Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label surveillance. Show all posts
WhatsApp
New Media Privacy Social Media Spyware surveillance WhatsApp

WhatsApp Says Spyware Company Paragon Hacked 90 Users

WhatsApp Says Spyware Company Paragon Hacked 90 Users

Attempts to censor opposition voices are not new. Since the advent of new media, few Governments and nations have used spyware to keep tabs on the public, and sometimes target individuals that the government considers a threat. All this is done under the guise of national security, but in a few cases, it is aimed to suppress opposition and is a breach of privacy. 

Zero-click Spyware for WhatsApp

One such interesting incident is the recent WhatsApp “zero-click” hacking incident. In a conversation with Reuters, a WhatsApp official disclosed that Israeli spyware company Paragon Solutions was targeting its users, victims include journalists and civil society members. Earlier this week, the official told Reuters that Whatsapp had sent Paragon a cease-and-desist notice after the surveillance hack. In its official statement, WhatsApp stressed it will “continue to protect people's ability to communicate privately."

Paragon refused to comment

According to Reuters, WhatsApp had noticed an attempt to hack around 90 users. The official didn’t disclose the identity of the targets but hinted that the victims belonged to more than a dozen countries, mostly from Europe. WhatsApp users were sent infected files that didn’t require any user interaction to hack their targets, the technique is called the “zero-click” hack, known for its stealth 

“The official said WhatsApp had since disrupted the hacking effort and was referring targets to Canadian internet watchdog group Citizen Lab,” Reuter reports. He didn’t discuss how it was decided that Paragon was the culprit but added that law enforcement agencies and industry partners had been notified, and didn’t give any further details.

FBI didn’t respond immediately

“The FBI did not immediately return a message seeking comment,” Reuter said. Citizen Lab researcher John Scott-Railton said the finding of Paragon spyware attacking WhatsApp is a “reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Citizen Lab researcher John Scott-Railton said the discovery of Paragon spyware targeting WhatsApp users "is a reminder that mercenary spyware continues to proliferate and as it does, so we continue to see familiar patterns of problematic use."

Ethical implications concerning spying software

Spyware businesses like Paragaon trade advanced surveillance software to government clients, and project their services as “critical to fighting crime and protecting national security,” Reuter mentions. However, history suggests that such surveillance tools have largely been used for spying, and in this case- journalists, activists, opposition politicians, and around 50 U.S officials. This raises questions about the lawless use of technology.

Paragon - which was reportedly acquired by Florida-based investment group AE Industrial Partners last month - has tried to position itself publicly as one of the industry's more responsible players. On its website, Paragon advertises the software as “ethically based tools, teams, and insights to disrupt intractable threats” On its website, and media reports mentioning people acquainted with the company “say Paragon only sells to governments in stable democratic countries,” Reuter mentions.

Read more »
surveillance
China Cyber Security Cyber Security Cyberattacks CyberCrime CyberThreat surveillance

China's Surveillance System: Cracks in a Digital Panopticon

 


China's expansive surveillance network monitors over 1.4 billion citizens, blending advanced technology with minimal legal checks on state control. However, cracks are emerging in this highly complex system.

Overview of Surveillance 
 
China's surveillance infrastructure leverages technologies such as:
  • Facial Recognition: Identifies individuals through advanced cameras.
  • Gait Recognition: Detects people based on movement patterns.
  • Mobile Apps: Platforms like WeChat and Alipay track transactions, communications, and movements.
A hallmark of this system is the Social Credit System, rewarding or penalizing citizens based on monitored behavior. 
 
Emergence of Data Exploitation 

Despite its sophistication, China's surveillance system suffers from internal misuse:
  • Insider Corruption: Government employees sell sensitive data on black markets.
  • Telegram Markets: Personal information, such as banking records and passport scans, is sold openly.
  • Cryptocurrency Payments: Transactions ensure anonymity for buyers and sellers.
SpyCloud reported that privileged access to government data is routinely exploited for profit, undermining the system's integrity. 

Privacy Concerns and Repressive Measures 

Surveillance extends beyond public spaces into private homes under the guise of security. Over 700 million surveillance cameras are operational, equivalent to two lenses per two citizens. COVID-19 expanded surveillance through apps and "digital health codes." In addition, Cameras monitor everything from tourist sites to repressive policing measures.

Citizens have voiced discomfort with the invasive measures, but dissent remains muted under strict state control. 

Challenges in Maintaining Control 

China's monitoring network highlights the paradox of technological sophistication undermined by human corruption. The Chinese Communist Party's (CCP) inability to control insider threats erodes public trust. The cycle of data exploitation leaves millions vulnerable to harm.

As China expands its surveillance capabilities, it faces a dual challenge: securing its data infrastructure while curbing internal corruption. This serves as a cautionary tale that no system, however advanced, is immune to human flaws.
Read more »
User Tracking
Data DEA FBI FTC Location Privacy surveillance User Tracking

FTC Stops Data Brokers from Unlawful User Location Tracking

FTC Stops Data Brokers from Unlawful User Location Tracking


Data Brokers Accused of Illegal User Tracking

The US Federal Trade Commission (FTC) has filed actions against two US-based data brokers for allegedly engaging in illegal tracking of users' location data. The data was reportedly used to trace individuals in sensitive locations such as hospitals, churches, military bases, and other protected areas. It was then sold for purposes including advertising, political campaigns, immigration enforcement, and government use.

Mobilewalla's Allegations

The Georgia-based data broker, Mobilewalla, has been accused of tracking residents of domestic abuse shelters and protestors during the George Floyd demonstrations in 2020. According to the FTC, Mobilewalla allegedly attempted to identify protestors’ racial identities by tracing their smartphones. The company’s actions raise serious privacy and ethical concerns.

Gravy Analytics and Venntel's Accusations

The FTC also suspects Gravy Analytics and its subsidiary Venntel of misusing customer location data without consent. Reports indicate they used this data to “unfairly infer health decisions and religious beliefs,” as highlighted by TechCrunch. These actions have drawn criticism for their potential to exploit sensitive personal information.

Unlawful Data Collection Practices

The FTC revealed that Gravy Analytics collected over 17 billion location signals from more than 1 billion smartphones daily. The data was allegedly sold to federal law enforcement agencies such as the Drug Enforcement Agency (DEA), the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI).

Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, stated, “Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk. This is the FTC’s fourth action this year challenging the sale of sensitive location data, and it’s past time for the industry to get serious about protecting Americans’ privacy.”

FTC's Settlements

As part of two settlements announced by the FTC, Mobilewalla and Gravy Analytics will cease collecting sensitive location data from customers. They are also required to delete the historical data they have amassed about millions of Americans over time.

The settlements mandate that the companies establish a sensitive location data program to identify and restrict tracking and disclosing customer information from specific locations. These protected areas include religious organizations, medical facilities, schools, and other sensitive sites.

Additionally, the FTC’s order requires the companies to maintain a supplier assessment program to ensure consumers have provided consent for the collection and use of data that reveals their precise location or mobile device information.

Read more »
WhatsApp
Cyber Attacks espionage Iran Israel spying surveillance Telegram WhatsApp

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Shin Bet, an Israeli Cybersecurity Service said recently it discovered over 200 Iranian phishing attempts targeting top Israeli diplomats to get personal information. Shin Bet believes the attacks were launched by Iranian actors through Telegram, WhatsApp, and email. 

The threat actors tried to bait targets into downloading infected apps that would give them access to victim devices and leak personal data like location history and residential addresses.

Iran Targeting Israeli Officials

The targeted senior officials include academicians, politicians, media professionals, and others

ShinBet said the stolen information would be used by Iran to launch attacks against Israeli nationals “through Israeli cells they have recruited within the country.” The targets were reached out with an “individually tailored cover story for each victim according to their area of work, so the approach doesn’t seem suspicious.”

In one case, the attacker disguised as a Cabinet Secretary lured the target saying he wanted to coordinate with PM Benjamin Netanyahu. Shin Bet has tracked the targets involved in the campaign and informed them about the phishing attempts. 

“This is another significant threat in the campaign Iran is waging against Israel, aimed at carrying out assassination attacks. We request heightened awareness, as cyberattacks of this type can be avoided before they happen through awareness, caution, suspicion, and proper preventative behavior online,” said a Shin Bet official.

Reasons for attack

Shin Bet “will continue to act to identify Iranian activity and thwart it in advance.” It believes the motive behind the attacks was to manage future attacks on Israeli nationals using information given by Israeli cells recruited by Iran. The campaign is a sign of an escalation between Iran and Israel, the end goal being assassination attempts.

The bigger picture

The recent discovery of phishing campaigns is part of larger targeted campaigns against Israel. In September 2024, 7 Jewish Israelis were arrested for allegedly spying on IDF and Israeli security figures for Iran. 

The Times of Israel reports, “Also in September, a man from the southern city of Ashkelon was arrested on allegations that he was smuggled into Iran twice, received payment to carry out missions on behalf of Tehran, and was recruited to assassinate either Israel’s prime minister, defense minister, or the head of the Shin Bet.”

Read more »
wiretapping
CALEA China Cybersecurity Data Breach Encryption Hackers Privacy surveillance Telecom wiretapping

China-backed Hackers Breach U.S. Telecom Wiretap Systems, Sparking Security Concerns

 

China-backed hackers infiltrated wiretap systems of multiple U.S. telecom and internet providers, reportedly seeking to collect intelligence on American citizens. This revelation has raised alarm in the security community.

Wiretap systems, required by a 30-year-old U.S. federal law, allow a small number of authorized employees access to sensitive customer data, including internet activity and browsing history. These systems, now compromised, highlight long-standing concerns about their vulnerability.

Security experts had long warned about the risks of legal backdoors in telecom systems. Many saw this breach as an inevitable outcome of such vulnerabilities being exploited by malicious actors. Georgetown Law professor Matt Blaze remarked that this scenario was “absolutely inevitable.”

According to the Wall Street Journal, the hacking group, Salt Typhoon, accessed systems used by major U.S. internet providers like AT&T, Lumen, and Verizon. The group reportedly collected large amounts of internet traffic, and a U.S. government investigation is now underway.

The hackers' goals remain unclear, but experts believe the breach could be part of a larger Chinese effort to prepare for potential cyberattacks in the event of conflict, possibly over Taiwan. The intrusion reinforces the dangers of security backdoors.

Riana Pfefferkorn, a Stanford academic, pointed out that this hack exposes the risks of U.S. wiretap systems, arguing that these measures jeopardize citizens’ privacy rather than protecting them. She advocates for increased encryption as a solution to these vulnerabilities.

The compromised wiretap systems are part of the Communications Assistance for Law Enforcement Act (CALEA), a law enacted in 1994 to help the government access telecom data through lawful orders. However, this system has become a target for hackers and malicious actors.

After 9/11, U.S. surveillance laws expanded wiretapping to collect intelligence, sparking an entire industry dedicated to facilitating these operations. Yet, the extent of government access to private data was only exposed in 2013 by whistleblower Edward Snowden.

Post-Snowden, tech giants like Apple and Google began encrypting customer data to prevent unauthorized access, even from government agencies. However, telecom companies have been slower to follow suit, leaving much U.S. phone and internet traffic vulnerable to wiretapping.

Governments worldwide continue to push for legal backdoors into encrypted systems. In the EU, for example, proposed laws aim to scan private messages for illegal content, raising security concerns among experts.

Signal, the encrypted messaging app, warned of the dangers of backdoors, pointing to the Chinese hacking incident as an example of why such measures pose severe cybersecurity risks. Meredith Whittaker, Signal’s president, stressed that backdoors cannot be restricted to just "the good guys."

Blaze called the CALEA law a cautionary tale, emphasizing the dangers of building security systems with inherent vulnerabilities.
Read more »
surveillance
APT Cyber Crime GuardZoo Spyware surveillance

Houthi-Aligned APT Targets Mideast Militaries With ‘GuardZoo’ Spyware


Since 2019, surveillance equipment deployed by a Yemeni Shia Islamist organization's partners has been used to target troops throughout the Middle East, according to a new study.

Surveillanceware Targeting Middle Eastern Militaries

A Houthi-aligned threat actor utilized GuardZoo malware to capture images, documents, and other files from compromised devices, according to Lookout researchers in a report released Tuesday.

According to unsecured command and control server logs, the majority of the approximately 450 victims were found in Yemen, Saudi Arabia, Egypt, and Oman, with a tiny number in the United Arab Emirates, Turkey, and Qatar.

The Houthis took possession of Yemen's capital city in 2014, sparking a civil conflict and hunger. According to human rights organizations, a contentious Saudi-led intervention in Yemen began in June 2019 and resulted in a wave of arbitrary arrests, torture, and enforced disappearances.

The Houthi-aligned threat actor was identified by "application lures, exfil data, targeting, and the C2 infrastructure location," according to the report.

The Origins

According to Lookout, the spying tool is named after a fragment of source code that persists on an infected device. In addition to collecting images and documents, the study stated that it can "coordinate data files related to marked locations, routes, and tracks," as well as identify an infected device's location, model, cellular service carrier, and Wi-Fi setup.

GuardZoo can also download and install "arbitrary applications on the device," implying it can offer more destructive abilities once the gadget is infected," according to the paper.

Technical Details

According to Lookout, the spyware has been detected primarily in military-themed applications, with distribution and infections originating primarily in WhatsApp, WhatsApp Business, and browser downloads. In a few other cases, victims were enticed by content with a religious-themed prayer app or an e-book theme.

Researchers initially found GuardZoo in October 2022. Lookout claims the tool is based on Dendroid RAT, a "commodity spyware" that has been in use for at least a decade.

Capabilities

After infecting a device, GuardZoo communicates to the command and control server and sends four commands to each new victim, including deactivating local logging and uploading metadata for all files.

"These extensions are related to maps, GPS and markings showing waypoints, routes and tracks," according to Lookout's findings.

GuardZoo's lures were originally general, but they've evolved to include military themes with titles like "Constitution Of The Armed Forces" and "Restructuring Of The New Armed Forces." Military apps used as a lure featured emblems from numerous Middle Eastern countries, including Yemen and Saudi Arabia.

Operational Impact

After infecting a device, GuardZoo communicates to the command and control server and sends four commands to each new victim, including deactivating local logging and uploading metadata for all files.

"These extensions are related to maps, GPS and markings showing waypoints, routes and tracks," according to Lookout's findings.

GuardZoo's lures were originally general, but they've evolved to include military themes with titles like "Constitution Of The Armed Forces" and "Restructuring Of The New Armed Forces." Military apps used as a lure featured emblems from numerous Middle Eastern countries, including Yemen and Saudi Arabia.
Read more »
USA
Data Privacy Federal Agencies Privacy surveillance Technology Threats USA

Controversial Reverse Searches Spark Legal Debate


In a growing trend, U.S. police departments and federal agencies are employing controversial surveillance tactics known as reverse searches. These methods involve compelling big tech companies like Google to surrender extensive user data with the aim of identifying criminal suspects. 

How Reverse Searches Operate 

Under Reverse Searches Enforce Agencies order digital giant companies such as Google to give them vast reservoirs of user data. Under this law, these agencies have the power to demand information related to specific events or queries which include: 

  • Location Data: Requesting data on individuals present in a particular place at a specific time based on their phone's location. 
  • Keyword Searches: Seeking information about individuals who have searched for specific keywords or queries. 
  • YouTube Video Views: A recent court order disclosed that authorities could access identifiable information on individuals who watched particular YouTube videos. 

In the past, when law enforcement needed information for an investigation, they would usually target specific people they suspected were involved in a crime. But now, because big tech companies like Google have so much data about people's activities online, authorities are taking a different approach. Instead of just focusing on individuals, they are asking for massive amounts of data from these tech companies. This includes information on both people who might be relevant to the investigation and those who are not. They hope that by casting a wider net, they will find more clues to help solve cases. 

Following the news, critics argue that these court-approved orders are overly broad and potentially unconstitutional. They raise concerns that such orders could force companies to disclose information about innocent people unrelated to the alleged crime. There are fears that this could lead to prosecutions based on individuals' online activities or locations. 

Also, last year an application filed in a Kentucky federal court disclosed that federal agencies wanted Google to “provide records and information associated with Google accounts or IP addresses accessing YouTube videos for a one-week period, between January 1, 2023, and January 8, 2023.” 

However, it did not end here, the constitutionality of these orders remains uncertain, paving the way for a probable legal challenge before the U.S. Supreme Court. Despite the controversy, federal investigators continue to push the boundaries of this contentious practice.
Read more »
surveillance
DTEK Kyiv Privacy Russia-Ukraine War Russian intelligence Security Service of Ukraine(SBU) surveillance

Russia Hacks Surveillance Cameras to Monitor Attacks in Kyiv


During Tuesday's intense missile and drone strikes on Ukraine's capital, Kyiv, which left over 250,000 people without internet or electricity amid dropping winter temperatures, Russian military intelligence broke into surveillance cameras to spy on Ukrainian air defenses and Kyiv's vital infrastructure.

Security Service of Ukraine informed that it responded to the hack by blocking and dismantling the suspected camera. 

The agency further advised online users to cease transmitting and watching security camera feeds online, as Russian military intelligence is utilizing the "collected data for preparing and adjusting strikes on Kyiv."

Russia has been attacking Kyiv and Kharkiv since New Year’s holiday weekend, resulting in five casualties and over 130 injured. On Tuesday, around 100 missiles were fired on the two cities. 

These attacks were monitored by the Russian intelligence by hacking into the online surveillance cameras that are privately-owned. "According to SBU cyber specialists, one of the devices was located on the balcony of an apartment building and was used by a local condominium to monitor the surrounding area," the SBU reported.

Hackers secretly recorded all visual data inside the surveillance camera's viewing range by gaining remote access to the device and altering its viewing angle. According to the SBU, Russian intelligence then viewed the feed on YouTube to assist the military in tracking the airstrikes and informing soldiers about their targets.

The hacked surveillance camera used for monitoring the parking lot of other residential complex in Kyiv helped hackers to surveille the surrounding areas, which comprised vital infrastructure facilities.

Internet and Power Supply Affected

The energy company DTEK said that Russian missiles had damaged power grid equipment and overhead lines in Kyiv and the surrounding region, causing blackouts that affected nearly 260,000 Kyiv residents. Russian missiles, drones, and bombers also struck Ukrainian internet and power supply services.

DTEK tweeted, "Critical infrastructure, industrial, civilian and military facilities were attacked. The main focus of the attack was the capital of Ukraine[…]DTEK's power engineers are quickly restoring power after the attack."

As of Wednesday, DTEK Executive Director Dmytro Sakharuk announced that all 260,000 residents in Kyiv and an additional 185,000 residents in the surrounding districts had their power restored. "We are now continuing to repair networks after yesterday's shelling, because some consumers had to be connected via backup circuits."  

Read more »
Subscribe to: Posts (Atom)