Posts Tagged ‘spyware’

Commercial spyware out of control and becoming threat to human rights defenders

December 6, 2017

Read the rest of this entry »

Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt

August 29, 2016

Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]


Ahmed MansoorImage copyrightAP – human rights defender Ahmed Mansoor

The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.

Text message
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB

For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/

Sources:

http://www.bbc.com/news/technology-37185544

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/  (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)

http://www.dailymail.co.uk/sciencetech/article-3758671/Apple-boosts-iPhone-security-Mideast-spyware-discovery.html

Amnesty’s Detekt: a new tool against government spying launched today

November 20, 2014

Screen Shot 2014-11-20 at 10.24.35

On 20 November 2014 Amnesty International launched a new tool that human rights defenders can use in their struggle against surveillance. It is calledDETEKT. As I have often expressed concern about digital security in this blog (see: https://thoolen.wordpress.com/tag/digital-security/\) here ARE major excerpts from the Questions and Answers that were provided in the press release:

What is Detekt and how does it work?

Detekt is a free tool that scans your computer for traces of known surveillance spyware used by governments to target and monitor human rights defenders and journalists around the world. By alerting them to the fact that they are being spied on, they will have the opportunity to take precautions.

It was developed by security researchers and has been used to assist in Citizen Lab’s investigations into government use of spyware against human rights defenders, journalists and activists as well as by security trainers to educate on the nature of targeted surveillance. Amnesty International is partnering with Privacy International, Digitale Gesellschaft and the Electronic Frontier Foundation.

Why are you launching Detekt now?

The latest technologies enable governments to track, monitor and spy on people’s activities like never before. Through the use of these technologies, governments can read private correspondence and even turn on the camera and microphone of a computer without its owner knowing it. Our ultimate aim is for human rights defenders, journalists and civil society groups to be able to carry out their legitimate work without fear of surveillance, harassment, intimidation, arrest or torture.

Has anyone used Detekt successfully to know if they were being spied on? 

Detekt was developed by researchers affiliated with the Citizen Lab, who used a preliminary version of the tool during the course of their investigations into the use of unlawful surveillance equipment against human rights defenders in various countries around the world.

For example, according to research carried out by Citizen Lab and information published by Wikileaks, FinSpy – a spyware developed by FinFisher, a German firm that used to be part of UK-based Gamma International– was used to spy on prominent human rights lawyers and activists in Bahrain.

How effective is this tool against technologies developed by powerful companies? 

Detekt is a very useful tool that can uncover the presence of some commonly used spyware on a computer, however it cannot detect all surveillance software. In addition, companies that develop the spyware will probably react fast to update their products to ensure they avoid detection. This is why we are encouraging security researchers in the open-source community to help the organizations behind this project to identify additional spyware or new versions to help Detekt keep up to date.

It is important to underline that if Detekt does not find trace of spyware on a computer, it does not necessarily mean that none is present. Rather than provide a conclusive guarantee to activists that their computer is infected, our hope is that Detekt will help raise awareness of the use of such spyware by governments and will make activists more vigilant to this threat.

In addition, by raising awareness with governments and the public, we will be increasing pressure for more stringent export controls to ensure that such spyware is not sold to governments who are known to use these technologies to commit human rights violations.

How widely do governments use surveillance technology?

Governments are increasingly using surveillance technology, and targeted surveillance in particular, to monitor the legitimate activities of human rights activists and journalists. Powerful software developed by companies allows governments and intelligence agencies to read personal emails, listen-in on Skype conversations or even remotely turn on a computers camera and microphone without its owner knowing about it. In many cases, the information they gather through those means is used to detain, imprison and even torture activists into confessing to crimes.

How big is the unregulated trade in surveillance equipment? What are the main companies and countries involved? 

The global surveillance industry is estimated to be worth approximately US$5 billion a year – with profits growing 20 per cent every year. European and American companies have been quietly selling surveillance equipment and software to countries across the world that persistently commit serious human rights violations. Industry self-regulation has failed, and government oversight has now become an urgent necessity.

Privacy International has extensively documented the development, sale and export of surveillance technologies by private companies to regimes around the world. Recipient countries include: Bahrain, Bangladesh, Egypt, Ethiopia, Libya, Morocco, South Africa, Syria and Turkmenistan.

Isn’t publicizing the existence of this tool giving governments a heads up about how they can avoid being caught (by adapting new equipment which avoids detection)?

The technologies that allow governments to efficiently and covertly monitor the digital communications of their citizens are continuously improving. This is happening across the world. The growing trend in indiscriminate mass surveillance on a global scale was laid bare by the Edward Snowden disclosures. In addition to mass surveillance technologies, many governments are using sophisticated tools to target specific human rights defenders and journalists who work to uncover abuses and injustice. The new spyware being developed and used is powerful and dangerous and putting many human rights activists and journalists at risk of abuse.

As surveillance technologies develop in sophistication, it is vital that civil society groups learn how to protect their digital communications. No one tool or intervention will be enough to do this. We hope Detekt will become a new approach for investigating surveillance while sensitizing people to the threats.

However, long term we must also demand that governments live up to their existing commitments to human rights and that they and companies put in place stronger protections to ensure that new technologies are not used to violate human rights.

Surveillance is also used to carry out legitimate criminal investigations, why are you against it? 

Targeted surveillance is only justifiable when it occurs based on reasonable suspicion, in accordance with the law, is strictly necessary to meet a legitimate aim (such as protecting national security or combatting serious crime and is conducted in a manner that is proportionate to that aim and non-discriminatory.

Indiscriminate mass surveillance – the widespread and bulk interception of communication data that is not targeted or based on reasonable suspicion – is never justifiable. It interferes with a range of human rights, particularly the rights to privacy and freedom of expression.

The Detekt tool can be downloaded from: Github page.

http://www.amnesty.org/en/news/detekt-new-tool-against-government-surveillance-questions-and-answers-2014-11-20

 http://gadgets.ndtv.com/internet/news/human-rights-group-amnesty-international-releases-anti-surveillance-tool-623484

Amnestys Detekt tool wants to help you thwart government spying | ZDNet.