This is an interesting case: Spyware’s Odd Targets: Backers of Mexico’s Soda Tax
Related:
Author: Milan
In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford.
Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.
View all posts by Milan
“The links sent to the men were laced with an invasive form of spyware developed by NSO Group, an Israeli cyberarms dealer that sells its digital spy tools exclusively to governments and that has contracts with multiple agencies inside Mexico, according to company emails leaked to The New York Times last year.
NSO Group and the dozens of other commercial spyware outfits that have cropped up around the globe over the past decade operate in a largely unregulated market. Spyware makers like NSO Group, Hacking Team in Italy and Gamma Group in Britain insist they sell tools only to governments for criminal and terrorism investigations.”
““This is proof that surveillance in Mexico is out of control,” said Luis Fernando García, the director of the Red en Defensa de los Derechos Digitales, a Mexican digital rights nonprofit better known by the acronym R3D. “When we have proof that this surveillance is being used against nutritional activists, it’s clear Mexico should not be given these technologies.”
NSO Group’s motto is “Make the World a Safer Place.” But its spyware is increasingly turning up on the phones of journalists, dissidents and human rights activists.
NSO spyware was discovered on the phone of a human-rights activist in the United Arab Emirates and a prominent Mexican journalist in August. Researchers at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs discovered NSO had exploited flaws in Apple software — since patched — to infiltrate the phones of the Emirati activist and the Mexican journalist, Rafael Cabrera.”
Much like a traditional software company, the NSO Group prices its surveillance tools by the number of targets, starting with a flat $500,000 installation fee. To spy on 10 iPhone users, NSO charges government agencies $650,000; $650,000 for 10 Android users; $500,000 for five BlackBerry users; or $300,000 for five Symbian users — on top of the setup fee, according to one commercial proposal.
You can pay for more targets. One hundred additional targets will cost $800,000, 50 extra targets cost $500,000, 20 extra will cost $250,000 and 10 extra costs $150,000, according to an NSO Group commercial proposal. There is an annual system maintenance fee of 17 percent of the total price every year thereafter.
What that gets you, NSO Group documents say, is “unlimited access to a target’s mobile devices.” In short, the company says: You can “remotely and covertly collect information about your target’s relationships, location, phone calls, plans and activities — whenever and wherever they are.”
Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links
How 30 Lines of Code Blew Up a 27-Ton Generator
A secret experiment in 2007 proved that hackers could devastate power grid equipment beyond repair—with a file no bigger than a gif
EARLIER THIS WEEK, the US Department of Justice unsealed an indictment against a group of hackers known as Sandworm. The document charged six hackers working for Russia’s GRU military intelligence agency with computer crimes related to half a decade of cyberattacks across the globe, from sabotaging the 2018 Winter Olympics in Korea to unleashing the most destructive malware in history in Ukraine. Among those acts of cyberwar was an unprecedented attack on Ukraine’s power grid in 2016, one that appeared designed to not merely cause a blackout, but to inflict physical damage on electric equipment. And when one cybersecurity researcher named Mike Assante dug into the details of that attack, he recognized a grid-hacking idea invented not by Russian hackers, but by the United State government, and tested a decade earlier.
The following excerpt from the book SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers, published in paperback this week, tells the story of that early, seminal grid-hacking experiment. The demonstration was led by Assante, the late, legendary industrial control systems security pioneer. It would come to be known as the Aurora Generator Test. Today, it still serves as a powerful warning of the potential physical-world effects of cyberattacks—and an eery premonition of Sandworm’s attacks to come.