Most government hackers now target cell phones, not computers, experts say

Cell Phone - IAThe majority of government-sponsored hacking now targets cell phones, not personal computers, according to researchers who say that political dissidents are especially targeted by totalitarian regimes around the world. Until 2015, most government-sponsored hacking operations were directed against the personal computers of targeted individuals. However, experts tell The Wall Street Journal that as of this year cell phones have become a far more lucrative target than personal computers in government-sponsored hacking operations. Researchers with Lookout Mobile Security, a security software company based in the United States, say that detected phone-hacking operations that are believed to be sponsored by governments have increased by a factor of 10 in the first five months of this year, compared to 2015.

According to Lookout, the increase in hacking operations targeting mobile phones reflects the proliferation of smartphone usage around the world, as well as the increase in consumption of cell phone software. Government-sponsored hackers usually compromise their targets’ cell phones through malicious software disguised as cell phone applications. The Wall Street Journal also reports that the software needed to build malicious software for cell phones has become cheaper and more readily available. Compromising a target’s cell phone provides hackers with information that is far more personal and sensitive than what can be found on a personal computer. The paper quotes Mike Murray, Lookout’s vice president of security research, who says: “It is one thing to compromise someone’s computer. It’s another thing to have a listening device that they carry around with them 24 hours a day”. Compromised phones become immensely powerful espionage tools, explains Murray.

Many of the individuals whose cell phones are targeted by governments are activists or dissidents who campaign for political or economic reforms in their countries. Their cell phones are targeted in systematic hacking campaigns by countries like Ethiopia, the United Arab Emirates, Cambodia, and Mexico, said Lookout. The Wall Street Journal cites Raj Samani, chief scientist for the antivirus firm McAfee, who claims that nearly 11 percent of cell phones worldwide were infected with some kind of malware in 2017. That statistic is likely to rise significantly by the end of 2018, says Samani.

Author: Ian Allen | Date: 08 June 2018 | Permalink

Advertisements

Spy collection program using fake mobile phone apps linked to Pakistani military

Cellular telephoneThe Pakistani military is suspected of having orchestrated a lucrative intelligence collection campaign using mobile phones, which targeted diplomats from India, Israel and Australia, as well as from North Atlantic Treaty Organization (NATO) member countries such as the United States and Britain. Others targeted in the operation include officials from Iraq, Iran and the United Arab Emirates. News of the alleged spy operation was published earlier this month by Lookout Mobile Security, a security software company based in the United States.

The company said that the perpetrators of the operation managed to hack into a number of diplomats’ phones by creating a number of fake applications for Android and iOS mobile phone systems. The applications, called Tangelo (for iOS) and Stealth Mango (for Android), took control of mobile phone devices once their owners downloaded them through fake third-party app stores advertising online. According to Lookout, the two apps were designed by a consortium of freelance software developers who have close links with the Pakistani military establishment. The technical report published by Lookout points to the use of IP addresses that lead to a server housed in Pakistan’s Ministry of Education in the country’s capital, Islamabad. Lookout also said that it managed to trace the identity of the person who was the main developer of the two fake mobile phone applications. He is reportedly a full-time government employee who “moonlights as a mobile app developer”. The group that built the fake apps is known for creating legitimate apps, said Lookout, but also works for hire creating surveillanceware for mobile phone systems. In the past, the same group has been found to target military and civilian government officials in India, according to Lookout.

In its technical report, the Lookout security team describes how the Pakistani hackers collected a variety of data from their victims, by having it stealthily transmitted from compromised mobile phones to servers in Islamabad. The data included photos and videos, lists of contacts, logs of phone calls and texts, as well as detailed calendar entries. German and Australian diplomats had their travel plans stolen, and a letter from the United States Central Command to Afghanistan’s assistant minister of defense for intelligence was also acquired by the hackers. The latter also gained access to the contents of an entire database of pictures of traveler passports —many of them diplomatic— from the Kandahar International Airport in southern Afghanistan. The report said it was impossible to know for certain when Tangelo and Stealth Mango were first developed and utilized. However, the most recent version of the apps was released in April of this year.

Author: Joseph Fitsanakis | Date: 22 May 2018 | Permalink

Joint US-Iraqi intelligence operation used cell phone app to trap senior ISIS figures

Abu Bakr al-BaghdadiAn joint operation conducted by American and Iraqi intelligence officers employed a popular messaging app on the phone of a captured Islamic State commander to apprehend four very senior figures in the organization, according to reports. The Reuters news agency said on Thursday that the ambitious intelligence operation began in February, when Turkish authorities captured a close aide to Abu Bakr al-Baghdadi, the Iraqi-born leader of the group known as Islamic State of Iraq and Syria (ISIS). According to Hisham al-Hashimi, security advisor to the government of Iraq, the ISIS aide was Ismail al-Eithawi, also known by his alias, Abu Zaid al-Iraqi. Iraqi officials claim that al-Eithawi was appointed by al-Baghdadi to handle the secret transfer of ISIS funds to bank accounts around the world.

It appears that al-Eithawi had managed to escape to Turkey when the United States-led coalition shattered ISIS’ self-proclaimed caliphate. But he was captured by Turkish counterterrorism forces and handed over to Iraqi authorities. Baghdad then shared the contents of al-Eithawi’s cell phone with US intelligence officers. The latter were able to help their Iraqi counterparts utilize the popular messaging app WhatsApp, a version of which was installed on al-Eithawi’s cell phone. According to al-Hashimi, the Iraqis and Americans made it seem like al-Eithawi was calling an emergency face-to-face meeting between senior ISIS commanders in the area. But when these Syria-based commanders crossed into Iraq to meet in secret, they were captured by Iraqi and American forces.

According to al-Hashimi, those captured include a Syrian and two Iraqi ISIS field commanders. More importantly, they include Saddam Jamal, a notorious ISIS fighter who rose through the ranks to become the organization’s governor of the Euphrates’ region, located on Syria’s east. Al-Hashimi told reporters on Thursday that Jamal and al-Eithawi were the most senior ISIS figures to have ever been captured alive by US-led coalition forces. The Iraqi government advisor also said that al-Eithawi’s captors were able to uncover a treasure trove of covert bank accounts belonging to ISIS, as well as several pages of secret communication codes used by the militant group.

Author: Joseph Fitsanakis | Date: 11 May 2018 | Permalink

US government publicly admits existence of rogue phone-tapping devices in DC

Embassy RowThe United States government has for the first time admitted publicly that it has detected devices known to be used by foreign intelligence services to spy on cellular communications in the nation’s capital. Known commonly as Stingrays, after a leading hardware brand, these devices are primarily used by government agencies, including law enforcement. But they can be purchased by anyone with anywhere from $1,000 to $200,000 to spare. They work by simulating the activity of legitimate cell towers and tricking cell phones into communicating with them. That allows the users of these cellphone-site simulators to monitor the physical whereabouts of targeted cell phones. Some of the more expensive Stingray models can intercept the actual content of telephone conversations and can even plant Trojans on the compromised phones of unsuspecting users.

Many governments have expressed concerns about the use of these devices, which are known to be used by intelligence agencies to monitor cellular communications on foreign soil. Major cities around the world, including Washington, are major targets of cellphone-site simulators, which are frequently located inside foreign embassies. However, the US government has never publicly commented on this issue, despite intense rumors that government agencies headquartered in Washington are major targets of Stingray devices. This changed recently, however, after Senator Ron Wyden (D-OR) wrote a letter to the Department of Homeland Security seeking information about the use of such devices in Washington. Wyden received a written response from Christopher Krebs, who heads the DHS’ National Protection and Programs Directorate. In the letter, dated March 26, Krebs confirmed that the DHS detected a number of active Stingrays in the DC area in 2017, which he referred to as “anomalous activity consistent with Stingrays”. But he added that the DHS lacks both funding and equipment needed to detect the full number of the devices and the full spectrum of Stingrays that are active in the nation’s capital.

The Associated Press, which published Krebs’ letter, said it acquired it from Wyden’s office in the US Senate. The news agency noted that the letter from DHS did not provide the technical specifications of the cellphone-site simulators, and did not enter into speculation about who might be employing them. Additionally the letter did not provide the exact number of Stingrays detected in DC in 2017, nor did it provide the exact locations in DC where Stingray activity was traced. In response to Krebs’ letter, Senator Wyden’s office released a statement blaming the US Federal Communications Commission for having failed to hold the cellular telecommunications industry accountable for the lack of security against Stingrays. “Leaving security to the phone companies has proven to be disastrous”, Senator Wyden’s statement concluded.

Author: Joseph Fitsanakis | Date: 4 April 2018 | Permalink

Lebanese spy agency used Android app to spy on thousands, say researchers

GDGS EFF LookoutThe spy agency of Lebanon used a virus designed for the Android mobile operating system to compromise the cell phones of thousands of people in at least 20 countries, according to a new mobile security report. The 50-page report was published on Thursday by a team of researchers from Lookout, a mobile security company, and the Electronic Frontier Foundation in Washington, DC. In an accompanying press release, the researchers said that the virus, which they named Dark Caracal, has been in existence for at least six years. They added that it was traced to a building in Beirut belonging to the General Directorate of General Security (GDGS), Lebanon’s primary external intelligence agency.

According to the Lookout/EFF research team, the trojanized phone application was camouflaged as a secure messaging service, resembling popular applications like Signal or WhatsApp. However, once an Android user downloaded it, it gave remote users access to the compromised phone’s cameras and microphone, thus turning it into a bugging device. The virus also stole email and text messages, pins and passwords, lists of contacts, call logs, photographs, as well as video and audio recordings stored on the compromised device. The report states that compromised devices were found in over 20 countries, including Lebanon, France, Canada, the United States and Germany. The majority of those targeted by the virus were civilian and military officials of foreign governments, defense contractors, and employees of manufacturing companies, financial institutions and utility providers.

On Thursday, Reuters contacted Major General Abbas Ibrahim, who serves as director general of GDGS. He insisted that the GDGS is known for collecting intelligence using human sources, not cyber technologies. “General Security does not have these type[s] of capabilities. We wish we had these capabilities”, General Ibrahim told the news agency.

Author: Joseph Fitsanakis | Date: 19 January 2018 | Permalink

Australian parliament reviews use of Chinese-made cell phones

ZTE CorporationThe Parliament of Australia is reportedly reviewing the use of cell phones built by a Chinese manufacturer, after an Australian news agency expressed concerns about the manufacturer’s links with the Chinese military. The cell phone in question is the popular Telstra Tough T55 handset. It is made available to Australian parliamentarians though the Information, Communications and Technology (ICT) unit of the Department of Parliamentary Services (DST). Any parliamentarian or worker in Australia’s Parliament House can order the device through the Parliament’s ICT website. According to data provided by the DST, 90 Telstra Tough T55 cell phones have been ordered through the ICT in the current financial year.

The handset is manufactured by ZTE Corporation, a leading Chinese telecommunications equipment and systems company that is headquartered in the city of Shenzhen in China’s Guangdong province. On Monday, the News Corp Australia Network, a major Australian news agency, said it had contacted the parliament with information that ZTE Corporation’s links to the Chinese military may be of concern. News Corp said it informed the DST that members of the United States Congress and the House of Representatives’ intelligence committee, have expressed serious concerns about the Chinese telecommunications manufacturer in recent years.

As intelNews reported in 2010, three American senators told the US Federal Communications Commission that the ZTE was “effectively controlled by China’s civilian and military intelligence establishment”. The senators were trying to prevent a proposed collaboration between American wireless telecommunications manufacturers and two Chinese companies, including ZTE Corporation. In 2012, the intelligence committee of the US House of Representatives investigated similar concerns. It concluded that telephone handsets manufactured by ZTE should not be used by US government employees due to the company’s strong links with the Chinese state. And in 2016, US-based security firm Kryptowire warned that some ZTE cell phone handsets contained a suspicious backdoor feature that could potentially allow their users’ private data to be shared with remote servers at regular intervals.

A DST spokesman told the News Corp Australia Network that the ZTE-manufactured cell phones had been selected for use by Australian parliamentarians based on “technical and support requirements, [DST] customers’ feedback and cost”. The spokesman added that the DST “is currently reviewing the ongoing suitability” of the T55 handsets, following reports about ZTE’s links with China’s security establishment.

Author: Ian Allen | Date: 05 September 2017 | Permalink

Israeli military says Hamas lured its soldiers using online profiles of women

Cellular telephoneThe Israel Defense Forces told a press conference on Wednesday that hackers belonging to the Palestinian militant group Hamas lured Israeli soldiers by posing as young women online. Wednesday’s press conference was led by an IDF spokesman who requested to remain anonymous, as is often the case with the Israeli military. He told reporters that the hackers used carefully crafted online profiles of real Israeli women, whose personal details and photographs were expropriated from their publicly available social media profiles. The hackers then made contact with members of the IDF and struck conversations with them that in many cases became intimate over time. At various times in the process, the hackers would send the Israeli soldiers photographs of the women, which were copied from the women’s online public profiles.

The anonymous IDF spokesman said that, if the soldiers continued to show interest, they were eventually asked by the hackers posing as women to download an application on their mobile telephones that would allow them to converse using video. Once the soldiers downloaded the application, the ‘women’ would find excuses to delay using the application, or the relationships would abruptly end. But the soldiers would leave the application on their telephones. It would then be used by the Hamas hackers to take control of the camera and microphones on the soldiers’ mobile devices. According to the IDF spokesman, dozens of Israeli soldiers were lured by the Hamas scam. No precise number was given.

Media reports suggest that the Hamas hackers were primarily interested in finding out information about IDF maneuvers around the Gaza Strip, the narrow plot of densely inhabited territory that is controlled by the Palestinian militant group. They were also interested in collecting information about the size and weaponry of the Israeli forces around Gaza. Media representatives were told on Wednesday that the operation “had potential for great damage”. But the IDF claims that the harm to its operations was “minimal”, because it primarily targeted low-ranking soldiers. Consequently, according to the Israeli military, the hackers were not able to acquire highly sensitive information.

In 2009, dozens of members of Sweden’s armed forces serving with NATO’s International Security Assistance Force in Afghanistan were found to have been approached via Facebook, and asked to provide details on NATO’s military presence in the country. The Afghan Taliban are believed to have carried out the operation.

Hamas has not commented on the allegations by the IDF.

Author: Joseph Fitsanakis | Date: 12 January 2017 | Permalink