Tuesday , September 28 2021
Home / Technology / A private Israeli firm has helped governments hack journalists and human rights advocates
WhatsApp sued the most prominent spyware company, another Israeli firm called NSO, in U.S. federal court. (Patrick Sison/AP)

A private Israeli firm has helped governments hack journalists and human rights advocates

Spread the love

Candiru has likely sold spying tools to governments in the Middle East and Asia, according to the cybersecurity research group Citizen Lab

By Joseph Marks

An Israeli hacking-for-hire firm has helped government clients spy on more than 100 victims around the world, including politicians, dissidents, human rights activists, embassy workers and journalists, according to a Microsoft report.

The firm, which goes by the name Candiru, is part of a burgeoning industry of largely unregulated spyware companies that sell snooping technology to government intelligence services and law enforcement agencies — often with questionable human rights records.

Candiru has likely sold spying tools to governments in the Middle East and Asia, according to the cybersecurity research group Citizen Lab, which identified people targeted by Candiru’s malicious software and helped Microsoft compile its report. Those governments then use the spying tools independently.

The report comes amid roiling concern about the proliferation of cyberweapons once limited to a handful of nations that are now becoming far more widespread. In addition to helping authoritarian regimes spy on dissidents and adversaries, that growth has enabled a wave of criminal hacks, including ransomware campaigns that have disrupted U.S. oil supplies and meat production.

The Biden administration has moved aggressively to confront the ransomware epidemic, including threatening Russian President Vladimir Putin with severe consequences if he doesn’t crack down on criminal groups operating on Russian territory. But the United States has been far less aggressive about the proliferation of spyware.

Microsoft is part of a chorus of large tech firms that are increasingly criticizing the spyware industry and calling on governments to regulate their products through export bans and other measures. As part of its investigation, Microsoft patched major bugs that Candiru used to spy on its users.

“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Cristin Goodwin, general manager of Microsoft’s Digital Security Unit, said in a blog post.

The researchers also found phony websites masquerading as international media, human rights organizations and other legitimate groups that were used to deliver Candiru spyware. Among them were phony sites that appeared to be affiliated with the Black Lives Matter movement and sites related to gender equality.

Spyware firms have effectively leveled the playing field for countries that wish to spy on dissidents and government critics but lack the technical resources to develop their own spying tools.

Human rights advocates have accused such firms of running roughshod over civil liberties and enabling harassment and oppression of government opponents, though the firms say they only aid legitimate law enforcement and intelligence operations.

Candiru did not respond to emails seeking comment. A phone call to a company number was not answered.

The most significant tech response came in 2019, when WhatsApp sued the most prominent spyware company, another Israeli firm called NSO, in U.S. federal court. The Facebook affiliate claimed NSO acted illegally by helping governments hack hundreds of its customers, including journalists, human rights workers and women who had been targeted with online attacks.

Microsoft filed a brief supporting WhatsApp’s position in that case, which is still working its way through the legal system. An NSO surveillance tool was also implicated in spying on Washington Post contributing writer Jamal Khashoggi before he was killed by people affiliated with Saudi Arabia’s security services in 2018.

Far less is known about Candiru’s activities. The firm has maintained a high level of secrecy, including by changing its official corporate name four times during its six years in operation, according to a Citizen Lab report. The firm is now officially named Saito Tech Ltd., though it is still widely known as Candiru, the report states.

“Candiru has tried to remain in the shadows ever since its founding but there is no space in the shadows for companies that facilitate authoritarianism,” Bill Marczak, a senior fellow at Citizen Lab, said.

Microsoft is referring to Candiru’s activities under the name Sourgum, part of a naming convention it has developed to describe nongovernment hacking groups using the names of trees and shrubs. The company has a separate naming convention for hacking groups linked with national governments based on elements on the periodic table.

About Charles Igbinidu

Charles Igbinidu is a Public Relations practitioner in Lagos, Nigeria

Check Also

Nigeria’s eNaira Platform Goes Live

Spread the loveThe Central Bank of Nigeria (CBN) has activated the e-naira portal ahead of …

Leave a Reply

Your email address will not be published. Required fields are marked *