| Home > South-East Asia >> Indonesia | |
Indonesian government 'using Sydney server for spyware program'
ABC 7.30 Report - January 26, 2016
Transcript
Julia Baird, Presenter: Global espionage has been revolutionised by the internet and security researchers believe Western countries are being used as unwitting partners to mask online spying by countries that have dubious human rights records.
Now there's allegations this practice has arrived on Australia's doorstep with an Indonesian spy server being tracked to a Sydney street. Security experts are warning this means Australia could get the blame for spying carried out by other countries.
Conor Duffy and Lisa Main have the story.
Conor Duffy, Reporter: Across the globe, an arms race is under way as governments upgrade their capabilities to spy on those they deem a security risk. Intelligence capabilities that once cost billions can now be bought as a single piece of software.
Adam Molnar, Criminology, Deakin University: I think you can say on the whole that the use of sort of cyber offensive capabilities is proliferating massively. Over 60 countries right now have or are developing these capacities.
Conor Duffy: FinFisher is one such piece of tech. It's made in Germany and exported worldwide. It taps into every electronic secret on a target's computer or phone.
Bill Marzcak, Citizen Lab, Uni. of Toronto: FinFisher – obviously when a computer or phone is infected with FinFisher spyware, the spyware has to communicate back to the government that infected it and the way that it does that is it communicates to a master server and sends back the data, which includes the passwords that the user types in, including files on their computer or also even the spyware allows the government operator to turn on the microphone or the webcam of the computer or the phone.
Reporter: The Bahraini Government has been accused of apparently using surveillance on those who oppose its rule.
Conor Duffy: FinFisher suffered a massive and embarrassing hack in 2014. Despite many customers being revealed, it appears it's more popular than ever.
Reporter: Spying online is more sophisticated than ever before.
Conor Duffy: Bill Marzcak and a team of researchers used the information to track this secret network. It even turned up with one of our closest neighbours.
Bill Marzcak: It appears that Indonesia is definitely one of the largest customers of FinFisher. We were able to identify one specific government user inside Indonesia, the National Crypto Agency. But we also found evidence that there were many other government users inside Indonesia. I felt very concerned about the list of countries we had found. I think I would have felt far less concerned if the spyware was only turning up in countries which had robust rule of law and oversight of intelligence and law enforcement.
Conor Duffy: To hide their surveillance, FinFisher customers like Indonesia are routing their operations through decoy servers in other countries. 7.30 can reveal Indonesia is using a decoy server in Australia to mask its intelligence operations.
Bill Marzcak: As you say, we found this master server inside Indonesia which was using a proxy server in Australia, meaning that whoever the government agency in Indonesia was, their information was being – the information from the people they infected was going through Australia before it reached the final server inside Indonesia.
Conor Duffy: The researchers were able to track the Indonesian decoy spy server to a data storage centre on a busy Sydney street.
The data centre is run by a company called Global Switch Australia. It's now a vital, if possibly unknowing cog in Indonesia's intelligence machinery. It's not known which Indonesian agency is responsible for the decoy server.
Global Switch declined to respond to questions, as did its managing director, Damon Reid. I just wanted to ask you if you were aware that the Indonesians were using that decoy server?
Damon Reid, MD, Global Switch: I don't have any comment.
Conor Duffy: Can you answer if you knew it was there?
Damon Reid: No, I can't comment.
Bill Marzcak: If someone were to get one of these pieces of spyware, they'll see that their information – the information from their computer is flowing to a server in Australia. So one potential concern is that people might think, "Hey, this is Australia that's involved in the targeting here. Australia's somehow involved in the use of this spyware."
Conor Duffy: We approached ASIO and their counterparts in Defence Intelligence to see if they had concerns, but both declined to comment.
There are legitimate reasons for these surveillance techniques: terrorism and crime. However, human rights groups fear it can also be used against government opponents.
7.30 has obtained an Indonesian intelligence report from last year which human rights groups say lists a number of West Papuan independence activists, including students and Christian leaders. It identifies their weaknesses and lists its aim as being to suppress and divide the movement.
The Indonesian Foreign Ministry directed questions to the country's cyber security agency, which did not respond. Previously, Indonesian Defence has admitted spending millions on Gamma's products, but said it was for strategic purposes, not to spy on citizens. Gamma has previously denied reports from Citizen Lab on the locations of its servers.
Surveillance expert Adam Molnar says the server may not breach Australian law, but there's concerns over who is being targeted and what legal rights they have.
Adam Molnar: The Indonesian use of FinFisher, that really comes down to whether it's targeted at Indonesian citizens or non-citizens. So the legal protections would apply for Indonesians within Indonesia, for example, but those same protections wouldn't apply for Australian citizens.
Conor Duffy: There are fears the rules governing the use of this technology are failing to keep pace with this high-tech software. The suppliers thrive on staying in the shadows, but many would like to see some light shone on a product that's becoming ever more powerful.
Adam Molnar: I think that cuts to the heart of the problem is that there is so little transparency in this space. There's a lot of secrecy and I think we really need to remedy that in such a way that citizens can be aware of the types of services that their governments are contracting.
Julia Baird: Conor Duffy reporting.
See also:
 |