Targeted digital surveillance: Malware

Contents

Description
Mitigations
Used in repressive operations
- Repression of Lafarge factory sabotage
- Scripta Manent

Contents

Description
Mitigations
Used in repressive operations
- Repression of Lafarge factory sabotage
- Scripta Manent

Malware is malicious software installed on a digital device such as a computer, server, or mobile phone, to compromise the device. Malware can do many different things, but against anarchists and other rebels, it typically aims to gain visibility into the compromised device through remote screen capture and remote keylogging (recording the keys pressed on a keyboard), and to track the location of the device (in the case of phones).

Malware can be installed on a device:

Remotely, typically through phishing^[1] via email or text-based messages (SMS, etc.) To be effective, phishing often requires the target to open a malicious file or link.
By physical accessing the device.

See the targeted malware topic.

Used in tactics: Incrimination

Mitigations

Name	Description
Compartmentalization	If an adversary installs malware on a Tails^[2] USB stick or a Qubes OS^[3] virtual machine that you use for different digital identities, they can tie the different identities together. To mitigate this, you can use different Tails USB sticks or Qubes OS virtual machines for different digital identities.
Computer and mobile forensics	You can use computer and mobile forensics to detect traces of malware on a device on which malware is or was installed.
Digital best practices	You can follow digital best practices, and in particular use security-oriented operating systems to make it harder for an adversary to install malware on your digital devices.
Encryption	You can encrypt “in-motion” data to make it harder for an adversary to install malware through network packet injection, an installation vector for some forms of modern spyware, such as Pegasus^[4].

Used in repressive operations

Name	Description
Repression of Lafarge factory sabotage	Investigators made five requests to remotely install spyware^[5]. Of these, one installation was successful (on an iPhone SE 2020) and provided access to a Signal group conversation.
Scripta Manent	Malware was installed on the computer of one of the accused comrades^[6]. The malware, which was installed remotely over the Internet, targeted a Windows computer and was capable of recording text typed on the keyboard, taking periodic screenshots, and recording communications sent and received to and from the computer.

References

https://en.wikipedia.org/wiki/Phishing

https://tails.net

https://www.qubes-os.org

https://forbiddenstories.org/about-the-pegasus-project

https://notrace.how/resources/index.html#affaire-lafarge-les-moyens-denquetes-utilises

https://earsandeyes.noblogs.org/post/2019/01/27/more-precisions-keylogger-italy