{"id":1518,"date":"2014-10-03T14:10:25","date_gmt":"2014-10-03T14:10:25","guid":{"rendered":"http:\/\/nethemba.com\/cs\/je-mozne-sa-chranit-voci-finfisher-spehovaniu\/"},"modified":"2014-10-03T14:10:25","modified_gmt":"2014-10-03T14:10:25","slug":"je-mozne-sa-chranit-voci-finfisher-spehovaniu","status":"publish","type":"post","link":"https:\/\/nethemba.com\/cs\/je-mozne-sa-chranit-voci-finfisher-spehovaniu\/","title":{"rendered":"Je mo\u017en\u00e9 sa chr\u00e1ni\u0165 vo\u010di (FinFisher) \u0161pehovaniu?"},"content":{"rendered":"

D\u0148a 15.9.2014 Wikileaks zverejnili inform\u00e1ciu o tom, \u017ee Slovensk\u00e1 Republika nak\u00fapila 39 licenci\u00ed softv\u00e9ru FinFisher<\/a> v sume viac ako 5 mili\u00f3nov EUR. FinFisher vyv\u00edjan\u00fd spolo\u010dnos\u0165ou Gamma International je vyu\u017e\u00edvan\u00fd totalitn\u00fdmi vl\u00e1dami r\u00f4znych kraj\u00edn na \u0161pehovanie a monitorovanie disidentov. Ide o extr\u00e9mne \u00fa\u010dinn\u00fd softv\u00e9r, lebo vyu\u017e\u00edva tzv. 0-day zranite\u013enosti na ktor\u00e9 e\u0161te neexistuj\u00fa \u00fa\u010dinn\u00e9 bezpe\u010dnostn\u00e9 z\u00e1platy.<\/p>\n

Pod\u013ea zverejnen\u00fdch inform\u00e1ci\u00ed („support cases“), ktor\u00e9 s\u00fa v \u010de\u0161tine, nie je \u00faplne jasn\u00e9, \u010di dan\u00fd softv\u00e9r nak\u00fapila Slovensk\u00e1 alebo \u010cesk\u00e1 republika. Pred p\u00e1r d\u0148ami som kontaktoval Wikileaks, aby t\u00fato inform\u00e1ciu viac upresnili, zatia\u013e sa ale nevyjadrili. \u010cesk\u00e1 vl\u00e1da sa k uveden\u00e9mu n\u00e1kupu zatia\u013e v\u00f4bec nevyjdarila, \u00darad vl\u00e1dy SR komentoval cel\u00fd incident slovami<\/a>:<\/p>\n

Vo v\u0161eobecnosti nekomentujeme inform\u00e1cie Wikileaks, lebo maj\u00fa kvalitu na \u00farovni „jedna pani povedala“.<\/em><\/p>\n

Na mieste je ot\u00e1zka, \u010di ver\u00edte viac \u00daradu vl\u00e1dy SR alebo (relat\u00edvne reputovan\u00e9mu) Wikileaks.<\/p>\n

Ak uveden\u00fd software nakupovala slovensk\u00e1 SIS alebo \u010desk\u00e1 BIS, tak je tie\u017e nemo\u017en\u00e9 vyu\u017ei\u0165 infoz\u00e1kon a z poh\u013eadu ob\u010dana zisti\u0165, \u010di nie\u010do tak\u00e9 bolo vl\u00e1dou skuto\u010dne zak\u00fapen\u00e9 alebo nie. N\u00e1kupy t\u00fdchto organiz\u00e1ci\u00ed s\u00fa toti\u017e \u00faplne netransparentn\u00e9 a podliehaj\u00fa utajeniu.<\/p>\n

Z\u00e1kernos\u0165 programu FinFisher spo\u010d\u00edva v tom, \u017ee vyu\u017e\u00edva tzv. 0-day \u00fatoky<\/a> (\u00fatoky pri ktor\u00fdch s\u00fa vyu\u017e\u00edvan\u00e9 0-day exploity na zatia\u013e neverejn\u00e9 0-day zranite\u013enosti na ktor\u00e9 e\u0161te neexistuj\u00fa bezpe\u010dnostn\u00e9 z\u00e1platy). V\u010faka tomu, mo\u017enost\u00ed ako sa vo\u010di uveden\u00fdm \u00fatokom br\u00e1ni\u0165 je zna\u010dne obmedzene. To d\u00e1va v\u00fdraznu v\u00fdhodu vlastn\u00edkovi a pou\u017e\u00edvate\u013eovi tak\u00e9hoto softv\u00e9ru (r\u00f4zne vl\u00e1dy \u0161t\u00e1tov, ktor\u00e9 s\u00fa prim\u00e1rni z\u00e1kaznici Gamma International) a silne oslabuje samotn\u00fa \u0161pehovan\u00fa obe\u0165, ktor\u00e1 sa prakticky nem\u00e1 ako br\u00e1ni\u0165. Preto tento softv\u00e9r bol a st\u00e1le je s ob\u013eubou vyu\u017e\u00edvan\u00fd v Egypte, Eti\u00f3pii, Bahrajne a in\u00fdch totalitn\u00fdch krajin\u00e1ch.<\/p>\n

Spolo\u010dnos\u0165 Gamma International dokonca na 0-day exploity poskytuje pre svojich klientov \u0161peci\u00e1lne „z\u00e1ruky“ – napr\u00edklad, \u017ee funguj\u00fa na viacer\u00fdch OS s r\u00f4znymi bezpe\u010dnostn\u00fdmi z\u00e1platami, tie\u017e garantuj\u00fa n\u00e1hradu (vo forme aktualizovan\u00e9ho alebo in\u00e9ho exploitu) za ka\u017ed\u00fd 0-day exploit zak\u00fapen\u00fd na 6-mesa\u010dn\u00fa alebo 12-mesa\u010dn\u00fa dobu. Ni\u017e\u0161ie uv\u00e1dzam v\u00fd\u0165ah z ich marketingov\u00e9ho materi\u00e1lu:<\/p>\n

Delivers government grade 0-day exploits:\u00a0<\/code><\/p>\n