An unnamed scientific researcher walks out to her mailbox, shuffles through some bills and advertisements, and pulls out an envelope containing a CD of pictures from a recent scientific conference the researcher had attended in Houston. Excited – though maybe a bit nervous – to see the candid photos of herself and her colleagues snapped by an excitable event photographer, the researcher walks inside, casually drops the unopened bills on the kitchen table, opens up her laptop, and slides in the CD. Windows asks if she’d like to open the pictures to view them. She accepts, and the pictures pop up in the photo viewer. One by one she clicks through them, viewing the photos from the event. She reminisces fondly, wincing only at that one photo where she looks either drunk or high, making mental note of the pictures to print out for her lab desk.
What the researcher doesn’t see, however, is a malicious payload – a virus, one of the most sophisticated known to man – secretly installing itself in the background of her computer. This virus would give a certain secret group of individuals complete access to her system, a group which had hijacked the package mid-transit in the mail, replaced the original CD with a copy that included the virus, taped everything back up without evidence of tampering, and sent the package on its way to her. The virus was practically untraceable and completely irremovable; it could map out networks, jump to computers not connected via the Internet, and even selectively target and destroy specific computers much like a bioengineered nano-virus – all at the direction of a secret shadow organization that was covertly infiltrating the world’s most secure computer systems.
The Equation Group
What may sound like the start to a Tom Clancy novel, or an episode of 24, is, in fact, completely real, the likes of which actually happened to one or more researchers back in 2009. In fact, surreptitious, interdiction-based cyberattacks like this one have apparently been happening since at least the early 2000s and may date back to 1996.
Last Monday, Moscow-based Kaspersky Lab released a cybersecurity report uncovering details about the most sophisticated, covert, and pervasive hacker groups known to man and possibly ever imagined. The organization, dubbed the Equation Group due to the group’s affinity towards sophisticated encryption methods, had operated practically undetected for over a decade, silently infecting computers across the globe and delivering attack payloads still unknown.
“There is nowhere I can’t go. There is nowhere I won’t find you.” – Bane, The Matrix Revolutions
Kaspersky Lab, a cybersecurity firm known primarily for its antivirus software, is no stranger to hackers. The company tracks and documents security breaches of all shapes and sizes.
For years, most high-profile computer hacks had been primarily the work of individuals or small groups motivated by curiosity or, more recently, financial interest – gray-collar criminals who would infiltrate computer systems for credit card numbers to sell on the black market. Usually these attacks are relatively unsophisticated, relying on bad operational cybersecurity practices (dubbed “opsec”) from corporations to create exploitable security holes like those seen in the recent Target and Home Depot security breaches. Only upon the discovery of the Stuxnet virus in June 2010 that sabotaged Iran’s Natanz uranium enrichment facilities have cybersecurity researchers and the public at large turned an eye towards advanced persistent threats (APTs) which use advanced hacking techniques capable of bypassing strong opsec protocols.
What make Equation Group so impressive are their “almost superhuman” technical feats, which include never-before-seen levels of ingenuity in hacking, engineering, and encryption. Those feats include:
using virtual file systems like those found in the Regin (a.k.a. WarriorPride) malware attack used by the NSA to infect overseas computers;
the ability to infect and surveil sensitive air-gapped (i.e. non-Internet connected) networks by piggybacking on USB flash drives, much like the Stuxnet virus;
encrypting malicious files and storing them in multiple branches of the Windows registry, making it immune to detect with antivirus software;
using over 300 Internet domains and 100 servers to command and control malware infrastructure; and
hijacking URL requests on iPhones to spoofed Mac servers, which indicates that Equation Group has compromised the iOS and OSX operating systems.
Hollywood good
Perhaps most impressive is an Equation Group malware platform that rewrites the firmware of infected hard drives, allowing the virus to survive even low-level reformatting that is used to securely wipe a hard drive. All major hard drive manufacturers have drive models that have been compromised, including Western Digital, Seagate, Maxtor, Samsung, IBM, Toshiba, and Micron. Once the drive has been infected, the malware is completely impossible to detect or remove; the drive is compromised forever.
Forensics software displays, in Matrix-like fashion, some of the hard drives Equation Group was able to successfully hijack. (Credit: Kaspersky)
The difference in sophistication between your average Internet hacker and Equation Group cannot be understated. Your run-of-the-mill hacker is more or less equivalent to your run-of-the-mill burglar, who might break into a place with all of the sophistication of opening an unlocked door or busting out a window with a crowbar. APTs are more like museum thieves who might dress up like a guard or clone a keycard to snatch a valuable diamond or painting. Equation Group is an APT well beyond its peers, using super-spy tactics with analogical laser grids, vent shafts, and harnesses to swap a diamond with a perfect replica, remaining entirely undetected. It’s the stuff of Hollywood’s Mission: Impossible, only without the gratuitous explosions and Tom Cruise (…at least as far as anyone knows). And like Mission: Impossible, Equation Group is more than likely a clandestine operation of the U.S. government. via RedOrbit
Anne Szarewski, 53, pioneered the cervical cancer vaccine.
Mystery: Doctors are still at a loss to explain Dr Anne Szarewski’s death in her Hampstead home in August. Doctors are still at a loss to explain what exactly caused the brilliant researchers death. She was found with high levels of an anti-malarial drug in her bloodstream, but doctors said this was not thought to have caused her death. The scientist who pioneered the cervical cancer vaccine was found dead by her husband at their $2 million home after he warned she was “heading for a crisis” by working too hard. Dr Anne Szarewski, 53, a university lecturer whose discovery has saved thousands of lives, was begged to slow down by her husband, who was becoming increasingly concerned about the pressure she was putting on herself. In August he found her dead in their four-bedroom home in West Hampstead, north London, after he spent two hours drilling through a door she had locked from the inside. Dr. Szarewski is credited with discovering the link between the human papillomavirus and cervical cancer, leading to a vaccine for HPV, the first-ever vaccine against any form of cancer, which is now routinely given to girls across the country.
A new vaccine for influenza has hit the market, and it is the first ever to contain genetically-modified (GM) proteins derived from insect cells. According to reports, the U.S. Food and Drug Administration (FDA) recently approved the vaccine, known as Flublok, which contains recombinant DNA technology and an insect virus known as baculovirus that is purported to help facilitate the more rapid production of vaccines.
According to Flublok’s package insert, the vaccine is trivalent, which means it contains GM proteins from three different flu strains. The vaccine’s manufacturer, Protein Sciences Corporation (PSC), explains that Flublok is produced by extracting cells from the fall armyworm, a type of caterpillar, and genetically altering them to produce large amounts of hemagglutinin, a flu virus protein that enables the flu virus itself to enter the body quickly.
So rather than have to produce vaccines the “traditional” way using egg cultures, vaccine manufacturers will now have the ability to rapidly produce large batches of flu virus protein using GMOs, which is sure to increase profits for the vaccine industry. But it is also sure to lead to all sorts of serious side effects, including the deadly nerve disease Guillain-Barre Syndrome (GSB), which is listed on the shot as a potential side effect.
“If Guillain-Barre Syndrome (GBS) has occurred within six weeks of receipt of a prior influenza vaccine, the decision to give Flublock should be based on careful consideration of the potential benefits and risks,” explains a section of the vaccine’s literature entitled “Warnings and Precautions.” Other potential side effects include allergic reactions, respiratory infections, headaches, fatigue, altered immunocompetence, rhinorrhea, and myalgia.
According to clinical data provided by PSC in Flublok’s package insert, two study participants actually died during trials of the vaccine. But the company still insists Flublok is safe and effective, and that it is about 45 percent effective against all strains of influenza in circulation, rather than just one or two strains.
FDA also approves flu vaccine containing dog kidney cells
Back in November, the FDA also approved a new flu vaccine known as Flucelvax that is actually made using dog kidney cells. A product of pharmaceutical giant Novartis, Flucelvax also does away with the egg cultures, and can similarly be produced much more rapidly than traditional flu vaccines, which means vaccine companies can have it ready and waiting should the federal government declare a pandemic.
Like Flublok, Flucelvax was made possible because of a $1 billion, taxpayer-funded grant given by the U.S. Department of Health and Human Services (HHS) to the vaccine industry back in 2006 to develop new manufacturing methods for vaccines. The ultimate goal is to be able to quickly manufacture hundreds of millions of vaccines for rapid distribution.
Meanwhile, there are reportedly two other GMO flu vaccines currently under development. One of them, which is being produced by Novavax, will utilize “bits of genetic material grown in caterpillar cells called ‘virus-like particles’ that mimic a flu virus,” according to Reuters.
Exploit sellers arm governments and businesses, but are they harming security for everyone else?
Remember the final battle scene in Star Wars: A New Hope? Remember how Luke Skywalker slotted a bomb from his X-Wing down the Death Star’s exhaust port to blow the spherical space-station apart? Well that port is much like a zero-day vulnerability, and the rebel force’s attack was a carefully constructed zero-day exploit.
Despite the Force being so strong in him, Darth Vader managed to commission a ship with a glaring flaw in it. In the same way, developers often create, and proudly deliver, software covered in holes. When they are exploited, and attackers fire malware or some other nasty code through them, owners of that software can be blown apart too.
Intelligence on such weaknesses, and the tools needed to exploit them, now sell for considerable sums. That’s because of what can be achieved with zero-days. As seen with super-virus Stuxnet, which took advantage of four zero-day flaws, weaponised vulnerabilities can have a major real-world impact. In that case, the malware disrupted Iran’s uranium enrichment project by sending centrifuges potty. It was said to have set the process back by two years.
Governments of both east and west, and large private businesses, are thought to be spending vast portions of their budgets on acquiring zero-day exploits. Meanwhile, vendors and users of their wares never learn of them. It’s bad news for Internet security, many argue.
Regardless of their quarrels, a bustling market has emerged, and it is one that has caused ruptures in the security community.
The good old days?
Yet it’s a far cry from what researchers had hoped it would become. Back in 2002, industry experts felt Internet security was in desperate need of a shot in the arm. They thought the best way to get companies and software vendors interested in improving the security of their estates was to make vulnerability hunting a more prosperous activity. They started talking openly about a more formal approach to introducing market incentives for security flaws.
Just after the turn of the Millenium, Jean Camp from Harvard University and Catherine Wolfrom from Berkeley wrote a paper entitled ‘Pricing Security’. In it, they argued that the Internet and “the larger information infrastructure” was awash with easily exploitable flaws. “The only ubiquitous testing of Internet security is done by egocentric hackers,” they said.
Camp and Wolfrom argued that security should be viewed as an “externality”, where if one party is hit, another can be affected either positively or negatively, but without compensation. To counter this, they suggested looking at vulnerabilities as goods, items to be bought and sold. Those who discovered vulnerabilities would effectively own them.
The researchers had a vision of a credit system, where each Internet-connected machine would be given vulnerability credits by a government body. When a machine was compromised by known flaws, the owner of the machine would relinquish their credits, or pay out in cash if they had no credits left. Those who discovered vulnerabilities, whether exploited or not, could “demand some form of payment or validation of credit ownership”. Perhaps because of the somewhat inchoate ideas put forward by Camp and Wolfrom, their vision never became a reality.
At what cost?
But start-ups did emerge in the early 2000s who did treat vulnerabilities as commodities. The most notable one was TippingPoint, which founded the Zero-Day Initiative (ZDI), a program that rewarded researchers for responsibly disclosing vulnerabilities, which were reported to vendors as soon as the flaw was validated. TippingPoint was subsequently bought by HP, but ZDI still operates today, as do many other bug bounty programmes, run by the likes of Google and Facebook.
They offer decent money – usually between $1,000 and $10,000 for each flaw found. Researchers get both monetary and reputational rewards, meaning they fill their pockets and bolster their CV for future consulting gigs.
Yet some believe they can and should make much more money from selling zero-days. Even back in 2002, this publication understands an iTunes vulnerability was sold for $13,000. But now much more is up for grabs.
On the one side, private firms are willing to pay significant fees because they want to gain an advantage over rivals, either by being better protected or by launching attacks themselves. On the other, governments want to buy in preparation for cyber warfare. Now they have seen the damage cyber tools can do, from Stuxnet to the super-sophisticated spy tool Flame, governments know what is at stake.
One industry insider, who preferred to remain anonymous, told TechWeekEurope a single zero-day can sell for anything between $5,000 and $500,000. Often, the higher-cost vulnerabilities can be bought as a package with the tools and services needed to exploit them, the insider added.
“It depends on the quality. They sell for what they are worth,” the source said. “The growing need, coupled with the shrinking availability and the time it takes to find and write, sets the price for exploits. Its just basic supply and demand.”
‘Security for the one percent’
Zero-day merchants take a variety of forms. Major government contractors such as Lockheed Martin, Harris Corporation, Northrop Grumman and Raytheon are thought to be involved, but a host of specialised firms have emerged over the last decade, including Netragard, Errata Security and Vupen. It is the latter group who have been involved in a vituperative war of words with Internet activists and the more vocal members of the security industry.
The main criticism of zero-day sellers is an obvious one. By not sharing their information with the wider community, a flaw is known to a select few, often government bodies and big businesses, whilst the majority go unprotected.
This lack of what is widely-known as “responsible disclosure” is what perturbs many. “It’s security for the one percent and it makes the rest of us less safe,” the Electronic Frontier Foundation said in an essay earlier this year. “These companies are basically selling burglary tools,” claims Professor Ross Anderson, of the University of Cambridge.
When Vupen decided not to tell Google about a zero-day in the Chrome browser, even though it claimed $60,000 in CanSecWest prize money for finding it, it became the bete noire of an industry that had already attracted a lot of bad publicity. Chrome users would be placed at risk, all because one company wanted to keep its handful of customers happy, onlookers moaned.
Even though he said he would only sell to NATO governments and partners, Chaouki Bekrar, CEO of Vupen, told Forbes magazine that he wouldn’t share the information with Google, even for $1 million. “We don’t want to give them any knowledge that can help them in fixing this zero-day exploit or other similar exploits. We want to keep this for our customers.”
Open source troubles?
But there may be an even more pernicious side-effect of the market’s growth. Anderson believes open source projects are now threatened by people wanting to profit from weaknesses.
Researchers are purposefully placing bugs in open source software during the development stages, so that when code appears in completed products, those same researchers can highlight the flaws and profit from them where companies are willing to pay, Anderson has told TechWeekEurope. He claimed to know of several projects where this has happened, but declined to name names.
“That’s now happening. I’ve seen it in the last four months,” Anderson said. Imagine if Linux had flaws purposefully written into it, he ponders. “Intelligence agencies would be willing to pay an extraordinary amount for zero-days for Linux.”
Those against “irresponsible” vulnerability sellers want tighter regulation. Globally, there is little restriction on the practice. Germany, which is known for having strict rules when it comes to data, is one of the only nations to have made it illegal to sell exploits. It’s even illegal there to research zero-day exploits at all.
In the UK, Anderson says he wants more controls over who UK-based zero-day merchants can sell to overseas. He doesn’t want repressive regimes using British technology to carry out mass surveillance on citizens, as has allegedly occurred in the case of Andover-based Gamma International, whose FinSpy tool has appeared tracking dissidents in Syria and Bahrain. Privacy International has threatened the UK government with legal action, if it fails to introduce tighter checks.
Fight night
Now, having been criticised ad infinitum, zero-day hunters are biting back at critics. And at journalists. Is your article going to be another piece of “troll journalism”, Vupen’s CEO asked your reporter, while this article was in progress. He declined to answer any of TechWeekEurope’s questions. Indeed, he has been wary of journalists since that infamous Forbes article.
But others are happy to speak out. When asked about the open source issue, zero-day sellers say they have heard rumours of such subterfuge, but never have they seen it.
When it comes to regulation, they believe they are, at heart, no different from coders. And there shouldn’t be laws stymying the work of coders, they argue. Those calling for legislation, they say, are just jealous, because they don’t have the skills to find the zero-days and subsequently profit from them.
“The recent industry obsession with doting on vulnerability markets is an unproductive campaign with improperly informed champions striving for idealistic, and ultimately useless, regulations,” says Aaron Portnoy, vice president of research and co-founder of Exodus Intelligence. Portnoy was one of the big-shots of the HP TippingPoint ZDI, running it for two years out of the six he was there. The rest of his five-man team is from ZDI too.
His company has a slightly different model to others, selling a feed of data on zero-days and related exploits, and promising to eventually disclose vulnerabilities to vendors for free. It finds vulnerabilities, but also pays external researchers when they hand Exodus their findings. Portnoy might run things differently to the more controversial players in the industry, but he has similarly strong views on those calling for governments to tighten their grip on the market. Security for the one percent? Nonsense, Portnoy says.
“If the ability to sell an exploit suddenly disappeared the Internet would not be a safer place, and individuals would not cease their research into discovering innovative ways to break code,” he told TechWeekEurope. “Those who believe regulation or transparency into this market seem to think otherwise, and that is likely because they themselves aren’t the ones finding the bugs.
“By fixing a single vulnerability, you protect one piece of software from one flaw… by providing enterprises and vendors insight into what attackers are capable of, you enable them to better design their defenses and hopefully develop solutions that are wider in scope.
“If people are concerned about the safety of their Internet, they should stop focusing on trying to stop curious people from being curious.”
Many exploit experts would rather see the software development industry better regulated. They believe vendors should be held more accountable when holes in their software cause harm to Internet users. That’s what Charlie Miller, one of the most noted flaw finders in the world, backs. “Exploits aren’t the problem, vulnerable programs are. Let’s make our devices unbreakable and end the discussion,” he recently tweeted.
Inner turmoil
But whilst zero-day dealers have been lashing out at critics, the market is prone to infighting too. Unlike the traditional security market, where anti-virus vendors at least ostensibly work closely with one another and willingly share threat information, exploit dealers are considerably more antagonistic.
Earlier this month, Bekrar sent a message to Netragard CEO Adriel Desautels, accusing the latter of “trolling” Vupen. “Stop promoting yourself and your s**t by trolling about us, you don’t know a s**t about us nor our customers, teenager,” read one message. “We’re a 100% research compny while u’re just another broker compny without balls to do your own 0Ds,” read another.
Desautels says the argument was over ethics. Netragard offers penetration testing services and claims to do plenty of its own research on the exploit side. It also acts as a broker of exploits, selling other researchers’ work on to the highest bidder.
The company chief tells TechWeekEurope he is far from fond of the Vupen model, in particular its unwillingness to inform vendors. “I couldn’t believe he was talking like that in public,” Desautels says. “Vupen says it won’t sell to a vendor. In my opinion that is both irresponsible and unethical. It’s unethical because if a vendor approaches you willing to pay an exclusive price for a zero-day, it’s the same thing as anyone else willing to pay for a zero-day.
“It’s irresponsible because look at who is in NATO. There are a lot of countries in NATO that don’t like each other.”
Desautels, whilst against regulation of coding, is in favour of tighter rules on brokering, even for a more dirigiste approach. Much like Anderson, he wants to see governments put stronger controls on who brokers sell to. At the same time, however, he does not believe researchers should be limited in who they can sell to.
“Legislation needs to keep its hands out of the research world because if they don’t they are going to drive it towards the black hat world and the underground. It’ll benefit the bad guys,” he adds.
“But there has to be some sort of a body that can keep brokers in check ethically… There has to be some way to control it. It will tick off a lot of the businesses that are doing it, and I understand why, because it means they won’t get easy money anymore.”
Just the beginning
In our Star Wars analogy, few people would argue that Princess Leia and the Rebel Alliance should have practised responsible disclosure and warned the Galactic Empire of the flaw in the Death Star, instead of smuggling the plans out in secret and using them for a destructive attack.
In that case moral issues came into the picture, and the issue of marketing the flaw did not arise. Perhaps that’s because there was no market at all.
Yet in the real world. the growth of the zero-day vulnerability market seems inexorable, despite the mounting criticisms of the market, and the bad etiquette of certain players in it. If researchers can make more by selling to governments and private firms, they will increasingly look at that route before going to vendors.
It doesn’t look like the cost of zero-days has hit a peak either. David Maynor, CTO of Errata Security, certainly doesn’t think so. “Do you think the cost of conventional weapons has hit a peak? We have seen the most someone is willing to pay for a jet fighter?”
And it’s unlikely governments will wrap more red tape around the market. After all, why would they want to mitigate the rise of an industry of which they are the chief beneficiaries?
The FinFisher spyware made by U.K.- based Gamma Group likely has previously undisclosed global reach, with computers on at least five continents showing signs of being command centers that run the intrusion tool, according to cybersecurity experts.
FinFisher can secretly monitor computers — intercepting Skype calls, turning on Web cameras and recording every keystroke. It is marketed by Gamma for law enforcement and government use.
Bloomberg News reported July 25 that researchers believe they identified copies of FinFisher, following an examination of malware e-mailed to Bahraini activists. Their work, led by security researcher Morgan Marquis-Boire, was published the same day by the University of Toronto Munk School of Global Affairs’ Citizen Lab. Photographer: Jacob Kepler/Bloomberg
Research published last month based on e-mails obtained by Bloomberg News showed activists from the Persian Gulf kingdom of Bahrain were targeted by what looked like the software, sparking a hunt for further clues to the product’s deployment.
In new findings, a team, led by Claudio Guarnieri of Boston-based security risk-assessment company Rapid7, analyzed how the presumed FinFisher samples from Bahrain communicated with their command computer. They then compared those attributes with a global scan of computers on the Internet.
The survey has so far come up with what it reports as matches in Australia, the Czech Republic, Dubai, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar and the U.S.
Guarnieri, a security researcher based in Amsterdam, said that the locations aren’t proof that the governments of any of these countries use Gamma’s FinFisher. It’s possible that Gamma clients use computers based in other nations to run their FinFisher systems, he said in an interview.
‘Active Fingerprinting’
“They are simply the results of an active fingerprinting of a unique behavior associated with what is believed to be the FinFisher infrastructure,” he wrote in his report, which Rapid7 is publishing today on its blog at https://community.rapid7.com/community/infosec/blog.
The emerging picture of the commercially available spyware’s reach shines a light on the growing, global marketplace for cyber weapons with potential consequences.
“Once any malware is used in the wild, it’s typically only a matter of time before it gets used for nefarious purposes,” Guarnieri wrote in his report. “It’s impossible to keep this kind of thing under control in the long term.”
In response to questions about Guarnieri’s findings, Gamma International GmbH managing director Martin J. Muench said a global scan by third parties would not reveal servers running the FinFisher product in question, which is called FinSpy.
“The core FinSpy servers are protected with firewalls,” he said in an Aug. 4 e-mail.
Gamma International
Muench, who is based in Munich, has said his company didn’t sell FinFisher spyware to Bahrain. He said he’s investigating whether the samples used against Bahraini activists were stolen demonstration copies or were sold via a third party.
Gamma International GmbH in Germany is part of U.K.-based Gamma Group. The group also markets FinFisher through Andover, England-based Gamma International UK Ltd. Muench leads the FinFisher product portfolio.
Muench says that Gamma complies with the export regulations of the U.K., U.S. and Germany.
It was unclear which, if any, government agencies in the countries Guarnieri identified are Gamma clients.
Officials in Ethiopia’s Communications Minister, Qatar’s foreign ministry and Mongolia’s president’s office didn’t immediately return phone calls seeking comment or respond to questions. Dubai’s deputy commander of police said he has no knowledge of such programs when reached on his mobile phone.
Australia’s department of foreign affairs and trade said in an e-mailed statement it does not use FinFisher software. A spokesman at the Czech Republic’s interior ministry said he has no information of Gamma being used there, nor any knowledge of its use at other state institutions.
Violating Human Rights?
At Indonesia’s Ministry of Communications, head of public relations Gatot S. Dewa Broto said that to his knowledge the government doesn’t use that program, or ones that do similar things, because it would violate privacy and human rights in that country. The ministry got an offer to purchase a similar program about six months ago but declined, he said, unable to recall the name of the company pitching it.
The Estonian Information Systems Authority RIA has not detected any exposure to FinSpy, a spokeswoman said. Neither has Latvia’s information technologies security incident response institution, according to a technical expert there.
Bloomberg News reported July 25 that researchers believe they identified copies of FinFisher, following an examination of malware e-mailed to Bahraini activists. Their work, led by security researcher Morgan Marquis-Boire, was published the same day by the University of Toronto Munk School of Global Affairs’ Citizen Lab.
‘Hallo Steffi’
The new study builds on those findings, using the same samples of malicious software.
Guarnieri’s study found, among other things, that the Bahrain server answered anyone connecting to it with the message, “Hallo Steffi.”
The investigators then found this pattern in other computers by searching data from an Internet survey research project, Critical.IO, which has been cataloging publicly accessible computers around the world.
The researchers then developed a map that shows the location of the servers, along with their unique IP addresses on the Internet.
Gamma’s Muench said none of its server components sends out strings such as “Hallo Steffi.”
The earlier Citizen Lab research linked the malware sent to the activists to FinSpy, part of the FinFisher spyware tool kit.
The Citizen Lab research showed the malware took screen shots, intercepted voice-over-Internet calls and transmitted a record of every keystroke to a computer in Manama, the capital of Bahrain, which has been gripped by tension since a government crackdown on protests last year.
Muench said the computer found in Manama isn’t a FinFisher product. Instead, the server very likely runs custom-built software used to forward traffic between two or more other systems, he said.
Michael Perich, age 46, died on October 11, 2003. He was killed in a single-vehicle car accident. The LSU West Nile research scientist was wearing his seat belt and drowned. He was an LSU professor who helped fight the spread of the West Nile virus. Perich, who was known as one of the country’s experts on vector-borne diseases, had most recently led a crusade to keep down the effects of West Nile virus and to get many of the Louisiana’s parishes to work toward forming mosquito control districts.
Robert Shope, age 74, died January 23, 2004. He was a virus expert who warned of epidemics and died of lung transplant complications. Later it was purported he had died of Idiopathic Pulmonary Fibrosis which can be caused by either environmental stimulus or a virus. It would not be hard to administer a drug that would cause Dr. Shope’s lung transplant to either be rejected or to cause complications from the transplant. Dr. Shope led the group of scientists who had an 11 million dollar fed grant to ensure the new lab would keep in the nasty bugs. Dr. Shope also met with and worked with Dr. Mike Kiley on the UTMB Galveston lab upgrade to BSL 4. When the upgrade would be complete the lab will host the most hazardous pathogens known to man especially tropical and emerging diseases as well as bioweapons. Dr. Shope died the day before Dr. Kiley.
David W. Barry, age 58, died on January 28, 2002. He was a Scientist who co-discovered AZT, the antiviral drug that is considered the first effective treatment for AIDS. Circumstances of death are unknown.
Dr. Vladimer Pasechnik, age 64, died on December 23, 2001. He was found dead in Wiltshire, England, a village near his home. Two different dates have been reported: November 21 and December 23. Death ruled stroke. He had defected from Russia to UK. He had been the #1 scientist in the FSU’s bioweapons program. It was thought he was involved with exhuming the bodies of the 10 London victims of the 1919 Type A flu epidemic. Pasechnik died six weeks after the planned exhumations were announced.
On November 23, 2001, Pasechnik’s death was reported in the New York Times as having occurred two days earlier. Pasechnik’s death was made in the United States by Dr. Christopher Davis of Virginia, who stated that the cause of death was a stroke. Dr. Davis was the member of British intelligence who de-briefed Dr. Pasechnik at the time of his defection. Pasechnik was heavily involved in DNA sequencing research. He had just founded a company like three other microbiologists working to provide powerful alternatives to antibiotics.
Dr. Vladimir Pasechnik was the boss of William C. Patrick III who holds 5 patents on the militarized anthrax used by the United States. Patrick is now a private biowarfare consultant to the military and CIA. Patrick developed the process by which anthrax spores could be concentrated at the level of one trillion spores per gram. No other country has been able to get concentrations above 500 billion per gram. The anthrax that was sent around the eastern United States last fall was concentrated at one trillion spores per gram.
Dr. Don Wiley, age 57, vanished December 16, 2001. He was a Molecular Biologist with Howard Hughes Medical Institute, Harvard University, top Deadly Contagious Virus expert, abandoned rental car was found on the Hernando de Soto Bridge outside Memphis, TN. He was heavily involved in research on DNA sequencing, and was last seen at around midnight on November 16, leaving the St. Jude’s Children’s Research Advisory Dinner at The Peabody Hotel in Memphis, TN. Associates attending the dinner said he showed no signs of intoxication, and no one has admitted to drinking with him. Body found floating one month later.
Workers at a hydroelectric plant in Louisiana found the body of Don Wiley on Thursday, about 300 miles south of where the molecular biologist was last seen on Nov. 18 at a medical meeting in Memphis. On January 14, 2002 (almost two months later) Shelby County Medical Examiner O.C. Smith announced that his department had ruled Dr. Wiley’s death to be “accidental”; the result of massive injuries suffered in a fall from the Hernando de Soto Bridge. Smith said there were paint marks on Wiley’s rental car similar to the paint used on construction signs on the bridge, and that the car’s right front hubcap was missing. There has been no report as to which construction signs Dr. Wiley hit.
Elizabeth A. Rich, M.D., age 46, died on July 10, 1998 in a traffic accident while visiting family in Tennessee. She was an associate professor with tenure in the pulmonary division of the Department of Medicine at CWRU and University Hospitals of Cleveland. She was also a member of the executive committee for the Center for AIDS Research and directed the Bio-Safety level 3 facility, a specialized laboratory for the handling of HIV, virulent TB bacteria, and other infectious agents.
Elizabeth A. Rich, M.D., age 46, died on July 10, 1998 in a traffic accident while visiting family in Tennessee. She was an associate professor with tenure in the pulmonary division of the Department of Medicine at CWRU and University Hospitals of Cleveland. She was also a member of the executive committee for the Center for AIDS Research and directed the Bio-Safety level 3 facility, a specialized laboratory for the handling of HIV, virulent TB bacteria, and other infectious agents.Elizabeth A. Rich, M.D., age 46, died on July 10, 1998 in a traffic accident while visiting family in Tennessee. She was an associate professor with tenure in the pulmonary division of the Department of Medicine at CWRU and University Hospitals of Cleveland. She was also a member of the executive committee for the Center for AIDS Research and directed the Bio-Safety level 3 facility, a specialized laboratory for the handling of HIV, virulent TB bacteria, and other infectious agents.
Elizabeth A. Rich, M.D., age 46, died on July 10, 1998 in a traffic accident while visiting family in Tennessee. She was an associate professor with tenure in the pulmonary division of the Department of Medicine at CWRU and University Hospitals of Cleveland. She was also a member of the executive committee for the Center for AIDS Research and directed the Bio-Safety level 3 facility, a specialized laboratory for the handling of HIV, virulent TB bacteria, and other infectious agents.
Elizabeth A. Rich, M.D., age 46, died on July 10, 1998 in a traffic accident while visiting family in Tennessee. She was an associate professor with tenure in the pulmonary division of the Department of Medicine at CWRU and University Hospitals of Cleveland. She was also a member of the executive committee for the Center for AIDS Research and directed the Bio-Safety level 3 facility, a specialized laboratory for the handling of HIV, virulent TB bacteria, and other infectious agents.Elizabeth A. Rich, M.D., age 46, died on July 10, 1998 in a traffic accident while visiting family in Tennessee. She was an associate professor with tenure in the pulmonary division of the Department of Medicine at CWRU and University Hospitals of Cleveland. She was also a member of the executive committee for the Center for AIDS Research and directed the Bio-Safety level 3 facility, a specialized laboratory for the handling of HIV, virulent TB bacteria, and other infectious agents.
But whilst zero-day dealers have been lashing out at critics, the market is prone to infighting too. Unlike the traditional security market, where anti-virus vendors at least ostensibly work closely with one another and willingly share threat information, exploit dealers are considerably more antagonistic.
