Recent years have seen a boom in the adoption of surveillance technology by governments around the world, including spyware that provides its purchasers the unchecked ability to target remote Internet users’ computers, to read their personal emails, listen in on private audio calls, record keystrokes and passwords, and remotely activate their computer’s camera or microphone. EFF, together with Amnesty International, Digitale Gesellschaft, and Privacy International have all had experience assisting journalists and activists who have faced the illegitimate use of such software in defiance of accepted international human rights law.
Software like this is designed to evade detection by its victims. That’s why we’ve joined together to support Detekt, a new malware detection tool developed by security researcher Claudio Guarnieri. Detekt is an easy-to-use, open source tool that allows users to check their Windows PCs for signs of infection by surveillance malware that we know is being used by government to spy on activists and journalists.
Some of the software used by states against innocent citizens is widely available on the Internet, while more sophisticated alternatives are made and sold by private companies and sold to governments everywhere from the United States and Europe to Ethiopia and Vietnam.
Detekt makes it easy for at-risk users to check their PCs for possible infection by this spyware, which often goes undetected by existing commercial anti-virus products.
Because Detekt is a best-effort tool and spyware companies make frequent changes to their software to avoid detection, users should keep in mind that Detekt cannot conclusively guarantee that your computer is not compromised by the spyware it aims to detect. However, we hope that the availability of this tool will help us to detect some ongoing infections, provide advice to infected users, and contribute to the debate around curbing the use of government spyware in countries where it is linked to human rights abuses.
We hope that members of the open source and information security communities willcontribute to this important project.