The University of Toronto’s Citizen Lab, which tracks illegal piracy and surveillance, said at least 100 government activists, journalists and dissidents from 10 countries were targeted by spyware produced by an Israeli company called Candiru.
At least 100 government activists, journalists and dissidents from 10 countries were targeted by spyware produced by an Israeli company called Candiru, according to cybersecurity researchers at the University of Toronto’s Citizen Lab, which tracks illegal piracy and surveillance. .
Using a couple of vulnerabilities in Microsoft Corp.’s Windows, cyber operators operating in Saudi Arabia, Israel, Hungary, Indonesia and elsewhere bought and installed remote spy software made by Candiru, according to the researchers. The tool was used in “precision attacks” against computers, phones, network infrastructures and Internet-connected devices of the targets, “said Cristin Goodwin, general manager of Microsoft’s Digital Security Unit.
Microsoft was alerted to these attacks by Citizen Lab researchers, and after weeks of analysis, the company released patches on July 13 for a couple of Windows vulnerabilities that were believed to be the entry point for the Spyware, according to a Microsoft blog post Thursday. Microsoft does not name Candiru, but refers to an “Israeli-based private sector offensive player” called Sourgum.
Candiru did not immediately respond to a message seeking comment. Candiru is the name of an eel-like fish native to the Amazon River region that allegedly enters the urethra of humans before unfolding short spines, a story that some have dismissed as a myth.
Spyware users also hacked politicians and human rights activists, according to investigators, who rejected the victims’ names.
Citizen Lab researchers said Candiru spyware is part of a thriving private industry that sells technology to governments and authoritarian leaders so they can access communications from private citizens and the political opposition. Another Israeli company, NSO Group Ltd., has been accused of providing spyware to repressive governments that have used it to search journalists and activists.
The OSN has stated that it sells its technology exclusively to governments and law enforcement as a tool against terrorism and crime. In a report released on June 30, the NSO group said it refuses to sell spyware to 55 countries and has taken steps to curb customer misuse.
John Scott-Railton, a senior researcher at Citizen Lab, said Candiru’s research “shows that there is a whole ecosystem sold to authoritarian regimes.”
“Tools like Candiru are used to export fear,” he added.
The Citizen Lab findings also offered a new insight into the cost of doing business in the spyware industry.
For 16 million euros ($ 18.9 million), Candiru customers can try to commit an unlimited number of devices, but are limited to actively tracking only 10 at a time, according to Citizen Lab. For an additional $ 1.5 million ($ 1.8 million), buyers can control an additional 15 victims.
Candiru has clients in Europe, Russia, the Middle East, Asia and Latin America, according to the Israeli newspaper Haaretz. According to the Citizen Lab report, local news organizations have reported contracts in Uzbekistan, Saudi Arabia, the United Arab Emirates, Singapore and Qatar.
According to Citizen Lab, Candiru customers can only operate in “agreed territories”. According to the report, the company’s customers sign contracts that limit operations outside the United States, Russia, China, Israel and Iran. But Microsoft said it has recently discovered activities with spyware in Iran, suggesting the rules are not specific, according to the report.