Spyware servers in South Africa: the plot thickens

The SA government disavows command & control servers for FinFisher spyware, while Telkom reveals interesting information about the IP addresses they occupied

By - May 14, 2013
Hacker spyware virus

The Telkom IP addresses identified by Citizen Lab as command & control servers for the FinFisher spyware are part of the general dynamic pool assigned to ADSL users, a Telkom spokesperson recently told MyBroadband.

FinFisher made headlines recently when a Citizen Lab report detailed how the spyware suite was used against political dissidents in Bahrain and Malaysia.

It also drew attention when Mozilla said on its blog that it had sent a cease-and-desist notice to the creators of FinFisher (Gamma International) after the report revealed how the client software of the spyware suite, FinSpy, masqueraded as Firefox to evade detection.

In its report, Citizen Lab also said that it had found two FinFisher command & control servers in South Africa, both of which were on the Telkom network.

Dynamic IPs and court orders

Upon further inquiry, Citizen Lab revealed the full IP addresses they had found, which Telkom was then able to determine fell squarely in its pool of dynamically allocated addresses.

“These IP addresses are randomly assigned when ADSL users initiate an Internet session,” a Telkom spokesperson explained to MyBroadband. “The ADSL customers need not be direct customers of Telkom either; they could be accessing the internet via ADSL services acquired through other licensed operators that retail ADSL.”

Dominic White, an information security expert, explained that since the addresses are dynamic, Telkom would need the date and time the servers were detected before they could say which customer it was.

It is further understood that Telkom, just like any other South African company that deals with people’s personal data, would not be able to release this private information without a relevant court order.

White said that without further information it is not possible to rule out any possibilities for the presence of FinFisher in South Africa.

“If this is government or military run, it would make sense for them to ‘hide’ in consumer IP space, but it still doesn’t give us any idea about the owners or their targets,” White said.

Wisani Ngobeni

Wisani Ngobeni, spokesperson for the Department of Communications

FinFisher in SA: government responds

When asked for comment, the South African Police Service (SAPS) directed our queries to the State Security Agency (SSA), who in turn pointed us to the Department of Communications (DoC).

The spokesperson for the SSA said that it is the agency’s policy to neither confirm nor deny anything that might reveal information about its capabilities.

According to the SSA, questions pertaining to FinFisher are best addressed by the DoC, though the spokesperson for the agency explained that it would not procure such information gathering software through the DoC.

Asked about the discovery of FinFisher C&C servers in South Africa, the spokesperson for DoC told MyBroadband that it did not buy the spyware suite.

Government spyware servers in South Africa: Telkom, Govt mum

Dictators used SA surveillance equipment: WikiLeaks

German-made spy software invades global systems: research

Who can spy on your Internet browsing?

Security forecast for 2013

Forum discussion

Shutterstock is the image partner of MyBroadband – more technology images

Join the conversation

Connect with Us

androidappletwitterfacebookgoogleplusfeednewsletter

Poll

What is the most important aspect of a mobile service to you?

View Results

Loading ... Loading ...

More News

Most pirated movies on BitTorrent

Pirate flag loading screen (Black Flag site)

Furious 7, Interstellar, and Taken 3 hold onto the top 3 spots in TorrentFreak’s most pirated movies on BitTorrent chart.

We don’t care how cute your baby is, get it off Facebook

Baby

A group of Facebook “friends” have had enough of a new mother continually posting photos of her child on the social medial platform.

Govt officials could face charges for lying

Parliament

A new proposed Parliamentary rule could see government officials caught lying to Parliament facing disciplinary action and possible criminal charges.

Hlaudi Motsoeneng has cost SABC R1.1 billion: report

Hlaudi Motsoeneng

SABC chief operating officer Hlaudi Motsoeneng is hiding the public broadcaster’s financial troubles from Parliament in a bid to keep his job.

X

Newsletter Subscription


Name
Email *
Enter the following to confirm your subscription *
Captcha image


Free MyBroadband Newsletter
Subscribe
X
bool(true)