8 September 2018

THE RISE OF THE CYBER-MERCENARIES

BY NERI ZILBER

The first text message showed up on Ahmed Mansoor’s phone at 9:38 on a sweltering August morning in 2016. “New secrets about torture of Emiratis in state prisons,” it read, somewhat cryptically, in Arabic. A hyperlink followed the words. Something about the number and the message, and a similar one he received the next day, seemed off to Mansoor, a well-known human rights activist in the United Arab Emirates. He resisted the impulse to click on the links.

Instead, Mansoor sent the notes to Citizen Lab, a research institute based at the University of Toronto specializing in human rights and internet security. Working backward, researchers there identified the hyperlinks as part of a sophisticated spyware program built specifically to target Mansoor. Had he clicked on the links, the program would have turned his phone into a “digital spy in his pocket,” Citizen Lab later wrote in a report—tracking his movements, monitoring his messages, and taking control of his camera and microphone.

But the big revelation in the report wasn’t so much the technology itself; intelligence agencies in advanced countries have developed and deployed spyware around the world. What stood out was that Citizen Lab had traced the program to a private firm: the mysterious Israeli NSO Group. (The name is formed from the first initials of the company’s three founders.) Somehow, this relatively small company had managed to find a vulnerability in iPhones, considered to be among the world’s most secure cellular devices, and had developed a program to exploit it—a hugely expensive and time-consuming process. “We are not aware of any previous instance of an iPhone remote jailbreak used in the wild as part of a targeted attack campaign,” the Citizen Lab researchers wrote in their report.

No comments: