Detekt anti-surveillance software released

Open source software capable of detecting the presence of surveillance spyware has been released by four European and US human rights and IT organisations.

Detekt anti-surveillance software released
Detekt anti-surveillance software released

Known as Detekt, the software is being promoted by Amnesty International, Privacy International, Digitale Gesellschaft and the Electronic Frontier Foundation.

The idea behind the anti-spyware package is to identify the presence of state-sponsored or similar surveillance software that is being used to spy on a user's PC - spotting the presence of external email readers, all the way to exfiltration and so-called `infinity bug' eavesdropping applications. Interestingly, Detekt was developed by Claudio Guarnier, a German security researcher who formed part of a team that investigated the FinFisher suite of software that is reportedly widely used by governments around the world to surveil their citizen's computers, usually for intelligence purposes.

In September 2013, Guarnier and his colleagues released a report `For Their Eyes Only' that claimed to prove that FinFisher - aka FinSpy - from Gamma International was in active use in no less that 36 countries around the world, including the UK and the US.

Guarnier says that the goal of Detekt is not so much to create a generic malware detector but a "free and open source utility for human rights workers and concerned citizens to try to detect the potential presence of spyware we've observed being used against civil society."

The tool, he explained, is a utility with a message that seeks to raise awareness on the issue of governments' abuse of largely misunderstood and unregulated surveillance technologies. Hopefully, he aid, people will engage and initiate a debate before it's too late to change anything.

Rob Bamforth, a principal analyst with Quocirca, the business and IT analysis house, said that Detekt appears to be a simple utility that has the positive attributes of being open source and free for download.

"I wonder, though, if there will be other versions that will appear - and will they be as simple? The big problem with these sorts of applications is that, whilst they are a great idea, they can often by reworked to include a malware payload," he said.

Malevolent application

"Based on this, the software could be extremely useful in the right hands, but it could also be a disaster, owing to the potential for it to be misused by cyber-criminals. I have often found that, when you dig into the world of open source security software, you often find that the software has the capacity to be modified and, as such, turn into a malevolent application," he added.

Bamforth went on to say that the best option for Detekt is if a commercial entity takes over the software's development and promotes a verifiable clean version to users that also keeps up with the security arms race.

Digital forensics specialist Professor Peter Sommer, a visiting professor with de Montfort University, said that Privacy International - in particular - has put a great deal of effort into cataloguing and identifying government-sponsored and government-deployed spyware.

"Detekt shares with conventional commercial malware detection products two classic problems - how to source the raw material for examination and then how to keep the detection signatures up to date. It's fair bet that this class of software in better at concealment and obfuscation than most," he explained.

Keith Bird, UK managing director for Check Point, was also upbeat on the potential for Detekt.

"This is an interesting development in the fight against stealthy malware. With malicious code becoming increasingly complex and difficult to detect, we will have to wait and see how effective this new tool will be in nullifying threats," he said.

"Increasingly, organisations and individuals need multi-layered defences against infections, because malware authors use obfuscation techniques to help their code avoid detection by conventional anti-virus and ant-spyware tools," he added.