Tuesday January 21, 2020
Home Lead Story Mass Surveill...

Mass Surveillance Tech Just Needs a Missed Call to Hack You

In 2018, a close confidant of Jamal Khashoggi was targeted in Canada with a fake package notification, resulting in the infection of his iPhone. Citizen Lab has tracked more than two dozen cases using similar techniques

0
//
personal information, smart devices
While 85 per cent of people own a smartphone, 54 per cent believe the technology is spying on them. Pixabay

As Indians break their heads over WhatsApp spygate where an Israeli bug infected select users smartphones to access their personal details, the mass surveillance technology has truly come of age and now the governments just need to make a missed call to install an “exploit link” into the device of a person they want to bug, hack and listen in.

From the days when surveillance methods involved bugging the phone or cable wires to tap phones (remember Radia tapes!) to track a person’s vehicle by installing a tracking device beneath the car, cyber criminals and hackers have devised modern and untraceable tools to hack into your systems.

The most popular mass surveillance programme is ‘PRISM’ — under which the US National Security Agency (NSA) collects user’s personal communications from various US internet companies.

‘PRISM’ allegedly collects stored Internet communications based on demands made to internet companies.

The NSA can use PRISM requests to target communications that were encrypted when they traveled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier, and to get access to data.

Its existence was leaked by NSA contractor and whistleblower Edward Snowden, who warned that the extent of mass data collection was far greater than the public knew.

US President Barack Obama, during a visit to Germany, stated that the NSA’s data gathering practices constitute “a circumscribed, narrow system directed at us being able to protect our people”.

According to Amnesty.org, NSA and UK’s Government Communications Headquarters (GCHQ) are monitoring you with code names.

‘Muscular’ is one such project that “intercepts user data as it passes between Google servers”. Yahoo! was also said to be affected.

Between December 2012 and January 2013, ‘Muscular’ collected 181 million records but “Google has now strengthened security between their servers since then.

Cyber attack
Hackers and cyber criminals have IT managers on their target as per the survey. Pixabay

Another tool called ‘Optic Nerve’ allowed secret access to Yahoo! webcam chats. In a six-month period, it spied on 1.8 million Yahoo! users and took one still image every five minutes of video per user.

“GCHQ targeted Belgacom, Belgium’s largest telecommunications provider with spyware called Regin, a malicious piece of software designed to break into Belgaom’s networks. The purpose of the GCHQ hack was to spy on phones and internet users using the Belgacom network”.

Since then, the technology has evolved to such an extent that just a missed call is enough to snoop on anyone, anywhere.

Citizen Lab, a laboratory based at the Munk School of Global Affairs and Public Policy of the University of Toronto, has identified over 100 cases of abusive targeting of human rights’ defenders and journalists in at least 20 countries across the globe via the new piece of Israeli spyware called Pegasus.

Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.

Also Read: Samsung Users Most Satisfied with the Brand: CMR

“The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity, and use the GPS function to track a target’s location and movements,” said Citizen Lab.

The spyware can be placed on phones using multiple vectors, or means of infection. The WhatsApp exploit from May 2019 was one such vector.

In 2017, the wife of a murdered Mexican journalist was sent alarming text messages concerning her husband’s murder, designed to trick her into clicking on a link and infecting her phone with the Pegasus spyware.

In 2018, a close confidant of Jamal Khashoggi was targeted in Canada with a fake package notification, resulting in the infection of his iPhone. Citizen Lab has tracked more than two dozen cases using similar techniques. (IANS)

Next Story

Microsoft Works To Fix Security Bug Issue in Internet Explorer

The vulnerability was found in how Internet Explorer handles memory

0
Microsoft
Overall, Microsoft said all supported versions of Windows are affected by the flaw, including Windows 7, which after this week will no longer receive security updates. Pixabay

 Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers and it is working on a fix, to be released at a later date.

The vulnerability was first reported by US Homeland Security on Friday evening, although the issue is not limited to American devices. Overall, Microsoft said all supported versions of Windows are affected by the flaw, including Windows 7, which after this week will no longer receive security updates.

The vulnerability was found in how Internet Explorer handles memory. An attacker could use the flaw to remotely run malicious code on an affected computer, such as tricking a user into opening a malicious website from a search query or a link sent by email, TechCrunch reported recently.

“The company is only aware of limited targeted attacks for which it is already working on a fix,” the report quoted a Microsoft spokesperson. The tech giant assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released.

Qihoo 360, a China-based security research team helped Microsoft in finding this flaw and it is believed to be a similar vulnerability as one disclosed by Mozilla, the maker of the Firefox browser.

As per report, neither Qihoo, Microsoft, nor Mozilla said how attackers were exploiting the bug, who the attackers were, or who was being targeted. Microsoft assigned the bug with a common vulnerability identifier, CVE-2020-0674, but specific details of the bug have yet to be released.

Microsoft
Microsoft has confirmed a security flaw affecting Internet Explorer is currently being used by hackers and it is working on a fix, to be released at a later date. Pixabay

Additionally, according to information gathered by PreciseSecurity.com, Microsoft Office products were the most commonly exploited by cybercriminals around the world and nearly 73 per cent of cyber exploits were performed in MS Office products in the third quarter of 2019.

ALSO READ: Tesla Owners Unintentionally Buy Software Updates, Face Troubles in Getting Refunds

MS Office products were followed by Browsers with 13.47 per cent of the total number of exploits by cybercriminals, Android with 9.09 per cent, Java with 2.36 per cent, Adobe Flash with 1.57 per cent and PDF with 0.66 per cent. (IANS)