# | eng | mlg |
---|
1 | Massive Leak Opens New Investigation of FinFisher Surveillance Tools in Pakistan | Poritsaka Goavana Nahatonga Fanadihadiana Vaovao Amin'ny Fitaovam-Pitsikilovan'i FinFisher Miasa Ao Pakistan |
2 | Screen capture of FinFisher homepage. | Pikantsarin'ny pejy fandraisan'i FinFisher. |
3 | Written by Sohail Abid, Digital Rights Foundation. | Nosoratan'i Sohail Abid, Digital Rights Foundation. |
4 | The original version of this post was published on the Digital Rights Foundation website. | Ny ôrizinalin'ity lahatsoratra ity dia navoaka ao amin'ny habaky ny Digital Rights Foundation. |
5 | An unknown technical expert hacked into the servers of FinFisher, the notorious surveillance software maker, earlier this month. | Nisy manampahaizana manokana momba ny teknolojia iray tsy fantatra anarana nisovoka tao amin'ny lohamilin'ny FinFisher, ilay mpanao rindrambaiko malaza amin'ny fitsikilovana, tamin'ny fiandohan'ity volana ity. |
6 | The hacker(s) captured all the data they could find on the server and leaked it as a torrent. | Nadikan'ilay mpisovoka avokoa ny ango-tahiry rehetra hitany tao amin'ny lohamilina ary navoakany tamin'ny endrika torrent. |
7 | The 40Gb torrent contains the entire FinFisher support portal including correspondence between customers and the company staff. It also contains all the software that the company sells, as well as the accompanying documentation and release material. | Hita ao amin'ity torrent manana hadiry 40Go ity avokoa ny ango-tahiry rehetra eo amin'ny vavahadim-pifandraisan'i FinFisher amin'ny hafa ka ao anatin'izany ny fifanoratana eo amin'ny mpanjifa sy ny mpiasan'ny orinasa. |
8 | Last year, security researchers uncovered evidence that there are two command and control servers inside Pakistan. | Hita ao ihany koa ny rindrambaiko rehetra amidin'ny orinasa, miaraka amin'ny tahirin-kevitra fampafantarana sy ny fitaovam-pampidirana azy anaty solosaina. |
9 | Part of the UK-based corporation Gamma International, FinFisher is a company that sells a host of surveillance and monitoring software to government departments. | Tamin'ny herintaona dia tafavoakan'ny mpanao fikarohana momba ny fiarovana ny porofo fa misy lohamilina mpibaiko sy mpanaramaso roa miasa ao Pakistan. |
10 | The primary software, FinSpy, is used to remotely access and control the computers or mobile phones belonging to individuals being spied upon. | Ratsa-mangaikan'ilay vondron'orinasa miorina ao Angletera antsoina hoe Gamma International ny FinFisher izay orinasa mivarotra amin'ny sampan-draharaham-panjakana rindrambaiko fanaraha-maso sy fitsikilovana. |
11 | The company offers several methods to install FinSpy, which range from a simple USB that can infect a computer to attaching the malicious software to legitimate files so that it can infect a computer when files are downloaded. | Ny rindrambaiko fototra, FinSpy, dia ampiasaina ahafahana miditra avy lavitra sy manara-maso solosaina na findain'olona tiana hotsikilovina. Manolotra fomba maro ahafahana mampiditra FinSpy ny orinasa, izay miainga amin'ny lakile USB tsotra mitondra rindrambaikom-pitsikilovana ho toy ny dosie ara-dalàna ka mamindra azy amin'ny solosaina iray rehefa misy ny fitrohana dosie. |
12 | The FinFisher toolset is designed to give the people buying these software access to emails, web browsing history, and any other activity performed by the “targets”, their term for those who are being spied upon. | Ny karazam-pitaovana FinFisher dia namboarina hanome alalana ny olona mividy ireny rindrambaiko ireo hiditra amin'ny imailaka, ny zotram-pivezivezena (historique) an'aterineto ary izay rehetra nataon'ireo “lasibatra”, voambolana ilazana ireo olona tsikilovina. |
13 | Screen capture of FinFisher license page. | Pikantsarin'ny pejin'ny lisansa (fahazoan-dalana) avoakan'ny FinFisher. |
14 | “For Their Eyes Only,” Citizen Lab. | “Amin'ny masony ihany,” Citizen Lab. |
15 | Apparently, yes. | Eny ny valiny raha tarafina. |
16 | University of Toronto-based research group Citizen Lab released a report last year identifying two FinFisher command and control servers on the network of the Pakistan Telecommunications Company (PTCL), the country's leading Internet service provider. | Ny vondrona mpikaroka ao amin'ny Oniversiten'i Toronto Citizen Lab no namoaka tatitra tamin'ny herintaona nahatsikaritra lohamilina mpibaiko sy mpanara-maso FinFisher roa ao amin'ny tambajotran'ny Orinasam-pifandraisandavitra (PTCL), orinasan-draharaham-panomezana aterineto lehibe indrindra ao amin'ny firenena. |
17 | But this recent leak gives us a more complete and conclusive picture. | Fa ity poritsaka vao haingana ity no manome antsika fampafantarana feno sy azo hakana tsoa-kevitra kokoa. |
18 | The leaked support portal tells us that someone from Pakistan in fact licensed three software from FinFisher for a period of three years. | Ny tahirin-kevitra niporitsaka teo amin'ny vavahadim-pandraisana no milaza amintsika fa nisy avy ao Pakistan nahazo lisansa rindrambaiko telo avy amin'ny FinFisher mandritra ny telo taona. |
19 | The systems Citizen Lab identified were probably the computers hosting the FinSpy server program and were merely using a PTCL Internet connection. | Angamba ireo solosaina mampiantrano ny FinSpay mampiasa ny aterineton'ny PTCL ireo rafitra tsikaritry ny Citizen Lab ireo. |
20 | We have reason to believe that PTCL was not involved. | Manana antony izahay ilazana fa tsy tafiditra amin'ity raharaha ity ny PTCL. |
21 | If not PTCL, then who? | Ka rehefa tsy ny PTCL, dia iza? |
22 | It could be anyone but FinFisher only sells these software to government and spy agencies - thus, it was most likely one of the many intelligence agencies operating within the Pakistani government. | Mety ho azo tondroina daholo saingy tsy mivarotra ny rindrambaikony afa-tsy amin'ny governemanta sy ny sampam-pitsikilovana ihany ny FinFisher - ka izay no ahafahana milaza fa iray amin'ireo sampam-pitsikilovana maro misy ao amin'ny governemanta pakistaney no mampiasa azy. |
23 | We have extracted from the FinFisher support portal a request for technical support sent to the company by a person (referred to as “Customer 32”) in Pakistan, who complains that their problems are not being addressed through Skype. | Nanatsoaka tahirin-kevitra avy ao amin'ny vavahadim-pandraisan'ny FinFisher ahitana ny fangatahan'olona iray (notondroina ho “Mpanjifa 32″) ao Pakistan tamin'ny orinasa izahay, mpanjifa nitaraina fa tsy voavaha tamin'ny alalan'ny Skype ny olan-dry zareo. |
24 | We presume Skype was the primary way FinFisher provided technical support to its customers. | Azonay vinaniana amin'izany fa ny Skype no lalana voalohany hanampian'ny FinFisher ara-teknika ny mpanjifany. |
25 | Screen capture of FinFisher support request message. | Pikantsarin'ny hafatra fangatahana fanampiana ara-teknikan'i FinFisher. |
26 | Working from this clue, we looked further into the purchase history of Customer 32 and their correspondence with FinFisher staff and found out that they have licensed not one but three software products from the spy software maker. | Raha niainga avy amin'io angom-baovao io izahay dia nijery lalindalina kokoa izay novidian'i Mpanjifa 32 sy ny taratasim-pifandraisany tamin'ny ekipan'ny FinFisher ary nahita fa tsy iray ihany fa telo ny rindrambaikom-pitsikilovana novidiany. |
27 | The primary software, FinSpy, is used to target people who “change location, use encrypted and anonymous communication channels and reside in foreign countries.” | Ny rindrambaiko voalohany, FinSpy, dia nampiasaina hijerena ireo olona “mifindrafindra monina, mampiasa fifandraisana miafina sy sora-miafina ary monina any amin'ny firenena ivelany.” |
28 | After FinSpy is installed on a computer or a mobile phone, it can be-according to the product brochure-“remotely controlled and accessed as soon as it is connected to the internet/network.” | Rehefa tafapetraka ao amin'ny solosaina iray na amin'ny finday iray ny FinSpy, araka ny bokikely momba ny vokatra, dia “afa-manaramaso sy miditra ao aminy isaky ny miditra aterineto na tambajotra”. |
29 | In addition to FinSpy, Customer 32 also purchased another software called FinIntrusionKit to hack into hotel, airport, and other wifi networks to catch “close-by WLAN devices and records traffic and passwords”, extract “usernames and passwords (even for TLS/SSL encrypted sessions),” and “capture SSL encrypted data like webmail, video portals, online banking and more.” | Ankoatra ny FinSpy, ilay Customer 32 dia nividy rindrambaiko iray hafa ihany koa antsoina hoe FinIntrusionKit ahafahana mitsofoka amin'ny alalan'ny tambajotra wifi-n'ny hotely, seranam-piaramanidina na hafa “amin'ireo fitaovana mampiasa WLAN eo akaiky sy mandrakitra ny fifamoivoizan-tserasera sy tenimiafina”, mitrandraka “solonanarana sy tenimiafina (eny fa na dia amin'ireo sehatra mitondra sora-miafina TLS/SSL aza),” ary “manapika sary SSL ireo tahirin-kevitra voaafin-tsoratra tahaka webmail, vavahadin-dahatsary, tahirinkevitra an-tseraseran'ny banky ary maro hafa koa.” |
30 | The third software product is built to infect USB devices so that whoever uses them becomes a target of surveillance. | Ny rindram-baiko fahatelo dia miorina amin'ny fitaovana USB efa mitondra ilay rindrambaiko fa izay rehetra mampiasa azy dia lasa voatsikilo an-tserasera avokoa. |
31 | Screen capture of FinFisher support request response. | Screen capture of FinFisher support request response. |
32 | From the support requestss filed by Customer 32, we also learned that whoever in Pakistan purchased FinFisher used it, for instance, to infect harmless MS office documents, particularly PowerPoint files. | Avy amin'ny fitarainana nofenoin'ilay Mpanjifa 32, dia hitanay ihany koa fa na iza na iza ilay ao Pakistan mividy FinFisher, ohatra, dia mampiasa azy ny antontan-kevitra MS office hitsikilovana, indrindra fa ny dosie PowerPoint. |
33 | The person then sent the files to people they wanted to spy on. | Alefan'ilay olona any amin'izay tiany hitsikilovana avy eo ilay dosie. |
34 | When the unsuspecting recipients opened the infected files,their computers were automatically put under constant surveillance, with all details of their emails, chats, and other activity being sent back to Customer 32. | Rehefa manokatra ireo antontan-kevitra mitondra FinFisher ireo tsy amin'ahiahy avy eo ny lasibatra dia lasa voaara-maso ho azy, amin'ny antsipirihan'ny mailaka, karajia, ary ireo zavatra hafa rehetra ataony izy ary miverina any amin'ny Mpanjifa 32 ireo antsipirihan-javatra rehetra ireo. |
35 | Customer 32 also used FinFisher to covertly steal files from “target” computers. | Mampiasa ny FinFisher ihany koa ny Mpanjifa 32 hangalarana milamina ny dosie ao amin'ny solosainan'ireo “lasibatra”. |
36 | All the files of those who were targeted were readily available but Customer 32 wanted more, as outlined in another request for support, which read: “the agent be able to select files to download even when the target is offline and whenever the target comes online, those selected files may be downloaded without the interaction required from user.” | Ny dosien'ireo lasibatra dia azon'ny Mpanjifa 32 vakiana avokoa saingy mbola mitady zavatra hafa maro kokoa i Mpanjifa, araka ny asongadin'ny fangatahana ho fanampiana azy ara-teknika, izay mivaky toy izao: “ahafahan'ny mpiasa mifantina ny dosie hotrohina na dia tsy miserasera aza ny lasibatra, ireo dosie ireo dia azo trohina tsy misy fihetsika idiran'ilay mpiserasera.” |
37 | While we know that FinFisher is deployed in Pakistan, many questions remain unanswered. | Raha fantatsika ary fa miasa ao Pakistan ny FinFisher, dia maro ny fanontaniana tsy voavaly. |
38 | As citizens of a democratic state, it is our right to know who is using surveillance software in Pakistan, how much public money is being spent on these licenses, and what laws and regulations are being followed for deploying these software tools. | Amin'ny mahaolompirenena ao anaty fanjakana demokratika antsika,dia zontsika ny mahalala hoe iza no mampiasa rindrambaikom-pitsikilovana ao Pakistan, ohatrinona ny volam-bahoaka lany nahazoana ireo lisansa ireo, ary inona ny lalàna sy fitsipika narahina hametrahana ireo fitaovana rindrambaiko ireo. |
39 | Sohail Abid researches security, surveillance, and censorship issues for Digital Rights Foundation. | Sohail Abid dia manao fikarohana momba ny olana ateraky ny fiarovana, fitsikilovana ary ny sivana ao amin'ny Digital Rights Foundation. |
40 | Before joining DRF, he was CTO at Jumpshare, a file sharing startup from Pakistan. | Mialoha ny nidirany tao amin'ny DRF, dia tompon'andraikitra ara-teknika ao amin'ny Jumpshare, orinasa kely (startup) mpizara dosie avy ao Pakistana izy. |