industryterm:surveillance software

Undercover agents target cybersecurity watchdog who detailed Israeli firm NSO’s link to #Khashoggi scandal
Haaretz.Com
▻https://www.haaretz.com/misc/article-print-page/.premium-undercover-agents-target-watchdog-who-detailed-israeli-firm-nso-s-

Operatives with fake identities are pursuing members of #Citizen_Lab, the group that uncovered the connection between Jamal Khashoggi’s murder and Israel’s surveillance company #NSO
The Associated Press | Jan. 26, 2019 | 4:19 PM

The researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi’s inner circle before his gruesome death are being targeted in turn by international undercover operatives, The Associated Press has found.

Twice in the past two months, men masquerading as socially conscious investors have lured members of the Citizen Lab internet watchdog group to meetings at luxury hotels to quiz them for hours about their work exposing Israeli surveillance and the details of their personal lives. In both cases, the researchers believe they were secretly recorded.

Citizen Lab Director Ron Deibert described the stunts as “a new low.”

“We condemn these sinister, underhanded activities in the strongest possible terms,” he said in a statement Friday. “Such a deceitful attack on an academic group like the Citizen Lab is an attack on academic freedom everywhere.”

Who these operatives are working for remains a riddle, but their tactics recall those of private investigators who assume elaborate false identities to gather intelligence or compromising material on critics of powerful figures in government or business.

Citizen Lab, based out of the Munk School of Global Affairs at the University of Toronto, has for years played a leading role in exposing state-backed hackers operating in places as far afield as Tibet , Ethiopia and Syria . Lately the group has drawn attention for its repeated exposés of an Israeli surveillance software vendor called the NSO Group, a firm whose wares have been used by governments to target journalists in Mexico , opposition figures in Panama and human rights activists in the Middle East .

In October, Citizen Lab reported that an iPhone belonging to one of Khashoggi’s confidantes had been infected by the NSO’s signature spy software only months before Khashoggi’s grisly murder. The friend, Saudi dissident Omar Abdulaziz, would later claim that the hacking had exposed Khashoggi’s private criticisms of the Saudi royal family to the Arab kingdom’s spies and thus “played a major role” in his death.

In a statement, NSO denied having anything to do with the undercover operations targeting Citizen Lab, “either directly or indirectly” and said it had neither hired nor asked anyone to hire private investigators to pursue the Canadian organization. “Any suggestion to the contrary is factually incorrect and nothing more than baseless speculation,” NSO said.

NSO has long denied that its software was used to target Khashoggi, although it has refused to comment when asked whether it has sold its software to the Saudi government more generally.

The first message reached Bahr Abdul Razzak, a Syrian refugee who works as a Citizen Lab researcher, Dec. 6, when a man calling himself Gary Bowman got in touch via LinkedIn. The man described himself as a South African financial technology executive based in Madrid.

“I came across your profile and think that the work you’ve done helping Syrian refugees and your extensive technical background could be a great fit for our new initiative,” Bowman wrote.

Abdul Razzak said he thought the proposal was a bit odd, but he eventually agreed to meet the man at Toronto’s swanky Shangri-La Hotel on the morning of Dec. 18.

The conversation got weird very quickly, Abdul Razzak said.

Instead of talking about refugees, Abdul Razzak said, Bowman grilled him about his work for Citizen Lab and its investigations into the use of NSO’s software. Abdul Razzak said Bowman appeared to be reading off cue cards, asking him if he was earning enough money and throwing out pointed questions about Israel, the war in Syria and Abdul Razzak’s religiosity.

“Do you pray?” Abdul Razzak recalled Bowman asking. “Why do you write only about NSO?” ’’Do you write about it because it’s an Israeli company?" ’’Do you hate #Israel?"

Abdul Razzak said he emerged from the meeting feeling shaken. He alerted his Citizen Lab colleagues, who quickly determined that the breakfast get-together had been a ruse. Bowman’s supposed Madrid-based company, FlameTech, had no web presence beyond a LinkedIn page, a handful of social media profiles and an entry in the business information platform Crunchbase. A reverse image search revealed that the profile picture of the man listed as FlameTech’s chief executive, Mauricio Alonso, was a stock photograph.

“My immediate gut feeling was: ’This is a fake,’” said John Scott-Railton, one of Abdul Razzak’s colleagues.

Scott-Railton flagged the incident to the AP, which confirmed that FlameTech was a digital facade.

Searches of the Orbis database of corporate records, which has data on some 300 million global companies, turned up no evidence of a Spanish firm called FlameTech or Flame Tech or any company anywhere in the world matching its description. Similarly, the AP found no record of FlameTech in Madrid’s official registry or of a Gary Bowman in the city’s telephone listings. An Orbis search for Alonso, the supposed chief executive, also drew a blank. When an AP reporter visited Madrid’s Crystal Tower high-rise, where FlameTech claimed to have 250 sq. meters (2,700 sq. feet) of office space, he could find no trace of the firm and calls to the number listed on its website went unanswered.

The AP was about to publish a story about the curious company when, on Jan. 9, Scott-Railton received an intriguing message of his own.

This time the contact came not from Bowman of FlameTech but from someone who identified himself as Michel Lambert, a director at the Paris-based agricultural technology firm CPW-Consulting.

Lambert had done his homework. In his introductory email , he referred to Scott-Railton’s early doctoral research on kite aerial photography — a mapping technique using kite-mounted cameras — and said he was “quite impressed.

We have a few projects and clients coming up that could significantly benefit from implementing Kite Aerial Photography,” he said.

Like FlameTech, CPW-Consulting was a fiction. Searches of Orbis and the French commercial court registry Infogreffe turned up no trace of the supposedly Paris-based company or indeed of any Paris-based company bearing the acronym CPW. And when the AP visited CPW’s alleged office there was no evidence of the company; the address was home to a mainly residential apartment building. Residents and the building’s caretaker said they had never heard of the firm.

Whoever dreamed up CPW had taken steps to ensure the illusion survived a casual web search, but even those efforts didn’t bear much scrutiny. The company had issued a help wanted ad, for example, seeking a digital mapping specialist for their Paris office, but Scott-Railton discovered that the language had been lifted almost word-for-word from an ad from an unrelated company seeking a mapping specialist in London. A blog post touted CPW as a major player in Africa, but an examination of the author’s profile suggests the article was the only one the blogger had ever written.

When Lambert suggested an in-person meeting in New York during a Jan. 19 phone call , Scott-Railton felt certain that Lambert was trying to set him up.

But Scott-Railton agreed to the meeting. He planned to lay a trap of his own.

Anyone watching Scott-Railton and Lambert laughing over wagyu beef and lobster bisque at the Peninsula Hotel’s upscale restaurant on Thursday afternoon might have mistaken the pair for friends.

In fact, the lunch was Spy vs. Spy. Scott-Railton had spent the night before trying to secret a homemade camera into his tie, he later told AP, eventually settling for a GoPro action camera and several recording devices hidden about his person. On the table, Lambert had placed a large pen in which Scott-Railton said he spotted a tiny camera lens peeking out from an opening in the top.

Lambert didn’t seem to be alone. At the beginning of the meal, a man sat behind him, holding up his phone as if to take pictures and then abruptly left the restaurant, having eaten nothing. Later, two or three men materialized at the bar and appeared to be monitoring proceedings.

Scott-Railton wasn’t alone either. A few tables away, two Associated Press journalists were making small talk as they waited for a signal from Scott-Railton, who had invited the reporters to observe the lunch from nearby and then interview Lambert near the end of the meal.

The conversation began with a discussion of kites, gossip about African politicians, and a detour through Scott-Railton’s family background. But Lambert, just like Bowman, eventually steered the talk to Citizen Lab and NSO.

“Work drama? Tell me, I like drama!” Lambert said at one point, according to Scott-Railton’s recording of the conversation. “Is there a big competition between the people inside Citizen Lab?” he asked later.

Like Bowman, Lambert appeared to be working off cue cards and occasionally made awkward conversational gambits. At one point he repeated a racist French expression, insisting it wasn’t offensive. He also asked Scott-Railton questions about the Holocaust, anti-Semitism and whether he grew up with any Jewish friends. At another point he asked whether there might not be a “racist element” to Citizen Lab’s interest in Israeli spyware.

After dessert arrived, the AP reporters approached Lambert at his table and asked him why his company didn’t seem to exist.
He seemed to stiffen.

“I know what I’m doing,” Lambert said, as he put his files — and his pen — into a bag. Then he stood up, bumped into a chair and walked off, saying “Ciao” and waving his hand, before returning because he had neglected to pay the bill.

As he paced around the restaurant waiting for the check, Lambert refused to answer questions about who he worked for or why no trace of his firm could be found.

“I don’t have to give you any explanation,” he said. He eventually retreated to a back room and closed the door.

Who Lambert and Bowman really are isn’t clear. Neither men returned emails, LinkedIn messages or phone calls. And despite their keen focus on NSO the AP has found no evidence of any link to the Israeli spyware merchant, which is adamant that it wasn’t involved.

The kind of aggressive investigative tactics used by the mystery men who targeted Citizen Lab have come under fire in the wake of the Harvey Weinstein sexual abuse scandal. Black Cube, an Israeli private investigation firm apologized after The New Yorker and other media outlets revealed that the company’s operatives had used subterfuge and dirty tricks to help the Hollywood mogul suppress allegations of rape and sexual assault.

Scott-Railton and Abdul Razzak said they didn’t want to speculate about who was involved. But both said they believed they were being steered toward making controversial comments that could be used to blacken Citizen Lab’s reputation.

“It could be they wanted me to say, ’Yes, I hate Israel,’ or ’Yes, Citizen Lab is against NSO because it’s Israeli,’” said Abdul Razzak.
Scott-Railton said the elaborate, multinational operation was gratifying, in a way.

“People were paid to fly to a city to sit you down to an expensive meal and try to convince you to say bad things about your work, your colleagues and your employer,” he said.

“That means that your work is important.”

Hacking a Prince, an Emir and a Journalist to Impress a Client - The New York Times

With Israel help

▻https://www.nytimes.com/2018/08/31/world/middleeast/hacking-united-arab-emirates-nso-group.html?imp_id=299442091&action=click&m

The lawsuits also shed new light on the political intrigues involving Israel and the Persian Gulf monarchies, which have increasingly turned to hacking as a favorite weapon against one another.
Image
The NSO Group’s actions are now at the heart of the twin lawsuits accusing the company of actively participating in illegal spying.CreditDaniella Cheslow/Associated Press
The U.A.E. does not recognize Israel, but the two appear to have a growing behind-the-scenes alliance. Because Israel deems the spyware a weapon, the lawsuits note, the NSO Group and its affiliates could have sold it to the Emirates only with approval by the Israeli Defense Ministry.

Leaked emails submitted in the lawsuits show that the U.A.E. signed a contract to license the company’s surveillance software as early as August 2013.
ADVERTISEMENT

A year and a half later, a British affiliate of the NSO Group asked its Emirati client to provide a sixth payment of $3 million under the original contract, suggesting a total licensing fee of at least $18 million over that period.

An update the next year was sold through a different affiliate, based in Cyprus, at a cost of $11 million in four installments, according to leaked invoices.

Tensions between the U.A.E. and its neighbor Qatar reached a boil in 2013 over a struggle for power in Egypt. Qatar had allied itself with the Egyptian Islamist movement that won the elections after the Arab Spring. Then the U.A.E. backed a military takeover that cast the Islamists into prison instead.

In the escalating feud, each side accused the other of cyberespionage. Hackers broke into the email accounts of two outspoken opponents of Qatar — the Emirati ambassador to Washington, Yousef al-Otaiba, and an American Republican fund-raiser who does business with the U.A.E., Elliott Broidy. Mr. Broidy has filed a separate lawsuit accusing Qatar and its Washington lobbyists of conspiring to steal and leak his emails.

Other hackers briefly took over the website of the Qatari news service to post a false report of an embarrassing speech by the emir to damage him, and later leaked Qatari emails exposing awkward details of Qatari negotiations over the release of a royal hunting party kidnapped in Iraq. Allies of Qatar blamed the Emiratis.

The leaked emails disclosed in the new lawsuits may also have been stolen through hacking. Lawyers involved said the documents were provided by a Qatari journalist who did not disclose how he had obtained them.

The messages show that the Emiratis were seeking to intercept the phone calls of the emir of Qatar as early as 2014.
ADVERTISEMENT

But the Emirati target list also included Saudi Arabia. In the email discussions about updating the NSO Group’s technology, the Emiratis asked to intercept the phone calls of a Saudi prince, Mutaib bin Abdullah, who was considered at the time to be a possible contender for the throne.

The Emiratis have been active promoters of Prince Mutaib’s younger rival, Crown Prince Mohammed bin Salman. Last year, the crown prince removed Prince Mutaib from his role as minister of the national guard and ordered his temporary detention in connection with corruption allegations.

In a telephone interview, Prince Mutaib expressed surprise that the Emiratis had attempted to record his calls.

“They don’t need to hack my phone,” he said. “I will tell them what I am doing.”

According to the emails, the Emiratis also asked to intercept the phone calls of Saad Hariri, who is now prime minister of Lebanon.

Mr. Hariri has sometimes been accused of failing to push back hard enough against Hezbollah, the powerful Lebanese movement backed by Iran. Last year, the U.A.E.’s Saudi ally, Crown Prince Mohammed, temporarily detained Mr. Harari in Riyadh, the Saudi capital, and forced him to announce his resignation as prime minister. (He later rescinded the announcement, and he remains prime minister.)

Mr. Alkhamis, who resigned in 2014 as the editor of the London-based newspaper Al Arab, called the surveillance of his phone calls “very strange” but not unexpected, since he had published “sensitive” articles about Persian Gulf politics.

The U.A.E.’s use of the NSO Group’s spyware was first reported in 2016. Ahmed Mansoor, an Emirati human rights advocate, noticed suspicious text messages and exposed an attempt to hack his Apple iPhone. The U.A.E. arrested him on apparently unrelated charges the next year and he remains in jail.

Spyware Company Leaves ‘Terabytes’ of Selfies, Text Messages, and Location Data Exposed Online
▻https://motherboard.vice.com/en_us/article/9kmj4v/spyware-company-spyfone-terabytes-data-exposed-online-leak

A company that sells surveillance software to parents and employers left “terabytes of data” including photos, audio recordings, text messages and web history, exposed in a poorly-protected Amazon S3 bucket. This story is part of When Spies Come Home, a Motherboard series about powerful surveillance software ordinary people use to spy on their loved ones. A company that markets cell phone spyware to parents and employers left the data of thousands of its customers—and the information of the (...)

#smartphone #Spyfone #spyware #hacking

https://video-images.vice.com/articles/5b7dbd373a486d000782f09d/lede/1534970964486-shutterstock_1062320105.jpeg

The NSA hides surveillance software in hard drives

▻http://www.engadget.com/2015/02/16/hard-drive-spyware

Security researchers at #Kaspersky Lab have discovered apparently state-created #spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible — all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn’t sitting in regular storage, so you can’t easily get rid of it or even detect it.

▻http://www.kaspersky.com/about/news/virus/2015/Equation-Group-The-Crown-Creator-of-Cyber-Espionage

GReAT has been able to recover two modules which allow reprogramming of the hard drive firmware of more than a dozen of the popular HDD brands. This is perhaps the most powerful tool in the Equation group’s arsenal and the first known malware capable of infecting the hard drives.

By reprogramming the hard drive firmware (i.e. rewriting the hard drive’s operating system), the group achieves two purposes:

1. An extreme level of persistence that helps to survive disk formatting and OS reinstallation. If the malware gets into the firmware, it is available to “resurrect” itself forever. It may prevent the deletion of a certain disk sector or substitute it with a malicious one during system boot.
“Another dangerous thing is that once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware. To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware” – warns Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky Lab.

2. The ability to create an invisible, persistent area hidden inside the hard drive. It is used to save exfiltrated information which can be later retrieved by the attackers. Also, in some cases it may help the group to crack the encryption: “Taking into account the fact that their #GrayFish implant is active from the very boot of the system, they have the ability to capture the encryption password and save it into this hidden area,” explains Costin Raiu.

#GReAT (Global Research and Analysis Team)
#malware

FBI pressures Internet providers to install surveillance software | Politics and Law - CNET News
▻http://news.cnet.com/8301-13578_3-57596791-38/fbi-pressures-internet-providers-to-install-surveillance-software

CNET has learned the FBI has developed custom “port reader” software to intercept Internet metadata in real time. And, in some cases, it wants to force Internet providers to use the software.

#Etats_Unis #FBI #Big_brother #Internet #surveillance #vie_privée

36 governments (including Canada’s) are now using sophisticated software to spy on their citizens - Quartz
▻http://qz.com/80153/36-countries-now-use-finfishers-governmental-it-intrusion-and-remote-monitoring-

▻http://qzprod.files.wordpress.com/2013/05/theireyesmap-web.jpg?w=880

A new report from Citizen Lab, a Canadian research center, shows surveillance software sold by FinFisher, a “governmental IT intrusion” company owned by the UK-registered Gamma International, is now active in 36 countries. That’s up from the 25 countries reported two months ago.

Gamma’s product, which it sells exclusively to governments, infects computers and mobile phones through devious means. These include posing as Mozilla Firefox and the (frankly quite elegant) ruse of using a “right-to-left override,” which is typically used to render writing in Arabic but can work in any language. This helps it foil users trained to look out for suspicious file extensions by hiding, say, an “.exe,” and making the file appear to be an image with a .jpg extension instead.

Once the file has been installed on a machine, the “command-and-control server,” which does exactly what it sounds like it would, can be used to monitor the infected computer.
...

Gamma is far from the only such company. Governmental surveillance is a thriving market—worth about $5 billion annually, according to the Wall Street Journal. Firms such as the German Trovicor and Vupen, from France, also deal in “government grade exploits.”

The business is necessarily discreet, but it’s still legitimate. The use of such software is legal in many countries. None of which makes a presentation called “Governmental IT Intrusion: Applied Hacking Techniques Used by Governments” any less creepy.

Des compagnies liées au renseignement, aux militaires (mercenaires) ont des comptes offshore : Nominee Directors Linked to Intelligence, Military
▻http://www.icij.org/offshore/nominee-directors-linked-intelligence-military

Companies making use of offshore secrecy include firm that supplied surveillance software used by repressive regimes.

A number of so-called nominee directors of companies registered in the British Virgin Islands (BVI) have connections to military or intelligence activities, an investigation has revealed.

D’accord, on s’en doutait, mais comme une bonne partie des leaks, c’est bien d’avoir des faits confirmés. #offshore_leaks

Offshore company directors’ links to military and intelligence revealed
►http://www.guardian.co.uk/uk/2012/nov/28/offshore-company-directors-military-intelligence

Companies making use of offshore secrecy include firm that supplied surveillance software used by repressive regimes

#paradis_fiscaux #surveillance

Torture in Bahrain Becomes Routine With Help From Nokia Siemens - Bloomberg
►http://www.bloomberg.com/news/2011-08-22/torture-in-bahrain-becomes-routine-with-help-from-nokia-siemens-networkin

“It was amazing,” he says of the messages they obtained. “How did they know about these?”

The answer: Computers loaded with Western-made surveillance software generated the transcripts wielded in the interrogations described by Al Khanjar and scores of other detainees whose similar treatment was tracked by rights activists, Bloomberg Markets magazine reports in its October issue.

The spy gear in Bahrain was sold by Siemens AG (SIE), and maintained by Nokia Siemens Networks and NSN’s divested unit, Trovicor GmbH, according to two people whose positions at the companies gave them direct knowledge of the installations. Both requested anonymity because they have signed nondisclosure agreements. The sale and maintenance contracts were also confirmed by Ben Roome, a Nokia Siemens spokesman based in Farnborough, England.