Tech

Mass surveillance tech just needs a missed call to hack you

New Delhi, Nov 1 (IANS) As Indians break their heads over WhatsApp spygate where an Israeli bug infected select users smartphones to access their personal details, the mass surveillance technology has truly come of age and now the governments just need to make a missed call to install an “exploit link” into the device of a person they want to bug and listen in.

From the days when surveillance methods involved bugging the phone or cable wires to tap phones (remember Radia tapes!) to track a person’s vehicle by installing a tracking device beneath the car, cyber criminals and hackers have devised modern and untraceable tools to hack into your systems.

The most popular mass surveillance programme is ‘PRISM’ — under which the US National Security Agency (NSA) collects user’s personal communications from various US internet companies.

‘PRISM’ allegedly collects stored Internet communications based on demands made to internet companies.

The NSA can use PRISM requests to target communications that were encrypted when they traveled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier, and to get access to data.

Its existence was leaked by NSA contractor and whistleblower Edward Snowden, who warned that the extent of mass data collection was far greater than the public knew.

US President Barack Obama, during a visit to Germany, stated that the NSA’s data gathering practices constitute “a circumscribed, narrow system directed at us being able to protect our people”.

According to Amnesty.org, NSA and UK’s Government Communications Headquarters (GCHQ) are monitoring you with code names.

‘Muscular’ is one such project that “intercepts user data as it passes between Google servers”. Yahoo! was also said to be affected.

Between December 2012 and January 2013, ‘Muscular’ collected 181 million records but “Google has now strengthened security between their servers since then.

Another tool called ‘Optic Nerve’ allowed secret access to Yahoo! webcam chats. In a six-month period, it spied on 1.8 million Yahoo! users and took one still image every five minutes of video per user.

“GCHQ targeted Belgacom, Belgium’s largest telecommunications provider with spyware called Regin, a malicious piece of software designed to break into Belgaom’s networks. The purpose of the GCHQ hack was to spy on phones and internet users using the Belgacom network”.

Since then, the technology has evolved to such an extent that just a missed call is enough to snoop on anyone, anywhere.

Citizen Lab, a laboratory based at the Munk School of Global Affairs and Public Policy of the University of Toronto, has identified over 100 cases of abusive targeting of human rights’ defenders and journalists in at least 20 countries across the globe via the new piece of Israeli spyware called Pegasus.

Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.

“The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity, and use the GPS function to track a target’s location and movements,” said Citizen Lab.

The spyware can be placed on phones using multiple vectors, or means of infection. The WhatsApp exploit from May 2019 was one such vector.

In 2017, the wife of a murdered Mexican journalist was sent alarming text messages concerning her husband’s murder, designed to trick her into clicking on a link and infecting her phone with the Pegasus spyware.

In 2018, a close confidant of Jamal Khashoggi was targeted in Canada with a fake package notification, resulting in the infection of his iPhone. Citizen Lab has tracked more than two dozen cases using similar techniques.

Back to top button