from the bad-people-selling-to-worse-people dept
Here we go again. Another NSO-alike, founded in Israel by former government snoops, is selling powerful phone exploits to bad people who, unsurprisingly, use it to do bad things.
And, as usual, it’s Citizen Lab doing the heavy lifting, sifting through code, identifying targets, and seeking information to find the source of these attacks. NSO’s careless handling of its malware and customer base saw it sanctioned by the US Commerce Department and investigated by its own government. The same thing is coming for its competitors as it appears none of them consider a moral compass to be an essential business accessory.
QuaDream sells a zero-click exploit that targets iPhones. Its customers use this to target the kind of people you’d prefer governments (who buy this tech under the pretense it will be used to target terrorists and criminals) didn’t target. This is from Citizen Lab’s extensive report on QuaDream:
Based on an analysis of samples shared with us by Microsoft Threat Intelligence, we developed indicators that enabled us to identify at least five civil society victims of QuaDream’s spyware and exploits in North America, Central Asia, Southeast Asia, Europe, and the Middle East. Victims include journalists, political opposition figures, and an NGO worker. We are not naming the victims at this time.
QuaDream’s exploit is called “Reign,” and it gives governments the ability to fully compromise iPhones without users performing any actions of their own, leaving them fully unaware their phones are now infected with powerful spyware.
QuaDream works with a Cyprus-based company called InReach. InReach handles all of QuaDream’s sales and promotion outside of Israel. Adding another company to the mix also makes it easier to sell to governments blacklisted by Israel’s recent efforts to rein in its homegrown malware problem. But this partnership has undergone some recent friction, with QuaDream suing InReach for refusing to transfer sales revenues back to the QuaDream. Thanks to that legal battle, Citizen Lab has been able to discover a bit more about the people running both companies.
Citizen Lab has a list of suspected locations of QuaDream operators. And that list isn’t pretty. It includes the United Arab Emirates, Uzbekistan, Singapore, and Ghana — all countries known to engage in habitual human rights violations. It also includes Hungary and Mexico, both of which routinely target journalists and human rights defenders with malware and other surveillance.
QuaDream may be slightly restricted in who it can sell to. But those restrictions can be circumvented with front companies. And, as Israeli news organization Haaretz points out in its report on Citizen Lab’s findings, the government is already relaxing export restrictions on the many, many ethically dubious malware purveyors that call Israel home.
[A]ccording to industry sources, in recent months restrictions on the process of granting licenses to sell these tools have been eased, to the point where these technologies can be marketed even to countries to which sales are still prohibited. Following Prime Minister Benjamin Netanyahu’s return to office, the Defense Ministry is reportedly expected to renew the scope of these permits – mainly to allow sales to countries in South America and Central Asia, industry sources say.
This seems… unwise, if only from a PR standpoint. Information on unsavory customers and abusive targeting are still surfacing regularly, all of it powered by Israeli tech companies formed by former government employees. Sure, lifting restrictions will make those particular constituents happy, but allowing these companies to return to their former position as enablers of human rights abuse isn’t going to work out in the long run.
Filed Under: exploits, reign, spyware, surveillance, vulnerabilities
Companies: nso group, quadream
Source link
