I've had no success even starting it on uTorrent on windows. Transmission on my vm is happily chugging away though.
The biggest file in the torrent is
FinSpy-PC+Mobile-2012-07-12-Final.zip (a hefty 33.75 gb)
Even though it's over 2 years in age, I hope that all the programmers out there, hackers, enthousiasts, employees of antivirus and antimalware companies turn this stuff inside out to see how it works and harden the world's software to make sure we can get better at protecting ourselves.
I've already found that the browser injection works either by either running a malware .jar file or installing a malware .xpi
Needless to say here on HN ofcourse, but i'm going to do it anyway:
If you haven't done it already, GET THE JAVA RUNTIME OUT OF YOUR BROWSER
I don't understand what the point of password and pgp protecting the data is.
Typically with torrents, if they're password protected they get shunned. Most torrent downloading software is even programmed to ignore .zip files because of the frequency of password-protected zips. I understand why these show up for illegal media, but for something like a leak it doesn't make sense to me.
Is there an angle I'm missing? I mean, they said they were releasing it to get it into people's hands, it's not like they pulled a wikileaks and used it as their insurance policy.
I'm just guessing here, but I think that they protected their website contents themselves, not the uploader of the torrent. This would be the sane thing to do : Even if the site gets hacked (...) your binaries still don't leak.
The biggest file in the torrent is FinSpy-PC+Mobile-2012-07-12-Final.zip (a hefty 33.75 gb)
Even though it's over 2 years in age, I hope that all the programmers out there, hackers, enthousiasts, employees of antivirus and antimalware companies turn this stuff inside out to see how it works and harden the world's software to make sure we can get better at protecting ourselves.
I've already found that the browser injection works either by either running a malware .jar file or installing a malware .xpi
Needless to say here on HN ofcourse, but i'm going to do it anyway: If you haven't done it already, GET THE JAVA RUNTIME OUT OF YOUR BROWSER