Title | Probe Reveals Secret Israeli Spyware That Infects Via Ad | |
Date | Monday September 18 2023, @06:29AM | |
Author | hubie | |
Topic | ||
from the Oh-s#!t-Sherlock dept. |
Arthur T Knackerbracket has processed the following story:
Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online adverts to snoop on targets and collect data about them for the biz's clients.
This is according to an investigation by Haaretz, which this week claimed the spyware system had been sold to a country that is not a democracy.
The newspaper's report, we're told, marks the first time details of Insanet and its surveillanceware have been made public. Furthermore, Sherlock is capable of drilling its way into Microsoft Windows, Google Android, and Apple iOS devices, according to cited marketing bumf.
[...] To market its snoopware, Insanet reportedly teamed up with Candiru, an Israel-based spyware maker that has been sanctioned in the US, to offer Sherlock along with Candiru's spyware – an infection of Sherlock will apparently set a client back six million euros ($6.7 million, £5.2 million), mind you.
[...] The Electronic Frontier Foundation's Director of Activism Jason Kelley said Insanet's use of advertising technology to infect devices and spy on clients' targets makes it especially worrisome. Dodgy online ads don't just provide a potential vehicle for delivering malware, such as via carefully crafted images or JavaScript in the ads that exploit vulnerabilities in browsers and OSes, they can be used to go after specific groups of people – such as those who are interested in open source code, or who frequently travel to Asia – that someone might be interested in snooping on.
"This method of surveillance and targeting uses commercially available data that's very difficult to erase from the internet," Kelley told The Register. "Most people have no idea how much of their information has been compiled or shared by data brokers and ad tech companies, and have little ability to erase it."
It's an interesting twist. Sherlock seems designed to use legal data collection and digital advertising technologies — beloved by Big Tech and online media — to target people for government-level espionage. Other spyware, such as NSO Group's Pegasus or Cytrox's Predator and Alien, tends to be more precisely targeted.
"Threat-wise, this can be compared to malvertising where a malicious advertisement is blanket-pushed to unsuspecting users," Qualys threat research manager Mayuresh Dani told The Register.
[...] The good news for some, at least: it likely poses a minimal threat to most people, considering the multi-million-dollar price tag and other requirements for developing a surveillance campaign using Sherlock, Kelley noted.
Still, "it's just one more way that spyware companies can surveil and target activists, reporters, and government officials," he said.
[...] "Data finds its way to being used for surveillance, and worse, all the time," he continued. "Stop making the data collection profitable, and this goes away. If behavioral advertising were banned, the industry wouldn't exist."
Links |
printed from SoylentNews, Probe Reveals Secret Israeli Spyware That Infects Via Ad on 2024-09-07 23:45:26