CYBERJAYA- MCMC is investigating the news report issued by local online news portal, The Malaysia Insider, at around 3:00 pm yesterday with the headline stating “Malaysia Uses Spyware against Own Citizens, NYT Reports”.
MCMC would like to state that this report is speculative and ill- researched. The online portal appears to have failed to verify the veracity of the report from the New York Times, nor checked the facts which are available online and had made its own conclusions on the matter.
An excerpt from the full report by The Citizen Lab, an interdisciplinary laboratory based at the University of Toronto, Canada (https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global- proliferation-2/) states that the discovery of the FinSpy C+C server in a given country cannot conclusively indicate that the country is using the FinSpy on its citizens.
The report added, “Importantly, we believe that our list of servers is incomplete due to the large diversity of ports used by FinSpy servers, as well as other efforts at concealment. Moreover, discovery of a FinSpy command and control server in a given country is not a sufficient indicator to conclude the use of FinFisher by that country’s law enforcement or intelligence agencies. In some cases, servers were found running on facilities provided by commercial hosting providers that could have been purchased by actors from any country.”
A further report from another group of researchers based in the U.S.A., Rapid7 Community, also gave similar comments: (https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher)
“Please note: we are not able to determine whether they're actually being used by any government agency, if they are operated by local people or if they are completely unrelated at all: they are simply the results of an active fingerprinting of a unique behaviour associated with what is believed to be the FinFisher infrastructure. Our guess is that part of the identified C&Cs are acting as proxies.”
Additionally, a recent news report released by the Associated Press supported Citizen Lab's findings: (http://bigstory.ap.org/article/researchers-find- german-made-spyware-across-globe)
“Citizen Lab, based at the University of Toronto's Munk School of Global Affairs, said that Canada, Mexico, Bangladesh, Malaysia, Serbia, and Vietnam were among the host countries newly identified in Wednesday's report. That alone doesn't necessarily mean those countries' governments are using FinFisher, a program distributed by British company Gamma International, but it is an indication of the spyware's reach.”
MCMC has also conducted a review of currently available information and we have found that the server that is allegedly hosted in Malaysia also has similar Internet Protocol (IP) addresses linked to a commercial webhosting company called GPLHost which has similar IP hosting in Australia, Singapore and the United States. We have also found that the server that is claimed to be in Malaysia appears to be registered to a company called Iusacell PCS. Further checking of Iusacell PCS indicates that it could be a Mexican mobile operator.
At this stage of the investigations, MCMC would like to remind the public not to simply believe everything that they read online and to verify all the information that they receive before forming any views or conclusions on the issue. The public is also reminded that the posting of false information constitutes an offence under Section 211 of the Communications and Multimedia Act 1998 and upon conviction, can be fined for a sum not exceeding RM50,000 or imprisonment for a term not exceeding one year.
-- Bernama
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.