Cell phones of leading Polish opposition figures hacked by government, group claims

December 27, 2021 by 3 Comments

Civic Coalition PolandCENTRAL FIGURES OF POLAND’S opposition coalition, which narrowly lost the 2019 parliamentary election, had their cell phones hacked with a surveillance software used by the country’s spy services, according to a new report. A major target of the hacks was Krzysztof Brejza, a member of the lower chamber of the Polish parliament and campaign director of the Civic Coalition, a centrist-liberal alliance. In the parliamentary election of 2019, the Civic Coalition challenged the all-powerful Law and Justice Party (PiS), which has ruled Poland for much of the past decade.

The PiS is a populist pro-Russian party that opposes many of the core policies of the European Union, of which Poland is a member. In contrast, the Civil Coalition is pro-Western and supports Poland’s integration into the European Union. In 2019, while the two parties were competing in a feverish electoral campaign, Poland’s state-owned television aired a number of texts acquired from Brejza’s phone, in what the opposition decried as a “smear campaign”. Eventually, the PiS won the election with a narrow majority.

The information about Brejza’s cell phone hack was revealed last week by Citizen Lab, a research unit of the University of Toronto’s Munk School of Global Affairs and Public Policy, which focuses on information technology, international security and human rights. According to the report, at least three senior figures in the Civil Coalition were under telephonic surveillance throughout the election campaign. Brejza’s cell phone was breached over 30 times between April and October of 2019, according to Citizen Lab. The other two victims of the surveillance operation were Ewa Wrzosek, a public prosecutor and leading critic of the PiS, as well as Roman Giertych, an attorney who represents leading members of the Civic Coalition.

The report claims that the surveillance against the Civil Coalition members was facilitated by Pegasus, a controversial spyware that is sold to governments around the world by NSO Group Technologies, an Israeli digital surveillance company based near Tel Aviv. Earlier this year, the United States government blacklisted NSO Group Technologies, in a move that surprised many in Israel and beyond. Meanwhile, on December 24, the Polish government denied it had any role in the phone hacking affair. Poland’s Prime Minister, Mateusz Morawiecki, dismissed the Citizen Lab revelations as “fake news”.

Author: Joseph Fitsanakis | Date: 27 December 2021 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , , , , , ,

Israel wants United States to lift sanctions on controversial cyber-spy firms

November 10, 2021 by Leave a comment

Computer hacking

THE GOVERNMENT OF ISRAEL is pressuring the United States to reverse its recent decision to blacklist two controversial digital surveillance companies, which Israel sees as “a crucial element of its foreign policy”. The US Department of Commerce placed the two firms, NSO Group Technologies and Candiru, on a sanctions list on November 3. According to a statement issued by the US Department of Commerce, the two firms engaged “in activities that are contrary to the national security or foreign policy interests of the United States”.

The move followed revelations of a spy software known as Pegasus, which is marketed by NSO Group. As intelNews and others reported back in July, Pegasus is able to install itself on targeted telephones without requiring their users to click a link or download an application. Upon installation, the software provides the spying party with near-complete control of a targeted telephone. This includes the ability to browse through the device’s contents, such as photographs and videos, record conversations, as well as activate the telephone’s built-in microphone and camera at any time, without its user’s consent or knowledge.

The US is among several Western governments that have criticized the Pegasus software as a malicious tool used by some of NSO Group’s customers to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers”. Software tools such as Pegasus have enabled a host of governments around the world to “conduct transnational repression [by] targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent”, according to the US Department of Commerce.

According to The New York Times, however, the government of Israel supports the work of NSO Group and Candiru, and “sees the Pegasus software as a crucial element of its foreign policy”. The Israelis were thus “alarmed” by Washington’s decision to blacklist the two firms, and are determined to lobby the White House on their behalf. The goal of the Israeli government, according to the paper, is to convince the American administration that the activities of NSO and Candiru, “remain of great importance to the national security of both” Israel and the US. In return for the US reversing its decision to blacklist the companies, Israel is willing to exercise “much tighter supervision” of these and other similar firms, through its software-licensing system, according to The Times.

Author: Joseph Fitsanakis | Date: 10 November 2021 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , ,

Alleged Pegasus phone-tapping list includes phones of at least 14 heads of state

July 22, 2021 by Leave a comment

Emmanuel Macron

AT LEAST FOURTEEN CURRENT or former heads of state, including presidents, prime ministers, and one king, are included in a list of 50,000 telephone numbers that were allegedly compromised through a controversial surveillance software. Known as Pegasus, the controversial spyware is marketed by NSO Group Technologies, an Israeli digital surveillance company based near Tel Aviv.

Pegasus is able to install itself on targeted telephones without requiring their users to click a link, or download an application. Upon installation, it provides the spying party with near-complete control of a targeted telephone. This includes the ability to browse through the device’s contents, such as photographs and videos, record conversations, as well as activate the telephone’s built-in microphone and camera at any time, without its user’s consent or knowledge.

Earlier this week, a consortium of newspapers from several countries said they had analyzed a leaked list of 50,000 victims of Pegasus, which allegedly includes the names of senior government officials, lawyers, labor leaders, human-rights activists and investigative journalists in almost every country. New in a new report, The Washington Post, which participated in the initial investigation into Pegasus, claims that the leaked list contains the names of 14 current or former heads of state.

According to the newspaper, the list contains telephone devices belonging to three presidents, France’s Emmanuel Macron (pictured), South Africa’s Cyril Ramaphosa, and Iraq’s Barham Salih. The telephone devices of three current prime ministers are also on the list, says The Post. These are, Morocco’s Saad-Eddine El Othmani, Egypt’s Mostafa Madboul, and Pakistan’s Imran Khan.

Also on the list are three former prime ministers, who were in office when they were allegedly targeted by Pegasus users: France’s Édouard Philippe, Belgium’s Charles Michel, Italy’s Romano Prodi, Lebanon’s Saad Hariri, Kazakhstan’s Bakitzhan Sagintayev, Uganda’s Ruhakana Rugunda, Algeria’s Noureddine Bedoui, and Yemen’s Ahmed Obeid bin Daghr. A telephone number belonging to the king of Morocco, Mohammed VI, is also reportedly on the list. Finally, the list allegedly includes several senior officials of international organizations, including the head of the World Health Organization, Dr Tedros Adhanom Ghebreyesus.

The Post report also includes part of a statement by NSO Group Technologies, in which the company says it keeps tabs on the use of its software by its clients, and has the power to block any misuse of Pegasus. The company also states that it intends to “continue to investigate all credible claims of misuses [of Pegasus] and take appropriate action” if needed, including “shutting down of a customers’ system”, which it has done “multiple times in the past and will not hesitate to do again if a situation warrants”.

Author: Joseph Fitsanakis | Date: 22 July 2021 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , ,

France launches probe into spying on media by Moroccan intelligence services

July 21, 2021 by Leave a comment

NSO Group

PROSECUTORS IN FRANCE HAVE opened an investigation into claims that the intelligence services of Morocco spied on French journalists’ phones, using a controversial surveillance software marketed by an Israeli firm. Since 2018, IntelNews has covered the controversial spyware, Pegasus, and its maker, NSO Group Technologies, an Israeli digital surveillance company based in Herzliya, a small coastal town located north of Tel Aviv.

The Pegasus surveillance software is able to install itself on targeted telephones without requiring their users clicking a link, or downloading an application. It then provides the spying party with near-complete control over the targeted telephone. Among other things, it gives the spying party the ability to browse through the telephone’s contents, including photographs and videos, record telephone conversations, as well as activate the telephone’s built-in microphone and camera at any time, without its user being aware that these devices are on.

Earlier this week, an investigative report published by a consortium of newspapers, including The Washington Post (United States), Le Monde (France) and The Guardian (United Kingdom), claimed that Pegasus’ victims number in their tens of thousands. Reporters said they had analyzed a leaked list of 50,000 victims of Pegasus, which include senior government officials, lawyers, labor leaders, human-rights activists and investigative journalists in almost every country in the world.

The recent revelations have made headlines in France, where the names of well-known journalists from several newspapers, magazines and news agencies feature on the leaked list of Pegasus’ victims. On Tuesday, the French investigative website Mediapart filed a legal complaint, claiming that two members of its staff, including its founder, Edwy Plenel, had been spied on by the Moroccan intelligence services through the Pegasus software. Another French investigative outlet, the newspaper Le Canard Enchaine, said it would also launch a complaint against the intelligence services of Morocco. More media outlets are expected to follow suit.

NSO Group Technologies denies that its Pegasus software is being used maliciously, and claims that it only sells the software to government agencies who use it in legitimate law enforcement investigations. The government of Morocco also denied the claims against its intelligence agencies, saying that it “never acquired computer software to infiltrate communication devices”.

However, the Office of the Paris Prosecutor said on Tuesday that it had launched an official investigation on the use of the Pegasus software by Moroccan intelligence. In a statement published on its website, the prosecutor’s office said it would examine the complaints by media companies from the perspective of as many as 10 possible charges, including criminal association, fraudulent access to personal electronic devices, and breach of personal privacy.

Author: Joseph Fitsanakis | Date: 21 July 2021 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , ,

British Channel Islands being used as ‘offshore global spy center’ study finds

December 22, 2020 by Leave a comment

Cell Phone - IATHE CHANNEL ISLANDS, AN archipelago consisting of dependencies of the British Crown located off the northern coast of France, are being used as an offshore global spy center due to their unregulated telecommunications industry, according to a new study. The archipelago is made up of Jersey and Guernsey, groups of islands that are not technically part of Britain, but are instead considered offshore British territories. They are regularly new study as offshore tax havens.

But now a referred to by Britain’s Guardian newspaper and the Bureau of Investigative Journalism, claims that lax regulation of the Channel Islands’ telecommunications systems is allowing foreign spy agencies and contractors to use them as a base to carry out worldwide surveillance operations. Many of these operations rely on SS7, a decades-old feature of the global cellular telecommunications system, which allows cellular providers to provide service to mobile phone users as they travel internationally.

The SS7 system allows a mobile phone registered in a specific country to be used in a different country, and its user to be billed for the service. But to do so with accuracy, the SS7 system enables the service provider to track the owner of the device being charged for the phone call. This is done through what is known in cellular telecommunications parlance as a Provide Subscriber Location, or PSL, request.

Citing “leaked data, documents and interviews with industry insiders”, the study claims that intelligence agencies exploit the Channel Islands’ lax telecommunications regulation, which allows them to file PSL requests, not for billing purposes, but to detect the physical whereabouts of targets around the world. They do so by renting access from mobile phone operators based in the Channel Islands.

These PSL requests originate from Britain’s +44 country code, which is generally trusted in the global telecommunications industry, and are thus facilitated without raising suspicions. Notably, many of these PSL queries do not seek to acquire bulk data on users, but rather target specific individuals around the world. Additionally, if handled in certain ways, PSL queries can provide spies with access to the content of targeted communications, and thus information relating to unsuspecting users’ personal data, including text messages, bank accounts and passwords.

The study suggests that the British government is aware of this misuse of the system, but is finding it difficult to stop it because it has no direct legal jurisdiction over the Channel Islands.

Author: Ian Allen | Date: 22 December 2020 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , ,

Catalan pro-independence leader’s phone hacked using Israeli spy software

July 15, 2020 by Leave a comment

Roger TorrentThe personal smartphones of leading Catalan pro-independence politicians were hacked using a highly invasive software built by a controversial Israeli firm, according to an investigative report by two newspapers. The revelation is likely to reignite a tense row between Madrid and pro-independence activists in one of the country’s wealthiest regions, which led to a major political crisis in 2017.

An estimated 50 percent of the population of the autonomous Spanish region of Catalonia wishes to secede from Spain. However, Madrid refused to recognize the legitimacy of an independence referendum organized by secessionist activists in 2017. The stalemate led to massive protests throughout the country, which were marred by violence and thousands of arrests, as Spain faced its deepest political crisis since the 1970s. In response to the protests, the central government suspended Catalonia’s autonomous status and arrested many of the independent movement’s leaders. Many of them have been given lengthy jail terms, while others remain abroad and are wanted by the Spanish government for promoting insurrection.

On Monday, British newspaper The Guardian and Spanish newspaper El País revealed the results of a joint investigation, according to which the smartphones of senior Catalan pro-independence politicians were targeted by hackers in 2019, and possibly even earlier. Among them was Roger Torrent, who serves as the speaker of the Parliament of Catalonia. The newspapers said he had been alerted to the hacking by cybersecurity employees of WhatsApp, a Facebook-owned company whose application was allegedly used by the hackers to take control of Torrent’s phone.

The software that was allegedly used to hack the Catalan politicians’ phones was Pegasus. It was built by NSO Group, an Israeli software development company that specializes in surveillance technologies. According to WhatsApp, which sued NSO Group in 2019, NSO Group specifically developed the Pegasus hacking platform to enable its users to exploit flaws in WhatsApp’s servers and to gain access to the telephone devices of targeted individuals. Pegasus allegedly allows its users to covertly operate a compromised phone’s camera and microphone. Read more of this post

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , ,

Saudi Arabia may be abusing global phone tracking system to spy on dissidents

March 30, 2020 by 1 Comment

Saudi TelecomThe government of Saudi Arabia may be exploiting a decades-old tracking system embedded in the global mobile telecommu- nications network in order to spy on its citizens as they travel abroad, a report suggests. The report was published on Sunday in the British broadsheet The Guardian, based on documents provided by an anonymous whistle-blower.

The alleged documents may implicate Saudi Arabia’s three largest cellular telecommuni- cations service providers, said The Guardian, namely Mobily, Zain and Saudi Telecom. The anonymous whistle-blower told the paper that these companies were “weaponizing mobile technologies”, allegedly under the direction of Saudi Arabia’s ruling monarchy, which is notorious for suppressing political dissent within and outside the oil kingdom.

The alleged method of surveillance relies on SS7, a decades-old feature of the global cellular telecommunications system, which allows cellular providers to provide service to mobile phone users as they travel internationally. The SS7 system allows a mobile phone registered in a specific country to be used from a different country, and its user to be charged for the service. But to do so with accuracy, the SS7 system enables the service provider to track the owner of the device being charged for the phone call. This is done through what is known in cellular telecommunications parlance as a Provide Subscriber Location, or PSL, request.

According to The Guardian, Saudi cellular telecommunications providers have been making “excessive use” of PSLs in recent years. This indicates possible attempts to track the physical movements of Saudi cell mobile phone users who are traveling to the United States, and possibly other countries. The paper said that millions of PSLs were filed by Saudi Arabia in a one-month period in November of 2019. There is no telling how long this alleged surveillance operation has been going on, and in how many countries.

The paper also said that Ron Wyden, a Democratic senator from the US state of Oregon, who is a member of the Senate’s powerful Committee on Intelligence, has written to the Federal Communications Commission (FCC) about the privacy vulnerabilities of the SS7 system. However, the FCC has taken no action on the matter.

Author: Ian Allen | Date: 30 March 2020 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , , , ,

Google removes Iranian government’s COVID-19 app amidst claims of espionage

March 10, 2020 by Leave a comment

Iran Ministry of Health and Medical EducationAn Android application developed by the Iranian government to assist in coordinating the country’s response to the COVID-19 epidemic has been removed by Google amidst accusations that it may be used to track Iranian dissidents. The application, named AC19, was released several days ago by Iran’s Ministry of Health and Medical Education. Its release was announced through a text message sent by the Iranian government to every mobile telephone subscriber in the country. The text message urged citizens to download the application through a dedicated website or third-party app stores, including the Google Play Store. Millions have since done so.

The purpose of AC19 is to help coordinate the nationwide response to COVID-19, known as coronavirus, in a country that is experiencing one of the world’s most prolific outbreaks of the disease. App users can register using their unique phone number and determine whether their flu-like symptoms resemble those of COVID-19. The app’s developers argue that it can help keep people from flooding local hospitals throughout the country, which are already overwhelmed.

But some users have raised concerns that the app also requests access to the real-time geolocation data of users, which it then stores in remote databases. As technology news website ZDNet reports, some have accused the government in Tehran of using the AC19 app in order to track the movements of citizens. An expert consulted by ZDNet to examine the app’s technical details said that it did not appear to contain unusually intrusive features or functions.

However, the company used to develop the app, called Smart Land Strategy, has previously built apps that, according to ZDNet, were used by the Iranian intelligence services and were subsequently removed from the Google Play Store. Some Iranians claim that, given the connection between AC19 and Smart Land Strategy, it is possible that the new app may be used in the future by the Iranian government to spy on citizens, despite the fact that it may be presently useful in efforts to contain the COVID-19 epidemic.

The app continues to be available through Iranian government websites and app sites other than Google’s.

Author: Ian Allen | Date: 10 March 2020 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , ,

WhatsApp sues Israeli firm for enabling spy attacks on 1,400 users worldwide

November 1, 2019 by 3 Comments

NSO GroupThe Facebook-owned company WhatsApp has filed a lawsuit against a leading Israeli technology firm, accusing it of enabling governments around the world to spy on 1,400 high-profile users, including politicians and diplomats. The Reuters news agency said it spoke to “people familiar” with the investigation into the spy scandal, which it says was launched “earlier this year”.

What is interesting about the case, says Reuters, is that a “significant” proportion of the hundreds of WhatsApp users who were targeted by governments worldwide are “high profile” officials. The victims reportedly serve in various government agencies, including the armed forces, of at least 20 countries on five continents. They allegedly include politicians, diplomats, military officers, academics, journalists, lawyers and human-rights activists in countries such as the United States, India, Mexico, Bahrain, the United Arab Emirates and Pakistan.

WhatsApp alleges that the spy activities against these individuals were enabled by NSO Group, an Israeli software development company that specializes in surveillance technologies. The Facebook-owned company alleges that NSO Group specifically developed a hacking platform that allows its users to exploit flaws in WhatsApp’s servers in order to gain access to the telephone devices of targeted individuals. At least 1,400 of WhatsApp’s users had their telephones compromised between April 29 and May 10, 2019, says WhatsApp.

NSO Group, whose clientele consists exclusively of government agencies worldwide, denies any wrongdoing. The company claims that its products are designed to “help governments catch terrorists and criminals”, says Reuters. But WhatsApp and Citizen Lab, a research initiative based at the University of Toronto, which worked with WhatsApp on the NGO Group case, claim that at least 100 of the 1,400 victims were news journalists, political activists and the lawyers who defend them. There was no overlap between ongoing criminal or terrorism investigations and those targeted by NSO Group’s software, they claim.

The names on the list of espionage victims are not known. But Reuters said that, depending on how high-profile the victims are, the WhatsApp-NSO Group spy scandal could have worldwide political and diplomatic consequences.

Author: Joseph Fitsanakis | Date: 01 November 2019 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , ,

Israel planted surveillance devices targeting Trump, claims report

September 13, 2019 by 4 Comments

White HouseThe intelligence services of Israel planted surveillance devices around the White House in an attempt to spy on United States President Donald Trump and his senior advisors, according to a report published on Thursday. The report, authored by Politico’s Daniel Lippman, cited three former US officials with knowledge on the matter, “several of whom served in top intelligence and national security posts”, it said.

According to Politico, the Israelis planted International Mobile Subscriber Identity (IMSI) catchers —known in technical-surveillance lingo as “StingRays” after a leading hardware brand. StingRay devices are designed to simulate the activity of legitimate cell towers in order to trick cell phones into communicating with them. That allows StingRay users to monitor the physical whereabouts of targeted cell phones. Some of the more expensive Stingray models can intercept the actual content of telephone conversations and can even plant Trojans on the compromised phones of unsuspecting users.

Politico said that the StingRays found around the White House were of the highest technical sophistication, and were “likely intended” to spy on President Trump, his senior advisers and other close associates. Politico said it had no information on whether the attempt was successful. The spy devices were detected by the Department of Homeland Security (DHS) in 2017 and acknowledged by US government officials in 2018. Senior American intelligence officials allegedly told Politico that an exhaustive two-year investigation into the matter showed “with confidence [that] the Israelis were responsible” for the StingRays.

The investigation was led by the counterintelligence division of the Federal Bureau of Investigation with the help of the DHS and the Secret Service. The National Security Agency and the Central Intelligence Agency are also known to assist such counterintelligence investigations. The devices were disassembled and their technical specifications were carefully inspected to assess their history and origins. Investigators reportedly concluded that very few countries have the technical and financial capabilities to build and plant such devices in the US, and that Israel was the most likely culprit.

Politico also said that some intelligence officials are unhappy about the Trump administration’s lack of response to the alleged spying by Israel. According to the officials, the White House did not file a protest —either publicly or privately— with the Israeli government, and “there were no consequences for Israel’s behavior”.  On Thursday afternoon, the US president voiced skepticism when asked by reporters about the Politico report: “I really would find that hard to believe”, said Trump, adding that his “relationship with Israel has been great”. Meanwhile the office of the Israeli Prime Minister Benjamin Netanyahu dismissed the Politico report as “a blatant lie” and noted that Israel’s spy services had “a directive from the Israeli government not to engage in any intelligence operations in the US”.

Author: Joseph Fitsanakis | Date: 13 September 2019 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , ,

Trump’s use of unsecured iPhone worries White House officials

October 25, 2018 by 2 Comments

Donald TrumpOfficials in the White House are concerned about President Donald Trump’s insistence on using an unsecured iPhone to communicate with friends and associates, despite warnings that foreign spies may be listening in. Prior to being elected president, Trump used an Android phone, made by Google, which the NSA advised him to abandon due to security concerns. That is when he switched to using iPhones. Since his election to the presidency, Trump has routinely used three iPhone cell phones. He uses one of them to access a limited list of authorized applications, including Twitter. He uses the second iPhone for phone calls, but cannot use it to send texts, take pictures, or download and install applications. Both of these iPhones have been vetted and secured by the National Security Agency (NSA).

But The New York Times said on Wednesday that, despite the advice of the NSA, the US president continues to use a third iPhone, which is his personal device. The newspaper cited “current and former American officials” who said that the president’s third iPhone has not been secured by the NSA, and is thus “no different from hundreds of millions of iPhones in use around the world”. Trump uses that third iPhone to call many of his old friends and associates. The president has been repeatedly warned, sources said, to abandon the use of his unsecured third iPhone. Moreover, US intelligence agencies have confirmed that Chinese, Russian, and possibly other spy agencies have been “routinely eavesdropping” on the US president’s calls made on his personal iPhone.

To some extent, Trump has heeded the advice of his intelligence agencies in recent months and has begun to rely on his secure White House landline to make important calls, thus avoiding cell phones altogether. But he refuses to give up use of his iPhones, despite repeated warnings by the NSA, sources told The Times. They added that “they can only hope [Trump] refrains from discussing classified information when he is on them”. The president’s use of unsecured phone devices adds to what sources described as “frustration” with his “casual approach” to communications security. In July of this year, Nada Bakos, a 20-year veteran of the Central Intelligence Agency, said in an editorial that President Trump’s “Twitter feed is a gold mine for every foreign intelligence agency”. The CIA veteran described Trump’s use of social media is too impulsive and potentially dangerous from a national-security perspective.

Author: Joseph Fitsanakis | Date: 25 October 2018 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , ,

Iran spied on ISIS supporters through fake phone wallpaper app, say researchers

September 14, 2018 by 1 Comment

Cell Phone - IASupporters of the Islamic State, most of them Persian speakers, were spied on by the government of Iran after they downloaded a fake smartphone application with wallpaper images, according to an online security firm. Iran is a major adversary of the radical Sunni group Islamic State. The latter considers Shiism (Iran’s state religion) as an abomination. Not surprisingly, therefore, the Islamic State, which is also known as the Islamic State of Iraq and Syria (ISIS), relies largely on supporters from the Arabic-speaking regions of the Levant. But according to estimates, Sunnis constitute about 10 percent of Iran’s population, and ISIS has found some fertile ground among Iran’s 8 million-strong Sunni minority. As a result, the government in Tehran is highly mistrustful of Iranian Sunnis, many of whom are ethnic Kurds, Baluchis, Azeris or Turkomans, and systematically spies on them.

According to the Israeli online security firm Check Point Software Technologies, one way in which Tehran has spied on Persian-speaking ISIS supporters is through fake smartphone applications. In an article published last week, the company said it had uncovered a state-sponsored surveillance operation that it had codenamed “Domestic Kitten”. The Check Point article said that the operation had gone on for more than two years, but had remained undetected “due to the artful deception of its attackers towards their targets”. The surveillance of targeted phones was carried out with the help of an application that featured pro-ISIS-themed wallpapers, which users could download on their devices. Yet another program linked to the same vendor was a fake version of the Firat News Agency mobile phone application. The Firat News Agency is a legitimate Iranian information service featuring news about Iran’s Kurdish minority. But both applications were in fact malware that gave a remote party full access to all text messages sent or received on the compromised phones. They also gave a remote party access to records of phone calls, Internet browser activity and bookmarks, and all files stored on the compromised phones. Additionally, the fake applications gave away the geo-location of compromised devices, and used their built-in cameras and microphones as surveillance devices.

Check Point said that the majority of compromised phones belonged to Persian-speaking members of Iran’s Kurdish and Turkoman minorities. The company stressed that it was not able to confirm the identity of the sponsoring party with absolute accuracy. However, the nature of the fake applications, the infrastructure of the surveillance operation, as well as the identities of those targeted, posed a strong possibility that “Domestic Kitten” was sponsored by the government of Iran, it concluded. Last July, the American cyber security firm Symantec said that it had uncovered a new cyber espionage group called “Leafminer”, which was allegedly sponsored by the Iranian state. The group had reportedly launched attacks on more than 800 agencies and organizations in in countries such as Israel, Egypt, Bahrain, Qatar, Kuwait, the United Arab Emirates, Afghanistan and Azerbaijan.

Author: Ian Allen | Date: 14 September 2018 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , ,

Most government hackers now target cell phones, not computers, experts say

June 8, 2018 by Leave a comment

Cell Phone - IAThe majority of government-sponsored hacking now targets cell phones, not personal computers, according to researchers who say that political dissidents are especially targeted by totalitarian regimes around the world. Until 2015, most government-sponsored hacking operations were directed against the personal computers of targeted individuals. However, experts tell The Wall Street Journal that as of this year cell phones have become a far more lucrative target than personal computers in government-sponsored hacking operations. Researchers with Lookout Mobile Security, a security software company based in the United States, say that detected phone-hacking operations that are believed to be sponsored by governments have increased by a factor of 10 in the first five months of this year, compared to 2015.

According to Lookout, the increase in hacking operations targeting mobile phones reflects the proliferation of smartphone usage around the world, as well as the increase in consumption of cell phone software. Government-sponsored hackers usually compromise their targets’ cell phones through malicious software disguised as cell phone applications. The Wall Street Journal also reports that the software needed to build malicious software for cell phones has become cheaper and more readily available. Compromising a target’s cell phone provides hackers with information that is far more personal and sensitive than what can be found on a personal computer. The paper quotes Mike Murray, Lookout’s vice president of security research, who says: “It is one thing to compromise someone’s computer. It’s another thing to have a listening device that they carry around with them 24 hours a day”. Compromised phones become immensely powerful espionage tools, explains Murray.

Many of the individuals whose cell phones are targeted by governments are activists or dissidents who campaign for political or economic reforms in their countries. Their cell phones are targeted in systematic hacking campaigns by countries like Ethiopia, the United Arab Emirates, Cambodia, and Mexico, said Lookout. The Wall Street Journal cites Raj Samani, chief scientist for the antivirus firm McAfee, who claims that nearly 11 percent of cell phones worldwide were infected with some kind of malware in 2017. That statistic is likely to rise significantly by the end of 2018, says Samani.

Author: Ian Allen | Date: 08 June 2018 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , ,

Spy collection program using fake mobile phone apps linked to Pakistani military

May 22, 2018 by 2 Comments

Cellular telephoneThe Pakistani military is suspected of having orchestrated a lucrative intelligence collection campaign using mobile phones, which targeted diplomats from India, Israel and Australia, as well as from North Atlantic Treaty Organization (NATO) member countries such as the United States and Britain. Others targeted in the operation include officials from Iraq, Iran and the United Arab Emirates. News of the alleged spy operation was published earlier this month by Lookout Mobile Security, a security software company based in the United States.

The company said that the perpetrators of the operation managed to hack into a number of diplomats’ phones by creating a number of fake applications for Android and iOS mobile phone systems. The applications, called Tangelo (for iOS) and Stealth Mango (for Android), took control of mobile phone devices once their owners downloaded them through fake third-party app stores advertising online. According to Lookout, the two apps were designed by a consortium of freelance software developers who have close links with the Pakistani military establishment. The technical report published by Lookout points to the use of IP addresses that lead to a server housed in Pakistan’s Ministry of Education in the country’s capital, Islamabad. Lookout also said that it managed to trace the identity of the person who was the main developer of the two fake mobile phone applications. He is reportedly a full-time government employee who “moonlights as a mobile app developer”. The group that built the fake apps is known for creating legitimate apps, said Lookout, but also works for hire creating surveillanceware for mobile phone systems. In the past, the same group has been found to target military and civilian government officials in India, according to Lookout.

In its technical report, the Lookout security team describes how the Pakistani hackers collected a variety of data from their victims, by having it stealthily transmitted from compromised mobile phones to servers in Islamabad. The data included photos and videos, lists of contacts, logs of phone calls and texts, as well as detailed calendar entries. German and Australian diplomats had their travel plans stolen, and a letter from the United States Central Command to Afghanistan’s assistant minister of defense for intelligence was also acquired by the hackers. The latter also gained access to the contents of an entire database of pictures of traveler passports —many of them diplomatic— from the Kandahar International Airport in southern Afghanistan. The report said it was impossible to know for certain when Tangelo and Stealth Mango were first developed and utilized. However, the most recent version of the apps was released in April of this year.

Author: Joseph Fitsanakis | Date: 22 May 2018 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , ,

Joint US-Iraqi intelligence operation used cell phone app to trap senior ISIS figures

May 11, 2018 by Leave a comment

Abu Bakr al-BaghdadiAn joint operation conducted by American and Iraqi intelligence officers employed a popular messaging app on the phone of a captured Islamic State commander to apprehend four very senior figures in the organization, according to reports. The Reuters news agency said on Thursday that the ambitious intelligence operation began in February, when Turkish authorities captured a close aide to Abu Bakr al-Baghdadi, the Iraqi-born leader of the group known as Islamic State of Iraq and Syria (ISIS). According to Hisham al-Hashimi, security advisor to the government of Iraq, the ISIS aide was Ismail al-Eithawi, also known by his alias, Abu Zaid al-Iraqi. Iraqi officials claim that al-Eithawi was appointed by al-Baghdadi to handle the secret transfer of ISIS funds to bank accounts around the world.

It appears that al-Eithawi had managed to escape to Turkey when the United States-led coalition shattered ISIS’ self-proclaimed caliphate. But he was captured by Turkish counterterrorism forces and handed over to Iraqi authorities. Baghdad then shared the contents of al-Eithawi’s cell phone with US intelligence officers. The latter were able to help their Iraqi counterparts utilize the popular messaging app WhatsApp, a version of which was installed on al-Eithawi’s cell phone. According to al-Hashimi, the Iraqis and Americans made it seem like al-Eithawi was calling an emergency face-to-face meeting between senior ISIS commanders in the area. But when these Syria-based commanders crossed into Iraq to meet in secret, they were captured by Iraqi and American forces.

According to al-Hashimi, those captured include a Syrian and two Iraqi ISIS field commanders. More importantly, they include Saddam Jamal, a notorious ISIS fighter who rose through the ranks to become the organization’s governor of the Euphrates’ region, located on Syria’s east. Al-Hashimi told reporters on Thursday that Jamal and al-Eithawi were the most senior ISIS figures to have ever been captured alive by US-led coalition forces. The Iraqi government advisor also said that al-Eithawi’s captors were able to uncover a treasure trove of covert bank accounts belonging to ISIS, as well as several pages of secret communication codes used by the militant group.

Author: Joseph Fitsanakis | Date: 11 May 2018 | Permalink

Filed under A specialized intelligence website written by experts, since 2008 Tagged with , , , , , , , , ,

Older posts