Spyware is officially used by police in 30 countries.

Surveillance of citizens by the government and the secret installation of malware on users' phones are no longer science fiction or conspiracy theories, but common practice in the daily activities of law enforcement.

Mikko Hypponen, research director at Finnish antivirus company F-Secure, spoke at the Black Hat hacker conference that is taking place these days in Las Vegas. In his speech, he said that spyware was officially used by the police in at least 30 countries.

Actually, the history of malware created for state needs has been going on since the discovery of Stuxnet - probably the first virus made under the direct supervision of the president as part of an operation codenamed “Olympic Games” .
')
“More recently, the idea that a democratic Western government would be involved in writing malware seemed ridiculous,” says Hyupönen. - The idea that one democratic Western state will develop a spyware program to spy on another democratic state? That is what we are seeing now. ”

Mikko Hyupönen says public services have several reasons for developing malware. This is a search operation, commercial intelligence, surveillance of citizens, sabotage and cyber warfare.

For example, in Finland, the police now have the right to legally install spyware on the mobile phone of a citizen who is suspected of committing crimes. The severity of the crimes and the degree of confidence in the involvement of the citizen are left to the discretion of the police.

Mikko Hyupönen believes that this practice is unacceptable. Especially when it turns out that the surveillance was carried out for an innocent person. “I would like them [in that situation] to apologize. It will be fair, ”he says.

In addition to Stuxnet, the expert cited several examples of other malicious programs developed by order of government agencies: Gauss, FinFisher, Flame and Careto are among them.

To install malware on citizens' smartphones, various methods are used, including fake digital certificates, by means of which traffic is redirected from legal sites to sites with exploit packs, Hyupönen said, citing an example of breaking into the Diginotar certification center in 2011, when attackers were able to generate valid digital certificates for many sites, including Google, Mozilla, Twitter and Microsoft.