For those concerned that their computer activities are under the watch of the government, a new free scanning tool is now available to search Windows-based PCs for surveillance spyware. Amnesty International, in a partnership with the Electronic Frontier Foundation, Digitale Gesellschaft and Privacy International, launched
Detekt today, a free open-source scanning tool used to detect some of the known
spyware that government agencies use to monitor activists and journalists.
"Governments are increasingly using dangerous and sophisticated technology that allows them to read activists and journalists' private emails, and remotely turn on their computer's camera or microphone to secretly record their activities," said Amnesty International Head of Military, Security and Police, Marek Marczynski. "They use the technology in a cowardly attempt to prevent abuses from being exposed."
To combat the attempts at monitoring individuals, the group decided to release Detekt to the public as a way to give those targeted a chance to take action. Marczynski adds that Detekt "represents a strike back against governments" that are using stolen information to detain, arrest and in some cases torture journalists and human rights defenders. Detekt is to be used to find traces of spyware, but it isn't a removal tool. In the event that anything is discovered, the software recommends never allowing the machine to access the Internet again, and seeking professional security assistance.
Sample Detekt infection findings
Detekt scans for several types of remote access Trojans (RAT), including BlackShades RAT, DarkComet RAT, FinFisher FinSpy, HackingTeam RCS and XtremeRAT. FinSpy and HackingTeam RCS are of particular note, as both are sold as commercial products to governments and law enforcement agencies. FinSpy contains several intrusion techniques that grant access to things like Skype conversations, a computer's microphone and webcam, and emails, but also allow file downloading and screenshot captures.
However, Detekt isn't an end-all solution. In fact, the group says that even if no traces of spyware are found, the machine could still be infected. It's stressed on the
GitHub page that if Detekt doesn't locate anything, it "unfortunately cannot be considered a clean bill of health." Detekt may not find older variants of RATs, different versions, or even those made by other spyware providers that aren't covered. On top of that, it's likely that surveillance tools will see updates in order to avoid detection by Detekt.
"Please beware that Detekt is a 'best-effort' tool," reads the
Detekt website. "While it may have been effective in previous investigations, it does not provide a conclusive guarantee that your computer is not compromised by the spyware it aims to detect. The tool is provided as is, without warranties or guarantees of any kind."
According to the
Coalition Against Unlawful Surveillance Exports, the industry for surveillance technology is estimated to be worth $5 billion and growing. There have been
several well-documented instances of spyware being used across the globe in nefarious ways not only by governments -- including those pointed out by WikiLeaks -- but also by other parties using some of the software available on the Internet.
"Detekt is a great tool which can help activists stay safe but ultimately, the only way to prevent these technologies from being used to violate or abuse human rights is to establish and enforce strict controls on their use and trade," said Marczynski.