Arthur T Knackerbracket has processed the following story:
Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.
This is according to an investigation by Haaretz, which this week claimed the spyware system had been sold to a country that is not a democracy.
The newspaper's report, we're told, marks the first time details of Insanet and its surveillanceware have been made public. Furthermore, Sherlock is capable of drilling its way into Microsoft Windows, Google Android, and Apple iOS devices, according to cited marketing bumf.
[...] To market its snoopware, Insanet reportedly teamed up with Candiru, an Israel-based spyware maker that has been sanctioned in the US, to offer Sherlock along with Candiru's spyware – an infection of Sherlock will apparently set a client back six million euros ($6.7 million, £5.2 million), mind you.
[...] The Electronic Frontier Foundation's Director of Activism Jason Kelley said Insanet's use of advertising technology to infect devices and spy on clients' targets makes it especially worrisome. Dodgy online ads don't just provide a potential vehicle for delivering malware, such as via carefully crafted images or JavaScript in the ads that exploit vulnerabilities in browsers and OSes, they can be used to go after specific groups of people – such as those who are interested in open source code, or who frequently travel to Asia – that someone might be interested in snooping on.
"This method of surveillance and targeting uses commercially available data that's very difficult to erase from the internet," Kelley told The Register. "Most people have no idea how much of their information has been compiled or shared by data brokers and ad tech companies, and have little ability to erase it."
It's an interesting twist. Sherlock seems designed to use legal data collection and digital advertising technologies — beloved by Big Tech and online media — to target people for government-level espionage. Other spyware, such as NSO Group's Pegasus or Cytrox's Predator and Alien, tends to be more precisely targeted.
"Threat-wise, this can be compared to malvertising where a malicious advertisement is blanket-pushed to unsuspecting users," Qualys threat research manager Mayuresh Dani told The Register.
[...] The good news for some, at least: it likely poses a minimal threat to most people, considering the multi-million-dollar price tag and other requirements for developing a surveillance campaign using Sherlock, Kelley noted.
Still, "it's just one more way that spyware companies can surveil and target activists, reporters, and government officials," he said.
[...] "Data finds its way to being used for surveillance, and worse, all the time," he continued. "Stop making the data collection profitable, and this goes away. If behavioral advertising were banned, the industry wouldn't exist."
(Score: 5, Insightful) by Opportunist on Monday September 18 2023, @07:12AM (5 children)
Use an adblocker! It's your duty as a citizen to protect yourself and your country from foreign spies!
Trying to outlaw or forbid the use is very unpatriotic and should be considered treason at this point!
(and I frankly don't know whether I should put /s tags in or not...)
(Score: 3, Funny) by Chromium_One on Monday September 18 2023, @07:24AM (1 child)
*ahem* It is your patriotic duty to use only the ad-blocking techniques which are approved by your supervisor, doctor, and government. Anything else is treason.
When you live in a sick society, everything you do is wrong.
(Score: 4, Touché) by Opportunist on Monday September 18 2023, @09:04AM
Why listen to them? I know much better what's good and right for me! I'm a free person!
Ok, if it backfires on me and I get hurt by my own stupidity, I'll come crawling back and beg you to fix me up. But until then, I'm my own boss!
(Score: 2, Interesting) by Anonymous Coward on Monday September 18 2023, @10:54AM (2 children)
> The Electronic Frontier Foundation's Director of Activism Jason Kelley ...
I searched the EFF site and Kelley's blog, no mention of this Sherlock that I could find, and no hits at all for Insanet. Anyone know if EFF Privacy Badger (which I'm very happy with) blocks it?
(Score: 1, Flamebait) by captain normal on Monday September 18 2023, @07:15PM (1 child)
"Kelley told The Register"....
Nuff said, is it too hard to read? Oh that's right, you're just an AC troll.
The Musk/Trump interview appears to have been hacked, but not a DDOS hack...more like A Distributed Denial of Reality.
(Score: 0) by Anonymous Coward on Tuesday September 19 2023, @02:37AM
Rude answer not helpful. It would appear that you didn't finish reading the snip you partially quoted?
> Kelley told The Register. "Most people have no idea how much of their information has been compiled or shared by data brokers and ad tech companies, and have little ability to erase it."
No where in tfa did Kelley say anything about EFF Privacy Badger. Thus I went looking for more information on the EFF site and didn't find any.
I also went to el Reg for the original story, https://www.theregister.com/2023/09/16/insanet_spyware/ [theregister.com] and nothing there about Privacy Badger either.