Tag Archive for: Spyware

Spyware industry develops most zero-days and governments promote it

/in


Commercial spyware vendors appear to be the largest developers of zero-day vulnerabilities. Through these vulnerabilities, spyware such as Pegasus and Predator can be installed on devices worldwide. This was stated in a report by Google, in which the tech company is also calling for greater actions against the practices of the spyware industry. Governments should ban those actions, but that is hard because they themselves are buyers of the spyware.

Last year, the Threat Analysis Group (TAG) at Google closely monitored the activities of 40 commercial spyware vendors (CSVs). With the study, TAG determined that these vendors were responsible for 80 percent of the zero-day vulnerabilities found by TAG in 2023. It means that these vendors sought and exploited the vulnerability. The exploitation was aimed at spying on devices around the world.

Pegasus and Predator

In the report, TAG mentions several of these CSVs by name. They are said to include Cy4Gate, RCS Lab, Negg Group and Variston. Intellexa is also named as the developer of the Predator spyware. This spyware came into the spotlight late last year following an Amnesty International investigation. Predator was allegedly purchased by at least 25 countries and deployed to spy on U.S. and EU politicians.

Another vendor, perhaps even better known, is NSO Group. This company made plenty of headlines after the discovery of Pegasus spyware. This software came to light after Apple contacted top European officials on the possibility of spyware on their Apple devices.

Only a fraction of the reality

Commercial spyware vendors appear to have increasingly focused on zero-day vulnerabilities over the years. Over ten years, Google can attribute 35 of the 72 zero-day vulnerabilities found and exploited to these vendors.

So over a ten-year period, the percentage does not even reach 50 percent. Last year, however, it had already reached 80 percent. It seems like these commercial vendors have, mainly in recent years, scaled up their activities to find and exploit zero-day vulnerabilities.

Still, there is another possible conclusion. Namely, TAG’s study assumes the zero-day vulnerabilities found. Researchers have…

Source…

How a Russian spyware company ‘hacked’ ChatGPT, turned it to spy on internet users

/in


How a Russian spyware company 'hacked' ChatGPT, turned it to spy on internet users

A Russian spying company that has an expertise in online hacking and spying was able to bypass OpenAI’s ChatGPT turn it into a spyware for spying on people who use the internet. The spying company was involved in sentiment analysis and hacking

In a recent investigative report, Forbes revealed that Social Links, a Russian spyware company previously banned from Meta’s platforms for alleged surveillance activities, has co-opted ChatGPT for spying on people using the internet.

This unsettling revelation of ChatGPT which involves collecting and analyzing social media data to gauge users’ sentiments, adds yet another controversial dimension to ChatGPT’s use cases.

Presenting its unconventional utilization of ChatGPT at a security conference in Paris, Social Links showcased the chatbot’s proficiency in text summarization and analysis. By feeding data, obtained through its proprietary tool, related to online discussions about a recent controversy in Spain, the company demonstrated how ChatGPT could quickly process and categorize sentiments as positive, negative, or neutral. The results were then presented using an interactive graph.

Related Articles

AI

AI in My Pocket: Humane officially launches AI-powered wearable pin, aims to replace smartphones

AI

ChatGPT Outage: Russia-backed Pro-Palestine hackers attack OpenAI, extent of damage unknown

Privacy advocates, however, find this development deeply troubling. Beyond the immediate concerns raised by this specific case, there is a broader worry about the potential for AI to amplify the capabilities of the surveillance industry.

Rory Mir, Associate Director of Community Organizing at the Electronic Frontier Foundation, expressed apprehension that AI could enable law enforcement to expand surveillance efforts, allowing smaller teams to monitor larger groups more efficiently.

Mir highlighted the existing practice of police agencies using fake…

Source…

The US Congress Was Targeted With Predator Spyware

/in


The media consortium, along with security researchers from Amnesty International and Google’s Threat Analysis Group, were able to show Vietnam’s connection to the Predator hacking campaign through documents they obtained that detail the Vietnamese government’s contract with Intellexa in 2020, and later an extension of the deal to allow the use of the Predator software. The internal documents went so far as to capture the response of Intellexa’s founder, Israeli former military hacker turned entrepreneur Tal Dilian, when the deal was announced: “Wooow!!!!” Vietnam’s government would later target French officials with Predator before this year’s campaign targeting US congressmen.

Despite efforts by Israel and other nations to cut off funding to Hamas in recent years, the group raised millions of dollars worth of cryptocurrency before the past weekend’s attack that killed more than a thousand Israelis. An analysis by The Wall Street Journal found that Hamas, Palestinian Islamic Jihad, and Hezbollah had collectively raised hundreds of millions in crypto over the past several years, with $41 million going to Hamas specifically. Given that the Journal learned of that funding in part through Israeli seizures of crypto accounts, however, it’s not clear how much of that money was frozen or seized versus how much might have actually been successfully laundered or liquidated by Hamas and other groups. 

In response to the weekend’s attacks, the Israeli government and the world’s largest crypto exchange, Binance, both announced that a new round of Hamas crypto accounts had been frozen. Though crypto has helped Hamas and other groups move funds across borders, its traceability on blockchains has presented a challenge for designated terrorist groups. In 2021, for instance, Hamas asked its supporters to stop making donations via cryptocurrency, due to the ease of tracking those transactions and unmasking contributors.

Last year, Reuters reporters Chris Bing and Raphael Satter published an investigation into Aviram Azari, an Israeli private investigator who is accused of using mercenary hackers to gather intelligence on the critics of major corporations involved in lawsuits…

Source…

Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones

/in


Apple announced on Thursday that its latest operating system updates patch three new zero-day vulnerabilities. Based on the previous work of the organizations credited for reporting the flaws, they have likely been exploited by a spyware vendor.

The zero-days are tracked as CVE-2023-41991, which allows a malicious app to bypass signature verification, CVE-2023-41992, a kernel flaw that allows a local attacker to elevate privileges, and CVE-2023-41993, a WebKit bug that can be exploited for arbitrary code execution by luring the targeted user to a malicious webpage. 

Apple patched some or all of these vulnerabilities in Safari, iOS and iPadOS (including versions 17 and 16), macOS (including Ventura and Monterey), and watchOS.

It’s worth noting that while each of these operating systems is impacted by the zero-days, Apple said it’s only aware of active exploitation targeting iOS versions before 16.7.

Apple has not shared any information about the attacks exploiting the new vulnerabilities. However, considering that they were reported to the tech giant by researchers at the University of Toronto’s Citizen Lab group and Google’s Threat Analysis Group, they have likely been exploited by a commercial spyware vendor to hack iPhones. 

Citizen Lab and Apple recently investigated attacks involving a zero-day identified as CVE-2023-41064. That security hole, part of a zero-click exploit named BlastPass, was used to  deliver the NSO Group’s notorious Pegasus spyware to iPhones.

In an attack investigated by Citizen Lab, the spyware was delivered to an employee at an international civil society organization based in Washington DC. 

Advertisement. Scroll to continue reading.

CVE-2023-41064 impacts the WebP image format. The affected library is also used in the Chrome and Firefox web browsers, and Google and Mozilla were also forced to release emergency updates to address the zero-day, which they track as CVE-2023-4863.

Related: Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors

Related: US to Adopt New Restrictions on Using Commercial Spyware

Related: Details Emerge on Israeli Spyware Vendor QuaDream and Its iOS Malware 

Source…