Detekt tool to scan your system for Government SpywareGovernment funded spyware marketThe SolutionNot 100% effective yet

Government funded spyware market

FinSpy, maintained by German developer FinFisher, is one of the most publicized examples. It has been used to monitor the communications of human rights lawyers and democracy protesters in Bahrain, Pakistan and many countries. Services from the company could amount to millions of dollars to the buyer nation. Another company developing such a product is the Italian Hacking Team, offering Remote Control System (RCS), a spying tool that can be adapted to any platform, to different government entities. Both companies have previously claimed that their services cannot be bought by just about anyone, that they screen their clients before proceeding further. If these two companies are doing it legally, there can also be entities doing the same – if not more dangerous work – illegally and we might have no idea whatsoever.

The Solution

The tool to break free from the illegal snooping comes in the form of Detekt. Detekt is an open source tool made primarily for  journalists, activists, and human rights defenders around the world. Detekt is aimed at finding traces of spying malware known to be used by governmental organizations worldwide for monitoring the activity of citizens of interest. The open source tool is developed by security researcher Claudio Guarnieri and published in partnership with Amnesty International, Digitale Gesellschaft, Electronic Frontier Foundation and Privacy International. Marczynski adds that Detekt is the response to governments relying on information obtained through illegal surveillance to “detain, illegally arrest and even torture human rights defenders and journalists.”

Not 100% effective yet

The tool, good and useful as it may be, isn’t 100% effective just yet. One major shortcoming in this is that though it can detect a spyware, it cannot delete it from your system. That part needs to be done by a professional. Apart from the aforementioned legal spyware, Detekt can identify other remote access Trojans (RAT), too, such as DarkComet RAT, XtremeRAT, BlackShades RAT, njRAT, ShadowTech RAT, and Gh0st RAT. Also, once a threat has been detected, your machine needs to be disconnected from all other sources until it has been properly cleaned and sanitized. There is no need to install Detekt on your computer, simply execute the program from a pen drive with administrator privileges and wait for the scan to complete. Remember that Detekt will disconnect all connectivity during it scanning operation which may be a few minutes long. As it is crowd sourced project, it may not be long before people get together and give it a meaner spyware deleting function. Detekt can be download from Github. The latest version 1.1  1.1, eliminates some false positives and problems related to localization that the earlier version had.