Researchers Develop Detekt, Anti Malware Tool Designed to Detect Surveillance Spyware
Human rights experts and privacy activists have launched a free tool allowing users to scan their computers for government surveillance spyware, malicious programs designed by federal agencies to spy on human rights organizations, journalists and researchers around the world.
The latest anti-surveillance tool dubbed, Detekt, is a free open source application designed in part with a number of partners such as Amnesty International, The Electronic Frontier Foundation (EFF), Digitalle Gesellschaft, and Privacy International took a step in hopes of combating government surveillance.
The recent leak of government documents disclosed by former NSA contractor and whistleblower, Edward Snowden, document the global surveillance carried out by the United States National Security Agency (NSA), and the outlandish steps the agency is willing to take to track anyone, innocent or believed guilty. Detekt’s operation is in hopes of stopping NSA-laced applications from intruding on your computer systems, letting users know if their devices have been infected with any form of such spyware.
Detekt was built in part with security researcher Claudio Guarnieri, a hacker who has spent countless hours investigating government surveillance and their abuse of spyware for years, alongside other researchers at the University of Toronto’s Citizen Lab.
Claudio Guarnieri explained how he ran into the idea during a discussion on Twitter about the tool, “it was intended as a triaging utility for human rights workers traveling around. It is not an AV [Anti-Virus].”
Through hundreds of hours of research on Detekt scanning tool, Guarnieri and his team discovered the tool could in fact detect common government spyware. In one example, Guarnieri cites the Bahraini government’s abuse of the tool Finspy, widely popular surveillance spyware developed by German security firm FinFisher. FinSpy has been caught being used by government agencies around the world including Australia, Belgium, Netherlands, Italy, Pakistan among countless other nations. FinSpy has the ability to monitor and intercept all communications in and out of the computer, including capturing Skype conversations, tapping into the webcam to watch live video or take screenshots, record audio from the computer, capture emails, and extract data from the hard drive.
Guarnieri and his colleagues also found the Ethiopian government to have spied on journalists and activists through the United States and Europe, using software from another commercial spyware company called Hacking Team, which his tool was also able to detect.
“Governments are increasingly using dangerous and sophisticated technology that allows them to read activists and journalists’ private emails and remotely turn on their computer’s camera or microphone to secretly record their activities,” said Amnesty head of military, security and police Marek Marczynski in a statement. “They use the technology in a cowardly attempt to prevent abuses from being exposed.”
Detekt is a simple and free tool that will thwart government intrusions or notify the end user in case of an infection so they can take proper action. “It represents a strike back against governments who are using information obtained through surveillance to arbitrarily detain, illegally arrest and even torture human rights defenders and journalists.”
Detekt is a software currently designed for Windows-based machines, allowing users to scan their machines for known surveillance tools Guarnieri insists are used for the illegal monitoring of human rights activists and journalists across the globe.
“In the beginning when I started working on this, I was mostly interested in the pure technical aspect of it. And to be honest, I’m not really interested in the technical aspect of it anymore,” Guarnieri told Threatpost. “The interesting part is seeing the social and political context of this and also the human aspect of this. Learning how these kinds of attacks and this kind of surveillance could affect people individually is really interesting.”
Detekt is a detection software Guarnieri has been personally testing for some time, helping victims scan their Windows machines for certain spyware known families. The Python detection tool scans memory traces and can detect malware such as BlackShades, DarkComet, Gh0st, njRAT, Xtreme, ShadowTech, FinFisher toolkit, FinSpy, and HackingTeam RCS.
“If Detekt does not find anything, this unfortunately cannot be considered a clean bill of health,” Detekt’s ReadMe included in the download warns.
Guarnieri’s software can help make you aware in the presence of spyware, but is not 100 percent effective, as it cannot detect all types of spyware, and governments commonly update their infection tactics. Guarnieri, human rights activists, and journalists are urging developers and hackers to help improve the toolkit and contribute to the project.
Download Detekt at ResistSurveillance.org.