NEWS FROM THE LAB - Tuesday, April 26, 2011

Corporate Malware Development Posted by Mikko @ 09:05 GMT

The Washington Times has published a long article on companies that develop backdoors and trojans for governmental use.

The article got started after we broke the news on the connections between Gamma Technologies, Elaman GmbH and the Egyptian Government.

Elaman / Gamma Technologies
Photo by R�diger Trost, F-Secure GmbH

It's more than unsettling to realize there are large companies out there developing backdoors, exploits and trojans.

Elaman / Gamma Technologies
Elaman HQ Photo by R�diger Trost, F-Secure GmbH

Of course, most of these are designed for "lawful interception".

Lawful interception has been around forever. Originally it meant just tapping landline phone calls, by the operator. Eventually it expanded to mobile calls and text messages. And then it expanded to tapping e-mails and web surfing information. However, if the suspect accesses a website that uses SSL (such as, say, Gmail), the operator can't tap it. This created a need to use malware and backdoors to infect the target's computer. Once you infect a machine, you can monitor everything done on it.

Finfisher offer

In theory, there's nothing wrong in lawful interception. When it's done by the police. In a democratic nation. With a court order. And where the suspect is actually guilty. In all other cases, it is problematic.

Other companies mentioned in Eli Lake's article include HBGary Federal and Endgame Systems.