Hacking Team and Gamma International in 'business-to-government malware'

Sergey Golovanov Kaspersky Lab
Denis Maslennikov Kaspersky Lab

  download slides (PDF)

FinFisher, a.k.a. FinSpy, is a spying complex for various platforms developed by a British company called Gamma International. The company is based in Andover, UK, and according to their website they are focused on creating remote monitoring solutions for various governmental institutes.

Da Vinci can be dubbed in the same way: a multi-platform spying complex. It is developed and supported by an Italian company based in Milan called Hacking Team. According to their website they are focused on providing offensive technologies to different law enforcement agencies and intelligence communities.

Between them, Gamma International and Hacking Team have already developed and sold to third parties a number of backdoors and spying tools for different platforms like Windows, Mac OS X, Windows Mobile, Android, Blackberry and others. All the samples we've seen so far would be classified as malicious from an AV vendor point of view: they work silently and leave almost no traces; they are able to steal a lot of types of personal information; they can receive commands and execute them; they are signed by trusted certificates or have an ability to self-propagate; there is no EULA shown before, during or after 'installation' :-)

This presentation will cover all known and unknown details about different versions of Da Vinci and FinSpy. We will expose all similarities and differences between them. We will also discuss the question of the 'business-to-government' malware market, which has become a reality in 2012 and continues to be discussed in 2013. If you like IDA screenshots, black consoles, maps and photos, then this paper and presentation is for you!

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.