Category Archives: surveillance

Official Tor Browser for Android available on Google Play

The Tor Project has released the first stable version of the Tor Browser for Android. The release is referred to as version 8.5, mainly to prevent confusion: Tor Browser releases for Windows, macOS, and Linux are currently on that version. About Tor Browser for Android The Tor Project released an alpha version of the app in September 2018 and has been working on tweaking it ever since. “Mobile browsing is increasing around the world, and … More

The post Official Tor Browser for Android available on Google Play appeared first on Help Net Security.

How Technology and Politics Are Changing Spycraft

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this automatic. Meanwhile, Western countries have new laws and norms that put them at a disadvantage over other countries. And finally, much of this has gone corporate.

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware.

The name NSO Group made the headlines last week after the disclosure of the WhatsApp flaw exploited by the company to remotely install its surveillance software.

The Israeli firm is now facing a lawsuit backed by Amnesty International, but the non-governmental organization fears its staff may be under surveillance spyware delivered leveraging the WhatsApp issue.

The lawsuit was filed in Israel by about 50 members and supporters of the human rights group. The organization calls on the Israeli ministry of defence to ban the export of the Pegasus surveillance software developed by NSO Group.

“An affidavit from Amnesty is at the heart of the case, and concludes that “staff of Amnesty International have an ongoing and well-founded fear they may continue to be targeted and ultimately surveilled” after a hacking attempt last year.” reads the post published by The Guardian.

“The Israeli government’s Defence Export Controls Agency has failed to exercise proper oversight “despite serious allegations of abuse”, the affidavit claimed, adding: “Because of DECA’s inaction, NSO Group can continue to sell its software to governments known to target human rights defenders.””

Officially the sale of surveillance software is limited to authorized governments to support investigation of agencies on criminal organizations and terrorist groups.

Unfortunately, its software is known to have been abused to spy on journalists and human rights activists.

In July, Citizen Lab collected evidence of attacks against 175 targets worldwide carried on with the NSO spyware. Citizen Lab uncovered other attacks against individuals in Qatar or Saudi, where the Israeli surveillance software is becoming very popular.

In August, an Amnesty International report confirmed that its experts identified a second human rights activist, in Saudi Arabia, who was targeted with the powerful spyware.

According to Joshua Franco, Amnesty’s head of technology and human rights, the trading of surveillance software is going out-of-control.

On August, the human rights group published a report that provides details on the attack against an employee at Amnesty International. The hackers attempted to compromise the mobile device of a staff member in early June by sending him a WhatsApp message about a protest in front of the Saudi Embassy in Washington.

surveillance Amnesty International NGO spyware

The organization added that such kind of attacks is becoming even more frequent, a growing number of Israeli surveillance software being used to spy on human rights operators and opposition figures in the Middle East and beyond.

Amnesty International traced the malicious link in the message to the surveillance network of the Israeli firm NSO Group.

The Guardian reported that NSO Group already faced many other lawsuits, such as the one backed by Omar Abdulaziz, a Saudi dissident based in Montreal. In December Abdulaziz filed a lawsuit in Israel in which he claimed that his phone was infected with the NSO spyware when he was in regular contact with the journalist Jamal Khashoggi.

In November, Snowden warned of abuse of surveillance software that also had a role in the murder of the Saudi Arabian journalist Jamal Khashoggi.

Khashoggi is believed to have been killed by Saudi Arabi’s agents, and the country has licensed NSO software in 2017, paying $55m for the technology.

NSO said it wants to demonstrate that it is not involved in any abuse of its technology, it prepared a report composed of 26 pages to reply to the accusations made by Amnesty and Citizen Lab.

It is curious that early 2019, a majority stake in NSO was acquired by the London based firm Novalpina Capital, founded by the banker and philanthropist Stephen Peel.

The Guardian reported an excerpt of the reply to Amnesty, signed by Peel, that states that in “almost all” the cases of complaints of human rights abuse raised, the alleged victim of hacking had not been a target or the government in question had acted with “due lawful authority”.

“We believe that the reality is different. We’ve seen them target human rights organisations and no evidence they’ve been able to effectively control governments when complaints have been raised.” replied Danna Ingleton, the deputy director of Amnesty’s technology division.


If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini

(SecurityAffairs – NSO Group, Amnesty International)

The post Amnesty International filed a lawsuit against Israeli surveillance firm NSO appeared first on Security Affairs.

Israeli firm linked to WhatsApp spyware attack faces lawsuit

Amnesty International fears its staff may be ‘surveilled via NSO Pegasus software’

The Israeli firm linked to this week’s WhatsApp hack is facing a lawsuit backed by Amnesty International, which says it fears its staff may be under surveillance from spyware installed via the messaging service.

Related: WhatsApp urges users to update app after discovering spyware vulnerability

Related: WhatsApp spyware attack was attempt to hack human rights data, says lawyer

Related: WhatsApp hack: have I been affected and what should I do?

Continue reading...

UK government security decisions can be challenged in court, judges rule

Supreme court says GCHQ’s hacking powers should be subject to judicial review

Government security decisions will in future be open to challenge in the courts after judges ruled that a secretive intelligence tribunal could not be exempt from legal action.

By a 4-3 majority, supreme court justices declared that the extent of GCHQ’s powers to hack into internet services should be subject to judicial review.

Related: GCHQ discloses secret location of former London office

Continue reading...

The Guardian view on hacking: a dangerous arms trade | Editorial

Cyberweapons are dangerous in themselves. Their proliferation makes them much more harmful

NSO Group, an Israeli firm that has risen to a billion-dollar valuation on the strength of the aggressive hacking tools it sells to authoritarian governments across the Arab world, is being sued by lawyers and activists who claim to be victims of its software. One of the lawyers involved in the suit was targeted some weeks ago by mysterious WhatsApp calls to his phone in the middle of the night. When he contacted technical experts, they discovered Pegasus 3, an aggressive virus that can apparently install itself on a phone without the victim taking any action at all. Once installed, it takes control of the device, recording conversations and video. It can destroy the evidence of its own arrival and existence, and control any files on the device. In effect, it turns a smartphone into the perfect spying device, which the victim will carry everywhere with them.

Similar programs are widely available to abusers of all sorts, which is one reason why many domestic violence shelters ban the use of smartphones. But the ones that can easily be bought require some action from the victim, usually a misplaced click, or else a few moments’ access to their phone. The NSO malware targeting WhatsApp is different in that it could install itself without the victim doing anything at all. To discover and exploit the programming mistakes that opened this vulnerability would take years and cost millions of dollars. That is why it’s assumed that only states, or state-backed actors, have the resources to produce them.

Continue reading...

WhatsApp spyware attack was attempt to hack human rights data, says lawyer

NSO Group technology reportedly used against lawyer involved in civil case against the Israeli surveillance firm

The UK lawyer whose phone was targeted by spyware that exploits a WhatsApp vulnerability said it appeared to be a desperate attempt by someone to covertly find out the details of his human rights work.

The lawyer, who asked not to be named, is involved in a civil case brought against the Israeli surveillance company NSO Group whose sophisticated Pegasus malware has reportedly been used against Mexican journalists, and a prominent Saudi dissident living in Canada.

Related: WhatsApp urges users to update app after discovering spyware vulnerability

Users are strongly advised to check for WhatsApp updates manually through the Apple App Store on an iPhone, Google Play or similar on an Android device, the Microsoft Store on Windows Phones and the Galaxy app store on Tizen devices.

Related: Mexico accused of spying on journalists and activists using cellphone malware

Continue reading...

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device.

Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device.

WhatsApp did not name the threat actor exploiting the CVE-2019-3568, it described the attackers as an “advanced cyber actor” that targeted “a select number of users.”

“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” reads the description provided by Facebook.

The WhatsApp zero-day vulnerability is a buffer overflow issue that affects the WhatsApp VOIP stack. The flaw could be exploited by a remote attacker to execute arbitrary code by sending specially crafted SRTCP packets to the targeted mobile device.

Facebook fixed the issue with the release of WhatsApp for Android 2.19.134, WhatsApp Business for Android 2.19.44, WhatsApp for iOS 2.19.51, WhatsApp Business for iOS 2.19.51, WhatsApp for Windows Phone 2.18.348, and WhatsApp for Tizen 2.18.15. Any prior version of the popular instant messaging app is vulnerable. The company also implemented a server-side patch that was deployed at the end of last week.

WhatsApp zero-day

The bad news is that experts are aware of attacks exploiting the WhatsApp zero-day to deliver surveillance software.

The Financial Times reported that the WhatsApp zero-day has been exploited by threat actors to deliver the spyware developed by surveillance firm NSO Group.

The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups, activists, journalists, lawyers, and dissidents. Security experts have detected and analyzed some of the tools in its arsenals, such as the popular Pegasus spyware (for iOS) and Chrysaor (for Android). Chrysaor was used in targeted attacks against journalists and activists, mostly located in Israel, other victims were in Georgia, Turkey, Mexico, the UAE and other countries. Experts believe the Chrysaor espionage 

In September, a report published by Citizen Lab revealed that the NSO Pegasus spyware was used against targets across 45 countries worldwide.

In November, Snowden warned of abuse of surveillance software that also had a role in the murder of the Saudi Arabian journalist Jamal Khashoggi.

Now The Financial Times described a scaring scenario in which attackers were able to exploit the WhatsApp zero-day vulnerability by just making a call to the target device via WhatsApp. The exploitation of the vulnerability doesn’t require the victim’s interaction. In fact, the victim does not need to answer for the vulnerability to be exploited, and it seems that after the attack there is no trace on the device of the malicious incoming calls.

The Financial Times cites the case of an unnamed attorney based in the United Kingdom that was targeted on May 12. The lawyer is involved in a lawsuit filed against NSO by individuals that were targeted with the surveillance software of the company.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” reads a briefing document note for journalists cited by BBC and other media outlets.

Of course, the NSO Group denied any support to government agencies that could have targeted the UK lawyer with its surveillance software.

“NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual,” states NSO group.

Pierluigi Paganini

(SecurityAffairs – WhatsApp Zero-day, Hacking)

The post WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware appeared first on Security Affairs.