Following the invasion of Ukraine, Russian forces have apparently begun hacking Ukrainian state digital systems and spreading disinformation.
MacPaw’s Technological R&D Lead, Sergii Kryvoblotskyi, has developed the SpyBuster tool that analyzes where the apps are sending a user’s data, the company deciding to make it available for macOS users worldwide.
Per Kryvoblotskyi:
“As a Tech R&D team before the war, we did a lot of research. So I began to check which of them could contribute to the country’s informational security. One of these researches was about the technical implementation of network filtering on macOS. I’ve realized it could be well-applied to protecting computers from potentially dangerous apps and adapted to help users in our new reality.”
As of July 2016, Russia enforced Federal bills No. 374-FZ and 375-FZ, which require telecom providers to store the content of voice calls, data, images, and text messages on Russian servers for 6 months, and their metadata (e.g., time, location, message sender, and recipients) for three years. Online services such as messengers, emails, and social networks that use encrypted data are required to permit the Federal Security Service (FSB) to access and read their encrypted communications.
This translates to all internet and telecom firms within Russia being obligated to disclose these communications and metadata and “all other information necessary” to authorities on request without a court order. At present, FSB can simply call a local office of any tech company in order to obtain access to a user’s photos and text history.
From its end, SpyBuster allows a user to see and block applications, services, and sites connected to Russia or Belarus.
The application also allows media outlets to notice if their sites are connected to Russian servers.
SpyBuster currently offers two main functions: Static Analysis and Dynamic Analysis.
With Static Analysis, the feature shows whether the app is somehow related to Russia
For example, it will automatically detect and highlight any apps on your Mac that are somehow related to Russia or Belarus.
With Dynamic Analysis, the user sees how these apps and websites are behaving. When you run an app on your Mac — it starts doing something right away: sending messages to servers, writing files, gaining access, etc.
SpyBuster scans these connections in real-time and displays their history (logs) that show whether the connection was secure. You can see only the potentially threatening connections by clicking the Compromised Only button and then adding them to Deny List, so they no longer work.
SpyBuster is available for free and requires macOS 10.15 Catalina or later to install and run.
Stay tuned for additional details as they become available.
Via MacPaw