Lebanese spy agency used Android app to spy on thousands, say researchers

GDGS EFF LookoutThe spy agency of Lebanon used a virus designed for the Android mobile operating system to compromise the cell phones of thousands of people in at least 20 countries, according to a new mobile security report. The 50-page report was published on Thursday by a team of researchers from Lookout, a mobile security company, and the Electronic Frontier Foundation in Washington, DC. In an accompanying press release, the researchers said that the virus, which they named Dark Caracal, has been in existence for at least six years. They added that it was traced to a building in Beirut belonging to the General Directorate of General Security (GDGS), Lebanon’s primary external intelligence agency.

According to the Lookout/EFF research team, the trojanized phone application was camouflaged as a secure messaging service, resembling popular applications like Signal or WhatsApp. However, once an Android user downloaded it, it gave remote users access to the compromised phone’s cameras and microphone, thus turning it into a bugging device. The virus also stole email and text messages, pins and passwords, lists of contacts, call logs, photographs, as well as video and audio recordings stored on the compromised device. The report states that compromised devices were found in over 20 countries, including Lebanon, France, Canada, the United States and Germany. The majority of those targeted by the virus were civilian and military officials of foreign governments, defense contractors, and employees of manufacturing companies, financial institutions and utility providers.

On Thursday, Reuters contacted Major General Abbas Ibrahim, who serves as director general of GDGS. He insisted that the GDGS is known for collecting intelligence using human sources, not cyber technologies. “General Security does not have these type[s] of capabilities. We wish we had these capabilities”, General Ibrahim told the news agency.

Author: Joseph Fitsanakis | Date: 19 January 2018 | Permalink

Advertisements

News you may have missed #714

Tjostolv Moland and Joshua FrenchBy IAN ALLEN | intelNews.org |
►►British PM urged to intervene in Congo spy case. The mother of Joshua French, who has dual British and Norwegian nationality, and is facing execution in the Democratic Republic of Congo, has urged British Prime Minister David Cameron to ask Congolese authorities to pardon him. French, and his Norwegian friend Tjostolv Moland, were sentenced to death for murder and spying in the vast central African country in 2009. A prison official claimed in August last year that the pair had tried to escape, but their lawyer denies this.
►►Computers of Syrian activists infected with Trojan. Since the beginning of the year, pro-Syrian-government hackers have steadily escalated the frequency and sophistication of their attacks on Syrian opposition activists. Many of these attacks are carried out through Trojans, which covertly install spying software onto infected computers, as well as phishing attacks which steal YouTube and Facebook login credentials. According to the Electronic Frontier Foundation, the latest surveillance malware comes in the form of an extracting file which is made to look like a PDF if users have their file extensions turned off. The PDF purports to be a document concerning the formation of the leadership council of the Syrian revolution and is delivered via Skype message from a known friend.
►►Report claims Australian government spied on anti-coal activists. The leader of the Australian Greens, Bob Brown, says he is outraged at reports that the Australian Security Intelligence Organisation (ASIO) is spying on mining protesters, and says such action is a misuse of the spy agency’s resources. The revelations were reported in Australian newspapers yesterday, and are based on a Freedom of Information request to the Department of Resources, Energy and Tourism that was reportedly rejected because it involved “an intelligence agency document”. The ASIO says it cannot confirm whether it has conducted surveillance of anti-coal protesters, but it says it does not target particular groups or individuals unless there is a security-related reason to do so.

News you may have missed #473

  • Cyprus recognizes Palestine as independent nation. The Israeli assessment is that other European Union countries, including Britain, Sweden, Belgium, Finland, Germany, Denmark, Malta, Luxembourg, Austria and perhaps others are considering a similar move.
  • Top NZ intel scientist had falsified CV. British-born Stephen Wilce was hired as chief of New Zealand’s Defence Technology Agency in 2005, having got top level security clearance. Last year, he had to resign after it emerged that he had made a series of false claims about his past. But the question is how he passed security checks when he applied for the post in 2005.
  • Report uncovers widespread FBI intelligence violations. A new report by the San Francisco-based Electronic Frontier Foundation has found widespread violations in FBI intelligence investigations from 2001 to 2008. The EFF report suggests that FBI intelligence investigations have compromised the civil liberties of Americans to a greater extent than was previously assumed.

US government urged to release data on social networking spying

Facebook

Facebook

By IAN ALLEN | intelNews.org |
An Internet watchdog has filed a court complaint to force the US government to disclose how its law enforcement and spy agencies monitor social networking sites, such as Facebook and Twitter. IntelNews regulars have known since October that the CIA has invested in a private software company specializing in monitoring online social media, such as YouTube, Twitter and Flickr. Additionally, we have previously reported on persistent rumors that the National Security Agency, America’s communications spying outfit, is actively monitoring popular social networking sites in order to make links between individuals and construct maps of who associates with whom. Now the San Francisco-based Electronic Frontier Foundation (EFF) wants to find out the extent to which US intelligence and law enforcement agencies are secretly monitoring social networking sites on the Internet. Read more of this post

News you may have missed #0183

  • Did US Rep. Hoekstra compromise a secret NSA spy program? Rep. Peter Hoekstra (MI), the ranking Republican on the House Intelligence panel, may have inadvertently compromised a sensitive National Security Agency email collection program while commenting on allegedly intercepted emails sent and received by Fort Hood shooter Malik Nadal Hasan.
  • Blog requests readers’ help to examine released documents. Wired magazine’s Threat Level blog has issued a request for readers to help pore over thousands of US government documents relating to the proposed immunity for telephone companies involved in the Bush Administration’s warrantless wiretapping program. The documents were released following a FOIA lawsuit by the Electronic Frontier Foundation.
  • An opportunity in Cuba for CIA field agents? They’d have to pose as McDonald’s restaurant workers.

Bookmark and Share

News you may have missed #0038

Bookmark and Share