Schrodinger’s Cat Video and the Death of Clear-Text

Author: Morgan Marquis-Boire

“… while Web 1.0 was invented so that theoretical physicists could publish research online, Web 2.0 was created so that people could publish cute photos of their cats.”
Ethan Zuckerman (2007)

“Hidden in the dashboard
The unseen mechanized eye
Under surveillance
The road is full of cat’s eyes”
– The Spy in the Cab, Bauhaus (1980)

Key Findings

Commercial network injection appliances are actively targeting Google’s YouTube and Microsoft’s Live services in order to install surveillance implants on targets across the globe.

Documents indicate that a prototype for targeted surveillance network injection appliances sold to the governments of Oman and Turkmenistan was designed by CloudShield Technologies, a US Department of Defense contractor.1

This report reveals never before seen documentation on the operation of Network Injection appliances from both Hacking Team and FinFisher and provides source code for an early prototype of FinFisher’s FinFly ISP product.


While there has been much discussion about the use of software described as ‘implants’ or ‘backdoors’ to perform targeted surveillance, this report is about the less well understood method by which most targeted surveillance is delivered: network injection. Taking advantage of security flaws in major web presences (such as Google’s ‘YouTube’ and Microsoft’s ‘Live’)2, vendors have started selling turnkey solutions that enable easy installation of targeted surveillance software at scale.

This report provides a detailed analysis of two products sold for facilitating targeted surveillance known as network injection appliances. These products allow for the easy deployment of targeted surveillance implants and are being sold by commercial vendors to countries around the world. Compromising a target becomes as simple as waiting for the user to view unencrypted content on the Internet.

While the technology required to perform such attacks has been understood for some time, there is limited documentation of the operation of these attacks by state actors.
This report provides details on the use of such surveillance solutions including how they are built, deployed, and operated...


No comments:

Post a Comment