THE SMARTPHONE SURVEILLANCE ECONOMY
While it’s largely unclear who may be responsible for any given instance of smartphone surveillance or the goal behind such an attack, much more is known about the larger landscape.
DigitalBank Vault provides sophisticated Digital Anti Surveillance technologies: military-grade encryption devices for ultra-secure anonymous communication (voice calls & text messaging) with untraceable file transfers & storage solutions.
Visit us at https://www.digitalbank.capital/
Smartphone surveillance has its own unique economy with a diverse mix of participants and motivations.
The most successful companies of our time are those who’ve mastered user data – collecting it, analyzing it and profiting from it – typically at the expense of user privacy.
Players range from malicious actors to trusted governmental agencies, and many exist within the gray area in the middle.
Intelligence agencies have long been at the forefront of surveillance, for both domestic and foreign targets. It’s safe to assume that all intelligence agencies – and the threat actors working on their behalf – are dedicated to hacking mobile devices.
Some foreign intelligence services have even disrupted smartphone supply chains, building in control of devices before they reach end-users.
Tellingly, the Pentagon has banned the use of smartphones within spaces containing classified information, with the exception of government-issued devices that have had the cameras and microphones disabled through painstaking hardware modifications.
Likely targets for surveillance include:
• Military groups (for battle strategies,
troop movements, etc.)
• Other intelligence agencies (for classified
information, sources, etc.)
• High-level individuals (for private affairs,
criminal activity, etc.)
• Enterprises (for trade secrets, financial
The cyber-arms market includes defense contractors, cyber-mercenaries and enterprising hackers. Individual tools for smartphone surveillance are custom-built for a client, developed as a ready-made solution or created to sell on the dark web.
Some exploits may take advantage of unpublished zero-days and other unpatched vulnerabilities. The clientele of these cyber-arms is typically undisclosed, but include reputable governmental actors like intelligence agencies, law enforcement and prosecutors, as well as nefarious actors like hostile nation-states and threat groups.
Cybercriminals may be motivated by a variety of reasons, including economic, political, social or personal. In addition to developing their own malware capabilities, hackers often use existing malware families and exploits – open-source, proprietary, or commercial – to carry out their goals.
Tools – including those stolen or leaked from cyber-arms dealers – are widely shared underground.
Though not actively surveilling users, digital assistants and certain apps function through the elevated camera and/or microphone permissions.
Virtual assistants like Siri and Google Assistant, for example, are designed to always listen, waiting for wake words that prompt them into action. While such services are still unexplored territory for hackers, it’s conceivable that malware can piggyback on these services to intercept conversations and other audio.
Though NSO is perhaps the most infamous mobile spyware maker—a recent lawsuit alleges that its Pegasus technology was used to help track murdered Saudi dissident Jamal Khashoggi—it is only one of many shadowy firms offering smartphone malware that, while officially designed to target criminals and terrorists, can be used to target activists, lawyers, and other members of civil society.
Dozens upon dozens of spyware firms offer a range of smartphone surveillance, from video and audio recording to location and text monitoring, including regimes with dubious human rights records. This technology, for instance, has been used by mysterious elements in countries like Bahrain and Ethiopia, who used Milan-based Hacking Team’s Remote Control System and the U.K.-based Gamma Group’s FinFisher spyware, respectively, to target dissidents both at home and abroad.
Ability, a Tel Aviv-based spyware firm, sells something called the Unlimited Interception System (ULIN), which, along with a tactical cellular interception system called IBIS (In-Between Interception System) allows Ability to intercept GSM, UMTS, LTE, AND CDMA networks to spy on a target’s smartphone. Mexico spent $42 million on ULIN and other tools in 2016, but Ability has also had customers in China, Singapore, Myanmar, the Czech Republic, Germany, and other countries. The company website states its customers include security and intelligence agencies, military forces, law enforcement, and homeland security agencies in over 50 countries.
Verint, which has offices in Melville, New York, and Herzliya, Israel, came close to purchasing NSO Group in 2018 for $1 billion before talks fell apart. The company is best known for its security cameras and systems that allow corporations to monitor work places, but it also sells sophisticated mass communication surveillance tools, including smartphone tracking software to government and enterprise customers. Verint’s SkyLock technology, for instance, can track the location of smartphone users by hacking the SS7 protocol, as evidenced in a confidential brochure obtained by 60 Minutes in 2016.
Like a number of known spyware companies, Verint has sold smartphone snooping systems to governments with highly questionable human rights records, such as the United Arab Emirates (UAE), South Sudan, and Mexico. An anonymous former Verint employee , told Haaretz last year that Verint’s phone monitoring technology was used to target gay and transgender people in Azerbaijan.
To compete with the likes of NSO Group and Verint Systems, a number of surveillance startups recently formed a consortium. Known as Intellexa, this alliance aims to become “a one-stop shop for all of our customers’ field intelligence collection needs”—the need, of course, being smart device monitoring, among other electronic devices.
The Intellexa alliance is comprised of cyberintelligence firms Nexa Technologies (formerly Amesys), WiSpear, and Cytrox. Nexa’s “Lawful Intercept” solution allows the operator to spy on voice and data across 2G, 3G, and 4G) networks. The company, which is headquartered in Paris with offices in Dubai and the Czech Republic, also offers an internet interception product that allows users to carry out IP probes to analyze high data rate networks, or use what its website says are Wi-Fi sensors designed to detect a target several miles away.
Nexa didn’t respond to email requests for comment on its system capabilities. However, John Scott-Railton, a Senior Research at Citizen Lab, says the company’s Wi-Fi sensors are likely radio direction finding technology combined with standard Wi-Fi interception attacks.
Intellexa partner WiSpear is a more recent entry into the offensive cyber weapons market. Launched in Israel in 2017 but based in Cyprus, WiSpear sells a specially-outfitted van called SpearHead, which is equipped with 24 antennas that can force a target’s phone or computer to connect to its Wi-Fi-based interceptor at a distance of up to 1,640 feet. After conducting a “man-in-the-middle” attack, SpearHead can download four different kinds of malware onto iOS and Android.
WiSpear’s founder, Tal Dilian, a veteran of the Israeli Defense Forces, is also the founder of Circles, a cyberweapons company based in Cyprus and Bulgaria that merged with NSO Group when both companies were under the ownership of Francisco Partners. The other public Intellexa parter, Cytrox, is a European firm that develops exploits that can target and break into a user’s smart devices. The company, which is currently in stealth mode according to its website, was acquired by WiSpear in 2018. Dilian told the publication that in addition to the three firms, there are five other non-public partners in Intellexa.
“Field intelligence teams must be prepared to overcome any challenge they face,” said Dilian in Intellexa’s February 16th press release announcing the alliance. “They need to be able to access hard-to-reach areas and successfully intercept any device. To make sure they succeed in doing so, they need a versatile platform—portable, vehicle mounted or airborne—with a comprehensive set of capabilities to choose from, depending on the specific operational scenario they face. Intellexa was established to enable just that.”
Intellexa could not be reached for comment on its “airborne” spyware capabilities, but Scott-Railton says drones and other aircraft equipped with intercept technology would be advantageous for firms. “[Drones and aircraft] are actually the best way since you get it via line-of-sight,” he says. “Ground-based has much lower range.”
Another, lesser-known spyware firm is Rayzone, an Israeli company that offers services like location tracking and big data analysis, as well as a “trojan system for mobile devices” that it sells to governments and federal agencies. The Rayzone website mentions malware that allows clients to gather smartphone information like files, photos, web browsing, emails, location, Skype conversations, and other data. The company also boasts that its malware can spy on SMS and other instant messaging services, including WhatsApp.
Many of the above spyware firms make their money with overseas contracts, often under the auspices of their governments’ export controls, but there are several companies with more domestic agendas. The UAE, for instance, is home to DarkMatter, a cybersecurity firm that houses Project Raven, a team of clandestine operatives, some of whom have formerly worked for U.S. intelligence services like the National Security Agency (NSA). Reuters reported in January that for the last several years, Raven operatives used a cyberespionage platform called Karma that can hack the iPhones of activists and political leaders, as well as suspected terrorists.
One of the Reuters sources, Lori Stroud, formerly of NSA contractor Booz Allen Hamilton, was told in a briefing that Raven is the offensive, operational division of the UAE’s NESA (National Electronic Security Authority, now called the Signals Intelligence Agency), which is equivalent to the NSA. While Raven used Karma to spy on regional rivals like Qatar and Iran, it also reportedly used the malware to target UAE citizens who were openly critical of the monarchy. In an interesting turn, anonymous sources told the Intercept that operatives at Dark Matter had discussed hacking the publication’s staff after reporter Jenna McLaughlin had revealed in an Intercept story how the Maryland-based computer security firm CyberPoint had helped assemble a team of American spies and hacking tools for Project Raven.
Across the Mediterranean, the Italian firm eSurv sells an Android spyware platform nicknamed “Exodus.” In March, researchers at the watchdog Security Without Borders said that between 2016 until early 2019 they had found 25 malicious apps uploaded by eSurv to the Google Play Store, where they were disguised as applications from mobile operators. “According to publicly available statistics, as well as confirmation from Google, most of these apps collected a few dozen installations each, with one case reaching over 350,” Security Without Borders reported.
Security Without Borders’ research revealed that Exodus is equipped with “extensive collection and interception capabilities,” and that some modifications triggered by the spyware “might expose the infected devices to further compromise or data tampering.” Italian authorities launched an investigation into eSurv and a related company, STM, in the weeks before Security Without Borders’ report. As part of the investigation, prosecutors said they shut down eSurv’s infrastructure.