Fishing in troubled waters

Updated April 26, 2015

Email

During his days at Bilborough College in Nottingham, UK, over a decade ago, Shehzad was not quite sure how one of his good friends would know precisely what Shehzad had been up to the day before.

“We would meet in the morning and while joking around, he would say something like ‘so did you like that article on xyz website?’ Other times he would say something like, ‘you must have cooled down after visiting that hot website last night.’ I would just shrug him off. But deep down, I would sometimes feel that this guy was probably some sort of a telepathic genius. Other friends felt the same way,” he recalls.

It was only after sometime when Shehzad and other friends discovered that their “telepathic genius” friend’s “paranormal” behavior could in fact be explained through science – computer science that is.

Shehzad’s friend Ron had installed a trojan in their computers.

“A trojan is basically a computer programme that has two components, a server and a client. You install the server on the target computer and control it through the client,” explains Umair Ahmad, a Lahore-based computer programmer.


While the focus is on the Cyber Crime bill, allegations that the Pakistani government is using the spying software Finfisher are going largely unprobed


Depending on its level of sophistication, a trojan could allow its controller to carry out simple tasks from opening the CD drive tray, or monitoring the screen - to taking full control of the target system – and that includes potentially stealing sensitive information from the hard drive.

“One could either install the server component of the trojan on a computer if he has physical access to that machine or he could trick someone into installing it – a type of social engineering,” explains Ahmad.

When cornered, Ron had told his friends that he was not spying on them but only hacking into their systems “for the fun of it” and the “technical challenge”.

However, experts and whistleblowers have warned of more serious threats than those posed by people like Ron.

Edward Snowden has worked as Systems Administrator at America’s CIA and for the National Security Agency.

“There is an infrastructure in place in the United States and worldwide that NSA has built in cooperation with other governments as well that intercepts basically every digital communication, every radio communication, every analogue communication that it has sensors in place to detect and with these capabilities basically the vast majority of human and computer to computer communications and device based communications which sort of form a relationship with humans are automatically ingested without targeting,” argues Snowden.

He says the system in place allows spy agencies to even look into the past by digging out telephone call recordings and digital data of virtually any person. All they need is something as basic as a telephone number or e-mail address and that would dig out the ingested data.

At the forefront of spying operations is a company called Gamma Group that supplies spying technology to many governments around the world. The company boasts that its products can be used for social media monitoring & analysis, IP monitoring, active and passive lawful interception, data retention & analysis, strategic & tactical satellite monitoring, GSM location and tracking, command & control monitoring centers and media mining.

Marketing videos of Gamma Group show how governments could easily use their products, including Finfisher to monitor, e-mail, telephone, Skype and other communications.

Professor Ronald Deibert is Head of Citizen Lab, an interdisciplinary laboratory at the University of Toronto. Along with a team of computer and security experts, he has been tracking down Finfisher and other spy software.


Computer experts have also discovered that the Finfisher is programmed with a backdoor. So not only does the software allow the Pakistani government to spy on its citizens but can also effectively allow spy agencies of other countries to break into Pakistan’s telecommunication infrastructure.


“In the case of Finfisher, what we did is we first were able to get samples of the malware, of the malicious software from targets. Through forensic analysis of the software samples, reverse engineering and understanding how the spyware works, we were able to see where the software connects to. After doing that we found the locations of servers in a number of countries, one of which was Pakistan.”

In addition to that, documents by WikiLeaks have also confirmed that Pakistan is one of the clients of Gamma Group. The information was obtained when a computer hacker broke into Gamma Group servers and stole over 40 Gigabytes of data that he passed on to the WikiLeaks. The data included a technical support chat between Gamma Group representative and an unknown client in Pakistan.

The discovery led Bytes for All, a Pakistani human rights organisation focused on information and communication technologies, to probe the spying operations in Pakistan. Based on their findings, they initiated legal action against the Pakistan government for violating the constitution through mass spying of its citizens.

Computer experts have also discovered that the Finfisher is programmed with a backdoor. So not only does the software allow the Pakistani government to spy on its citizens but can also effectively allow spy agencies of other countries to break into Pakistan’s telecommunication infrastructure.

Officials from Pakistan’s Information Technology Ministry, Pakistan Telecommuni­cation Limited — PTCL — and from other departments have either refused to talk about the subject or come across as clueless.

“Anyone could pick up a paper and pencil, jot something down and get it published and that would be a report. I don’t know about that (Finfisher) report. We hear from different places that the super power is engaged in spying. If that is true then it is not the right thing to do,” says Senator Mushahidullah Khan.

Bytes for All says that even the courts are reluctant to proceed with the case.

“When we filed this petition, the court ordered PTCL, which is the main respondent, to investigate the matter and comeback and deliver its report. Even though six different dates were given for hearings, on the last minute each time the court hearings were cancelled for different reasons. And since then there have not been any new dates. The petition is still with the court but it seems as though it is dormant,” says Fahad Desmukh, project manager at Bytes for All.

Computer experts say while it may not be possible to completely evade monitoring by intrusive state institutions, there are some steps the general public could take to make themselves relatively more secure while using computers:

  1. Install and keep up-to-date an anti-virus programme on your computer. However do not fall prey to a false sense of security. Just because you have an anti-virus programme installed does not mean you are fully protected as certain malicious programmes can bypass anti-virus scanners.

  2. Install a firewall on your system. Configure it properly so that it blocks all incoming and outgoing connections unless authorised by you.

  3. Frequently check firewall logs for any access attempts from outside or local programmes trying to access the internet. Probe any access attempts.

  4. Never open e-mail attachments from unknown senders no matter how tempted you may be. It is possible to trick someone into executing a Trojan server while packaging it as a video.

  5. An attachment from a friend does not necessarily mean that it would be safe. The friend may have infected his own system and forwarded you a trojan server guised as a tempting video or game.

  6. Just because you find a USB stick lying around the office does not mean you let curiosity get the better of you. Do not insert it in your computer. Spy software like Finfisher can be installed on a system simply by inserting a USB stick into the system.

  7. Only install Windows or other updates through the official/authentic medium or through its updater. Never execute attachments supposedly received in e-mail from “Microsoft” or any other sender.

  8. Various websites, particularly porn sites, could incorporate Active X technology that could install a backdoor into your system while you are in a state of virtual thoughtlessness.

  9. Learn to use encryption software and use it to encrypt your communications.

  10. Avoid storing sensitive information on your computer. You may wish to store it on some offline medium and keep it in a secure place.

  11. Watch out for people using social engineering to extract information from you. Does someone really need to know what s/he is asking you?

  12. Use strong passwords on your computer and do not leave your system unattended.

Published in Dawn, Sunday Magazine, April 26th, 2015

On a mobile phone? Get the Dawn Mobile App: Apple Store | Google Play