find an answer to your question

  8. #8
    Join Date
    Oct 2012
    Beans
    31

    Re: Can FinFisher infect Ubuntu?

    I think d7gd makes a valid point.

    There was a report on the BBC news yesterday about this Finfisher "product" being sold to governments to spy on those who oppose the government. The report said it had been found on computers and smartphones without the owners permission. The report did not say whether it was linux/android or others.

    I think it is something that Linux Ubuntu users should take seriously. At the very least we need an open and honest discussion about it to allay any fears.

    paul
    Last edited by paulxx; May 26th, 2013 at 03:41 PM. Reason: spelling error

  9. #9
    Join Date
    Oct 2012
    Beans
    31

    Re: Can FinFisher infect Ubuntu?

    There is some interesting information on wikipedia about this issue.

    Here's a paragraph from wikipedia/finfisher which should concern anyone using Mozilla Firefox:

    "Firefox Masquerading

    FinFisher is capable of masquerading as other more legitimate programs, such as Mozilla Firefox. On April 30, 2013, Mozilla announced[20] that they had sent Gamma a cease-and-desist letter for trademark infringement. Gamma had created an espionage program that was entitled firefox.exe and even provided a version number and trademark claims to appear to be legitimate Firefox software."

    (btw, Gamma is the company that owns Finfisher)

    I'd be interested to hear the views of anyone with some expertise/knowledge of security matters concerning Linux/Ubuntu.

    paul

  10. #10
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Can FinFisher infect Ubuntu?

    Quote Originally Posted by paulxx View Post
    There was a report on the BBC news yesterday about this Finfisher "product" being sold to governments to spy on those who oppose the government. The report said it had been found on computers and smartphones without the owners permission. The report did not say whether it was linux/android or others.
    Over the years I have noticed that the news almost makes a point of avoiding mention of systems that are immune. Whether because MS will cut them off from future press conferences or other reasons I do not not. I just see the behavior.

    About FinFisher, there is little to no technical coverage, but one site does give a clue that it is Windows only
    https://blog.mozilla.org/blog/2013/0...ware-provider/

    Maybe if you try it it might run under WINE but otherwise you'll have to run Windows in a VM for it to work.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •