Targeted digital surveillance: Malware

Contents

Description
Mitigations
Used in repressive operations
- Repression of Lafarge factory sabotage
- Scripta Manent

Contents

Description
Mitigations
Used in repressive operations
- Repression of Lafarge factory sabotage
- Scripta Manent

Malware is malicious software installed on a digital device such as a computer, server, or mobile phone, to compromise the device. Malware can do many different things, but against anarchists and other rebels, it typically aims to gain visibility into the compromised device through remote screen capture and remote keylogging (recording the keys pressed on a keyboard), and to track the location of the device (in the case of phones).

Malware can be installed on a device:

Remotely, typically through phishing^[1] via email or text-based messages (SMS, etc.) To be effective, phishing often requires the target to open a malicious file or link.
By physical accessing the device.

See the targeted malware topic.

Used in tactics: Incrimination

Mitigations

Name	Description
Compartmentalization	You can use different Tails^[2] USB sticks or Qubes OS^[3] virtual machines for different digital identities. This way, if an adversary compromises one stick or virtual machine with malware, the compromise won't spread to other sticks or virtual machines.
Computer and mobile forensics	You can sometimes detect traces of malicious software on a device after the fact.
Digital best practices	Using security-oriented operating systems and other digital best practices makes malware installation less likely. Phishing awareness is also important — don't open attachments or click on links sent to you by people you don't trust.
Encryption	Encrypting “in motion” data can complicate network packet injection — an installation vector for some forms of modern spyware, such as Pegasus^[4].

Used in repressive operations

Name	Description
Repression of Lafarge factory sabotage	According to the case files, investigators made five requests to remotely install spyware^[5]. Of these, one installation was successful (on an iPhone SE 2020) and provided access to a Signal group conversation.
Scripta Manent	Malware was installed on the computer of one of the accused comrades^[6]. According to the investigation files, the malware, which was installed remotely over the Internet, targeted a Windows computer and was capable of recording text typed on the keyboard, taking periodic screenshots, and recording communications sent and received to and from the computer.

References

https://en.wikipedia.org/wiki/Phishing

https://tails.boum.org

https://www.qubes-os.org

https://forbiddenstories.org/about-the-pegasus-project

https://notrace.how/resources/index.html#affaire-lafarge-les-moyens-denquetes-utilises

https://earsandeyes.noblogs.org/post/2019/01/27/more-precisions-keylogger-italy