[cryptome] Re: How reliable is this new Detekt?

  • From: doug <douglasrankine2001@xxxxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Sat, 22 Nov 2014 13:41:03 +0000

Electronic Frontier Foundations says roughly the same on url: *http://tinyurl.com/khbsj9z

*Quote<<< November 20, 2014 | By Eva Galperin <https://www.eff.org/about/staff/eva-galperin>

   Detekt: A New Malware Detection Tool That Can Expose Illegitimate
   State Surveillance

Recent years have seen a boom in the adoption of surveillance technology by governments around the world, including spyware that provides its purchasers the unchecked ability to target remote Internet users' computers, to read their personal emails, listen in on private audio calls, record keystrokes and passwords, and remotely activate their computer’s camera or microphone. EFF, together with Amnesty International, Digitale Gesellschaft, and Privacy International have all had experience assisting journalists and activists who have faced the illegitimate use of such software in defiance of accepted international human rights law.

Software like this is designed to evade detection by its victims. That's why we've joined together to support Detekt <https://resistsurveillance.org/>, a new malware detection tool developed by security researcher Claudio Guarnieri. Detekt is an easy-to-use, open source tool that allows users to check their Windows PCs for signs of infection by surveillance malware that we know is being used <https://resistsurveillance.org/reports.html> by government to spy on activists and journalists.

Some of the software used by states against innocent citizens is widely available on the Internet, while more sophisticated alternatives are made and sold by private companies and sold to governments everywhere from the United States and Europe to Ethiopia and Vietnam.

Detekt makes it easy for at-risk users to check their PCs for possible infection by this spyware, which often goes undetected by existing commercial anti-virus products.

Because Detekt is a best-effort tool and spyware companies make frequent changes to their software to avoid detection, users should keep in mind that Detekt cannot conclusively guarantee that your computer is not compromised by the spyware it aims to detect. However, we hope that the availability of this tool will help us to detect some ongoing infections, provide advice to infected users, and contribute to the debate around curbing the use of government spyware in countries where it is linked to human rights abuses.

We hope that members of the open source and information security communities will contribute <https://github.com/botherder/detekt> to this important project.

>>>end of quote.

It is more of a public awareness campaign, rather than a definitive answer to discovery of being spied on by the security services. Doesn't mention the Chinese. Very few mention the Chinese I have noticed. The FSB and the Mossad rarer still, and the Arab dictatorships and Muslim states rarely get a mention. Maybe it is because they don't spy, or perhaps it is because they are extremely ethical, or perhaps it is presumed that they don't have the technologies or the skills, or perhaps they just keep very quiet, holding their heads under the parapet. This protection of democracy through surveillance stuff all appears very American and western biassed.

Remember, if you decide to download and use Detekt...to sign up for the updates, the usual, email addy and so on...you never know...it is, after all free and open source, and you might just discover that you are a target of operations, of all or any one of them...

And....What will you do then... :-). We all want the truth, but the truth can be like dying...is it better not to have known in the first place...:-).

When will we get anti-spyware and anti-malware that stops us all from being googlerized, twittered and facebooked?
P.S. It doesn't apply to Linux as yet...Doesn't Linux need such a thing?

On 22/11/14 02:40, doug wrote:

Apparently, according to the Amnesty international website...see url: *http://tinyurl.com/m75y3pr*. (Watch out for the cookies:-)) it is good for raising awareness of security issues, but there are no gaurantees that by using it, it will discover spyware or malware, state or private. Still, it is free...and of course if one visits the website and download it, then that action becomes a matter of public record....It sort of hints that it might detect "Finspy", but on closer reading...it misleads. It also says that it can uncover some commonly used spyware on a computer, but it can't detect all. it is hoping that all those nice geeky people out there are going to give up their time, making it better so that Amnesty International will get all the credit when a new, sooper dooper version is put together. Still, it is open source and free...


*Has anyone used Detekt successfully to know if they were being spied on?*

Detekt was developed by researchers affiliated with the Citizen Lab, who used a preliminary version of the tool during the course of their investigations into the use of unlawful surveillance equipment against human rights defenders in various countries around the world.

For example, according to research carried out by Citizen Lab and information published by Wikileaks, FinSpy – a spyware developed by FinFisher, a German firm that used to be part of UK-based Gamma International-- was used to spy on prominent human rights lawyers and activists in Bahrain.

*How effective is this tool against technologies developed by powerful companies? *

Detekt is a very useful tool that can uncover the presence of some commonly used spyware on a computer, however it cannot detect all surveillance software. In addition, companies that develop the spyware will probably react fast to update their products to ensure they avoid detection.

This is why we are encouraging security researchers in the open-source community to help the organizations behind this project to identify additional spyware or new versions to help Detekt keep up to date. Contact information is available here.

It is important to underline that if Detekt does not find trace of spyware on a computer, it does not necessarily mean that none is present. Rather than provide a conclusive guarantee to activists that their computer is infected, our hope is that Detekt will help raise awareness of the use of such spyware by governments and will make activists more vigilant to this threat.

In addition, by raising awareness with governments and the public, we will be increasing pressure for more stringent export controls to ensure that such spyware is not sold to governments who are known to use these technologies to commit human rights violations.>>>End quote.


On 21/11/14 22:02, Aftermath wrote:
I feel that this software is hype.

What special detection does it offer over other common AV solutions? It only detects several known threats, rather than thousands offered by other AV products. I dont get what the big deal is about this software

On Fri, Nov 21, 2014 at 1:53 PM, Shaun O'Connor <capricorn8159@xxxxxxxxx <mailto:capricorn8159@xxxxxxxxx>> wrote:

    currently testing Detekt. however for it to be any good at what
    it claims to do it will need massive work and most likely VERY
    regular upgrades... therein lies the snag. Detekt itself will
    likely be prone to compromise ( if it hasn't been compromised

    On 21/11/2014 21:07, John Young wrote:
    We used it last night. It found no malware. It cautioned if
    still suspicious
    have an expert check the machine.

    So what Detekt left on our machine is yet to be spied. Rummaged
    through our prison-grade secrets for two hours. In closing, it
    a sign: "You been pwnd by Amnesty and EFF. Edward Snowden."

    At 03:28 PM 11/21/2014, you wrote:




Other related posts: