Spyware Scandals Are Ripping Through Europe (wired.com) 7
The latest crisis that rocked the Greek government shows the bloc's surveillance problem goes beyond the notorious NSO Group. From a report: The ripple effects of the scandal are reaching the heart of the European Union. Over the past 13 months, it has been revealed that spyware had targeted opposition leaders, journalists, lawyers and activists in France, Spain, Hungary, Poland and even staff within the European Commission, the EU's cabinet-style government, between 2019 and 2021. The bloc has already set up an inquiry into its own use of spyware, but even as the 38-person committee works toward producing a report for early 2023, the number of new scandals is quickly mounting up. What sets the scandal in Greece apart is the company behind the spyware that was used. Until then the surveillance software in every EU scandal could be traced back to one company, the notorious NSO Group. Yet the spyware stalking Koukakis' phone was made by Cytrox, a company founded in the small European nation of North Macedonia and acquired in 2017 by Tal Dilian -- an entrepreneur who achieved notoriety for driving a high-tech surveillance van around the island of Cyprus and showing a Forbes journalist how it could hack into passing people's phones.
In that interview, Dilian said he had acquired Cytrox and absorbed the company into his intelligence company Intellexa, which is now thought to now be based in Greece. The arrival of Cytrox into Europe's ongoing scandal shows the problem is bigger than just the NSO Group. The bloc has a thriving spyware industry of its own. As the NSO Group struggles with intense scrutiny and being blacklisted by the US, its less well-known European rivals are jostling to take its clients, researchers say. Over the past two months, Cytrox is not the only local company to generate headlines for hacking devices within the bloc. In June, Google discovered the Italian spyware vendor RCS Lab was targeting smartphones in Italy and Kazakhstan. Alberto Nobili, RCS' managing director, told WIRED that the company condemns the misuse of its products but declined to comment on whether the cases cited by Google were examples of misuse. "RCS personnel are not exposed, nor participate in any activities conducted by the relevant customers," he says. More recently, in July, spyware made by Austria's DSIRF was detected by Microsoft hacking into law firms, banks, and consultancies in Austria, the UK, and Panama.
In that interview, Dilian said he had acquired Cytrox and absorbed the company into his intelligence company Intellexa, which is now thought to now be based in Greece. The arrival of Cytrox into Europe's ongoing scandal shows the problem is bigger than just the NSO Group. The bloc has a thriving spyware industry of its own. As the NSO Group struggles with intense scrutiny and being blacklisted by the US, its less well-known European rivals are jostling to take its clients, researchers say. Over the past two months, Cytrox is not the only local company to generate headlines for hacking devices within the bloc. In June, Google discovered the Italian spyware vendor RCS Lab was targeting smartphones in Italy and Kazakhstan. Alberto Nobili, RCS' managing director, told WIRED that the company condemns the misuse of its products but declined to comment on whether the cases cited by Google were examples of misuse. "RCS personnel are not exposed, nor participate in any activities conducted by the relevant customers," he says. More recently, in July, spyware made by Austria's DSIRF was detected by Microsoft hacking into law firms, banks, and consultancies in Austria, the UK, and Panama.
I'm confused (Score:3)
Is this a scandal or not? The summary seems a bit on the fence about it.
That it can be done is what matters, right? (Score:5, Insightful)
Maybe there's something I'm missing here, but, if I find out there's a company making spyware such that their van can drive by my house and hack my phone, the fact that my phone can be hacked is the bad news. Because while I may know this one entity is doing it, how do I know others aren't.
Maybe it's just plain impossible to make communications systems secure. Or not impossible, but prohibitively expensive, which amounts to the same thing.
How about this as a rule of thumb:
The more convenient a form of communication is, the more likely somebody is listening in.
Re: (Score:3)
Maybe it's just plain impossible to make communications systems secure. Or not impossible, but prohibitively expensive,
The problem is intended targets are non technical people.
These people: 1) have phones running a stock OS designed with remote controls and remote updates that make it intrinsically insecure, and 2) use the phone as a general entertainment device (browse randomly internet, install free games).
A very good mitigation exist: 1) Using AOSP or independent phone OSes based on GNU/linux distros ( https://en.wikipedia.org/wiki/... [wikipedia.org] ), 2) not disclosing publicly what you are using, and 3) using a phone strictly for th
Bd (Score:2, Troll)
"We must have bwckdoors in everythOMG PEOPLE ARE SPYING ON US!"
Re: (Score:2)
Fascinating. Downmodding in favor of spying backdoors being used against the backdoor users.
Evil is rampant: News at 11 (Score:3)
It still amazes me that governments (and by extension, politicians) are so surprised that their phones have been hacked. I mean, many of these types are behind the funding & development of similar spyware by their own national outfits, let alone the purchase thereof from foreign companies. Did they never consider that what they were doing could come to bite them in the ass later on?
If my top security advisor came to me, and said, "Here's what we can do!" I'd immediately assume that the opposition was in possession of such software, and ask him / her how to stop it. Not become giddy about the possibility of rifling through people's private things, and work to make more of that possible. *shakes head* Just the sheer insanity of it...
The alarm bells have been rung on this problem for so long, that I think I've grown deaf.
On some other notes:
I guess this puts a nail in the coffin of the belief that Apple products "don't get viruses / malware," and thus do not need anti-viral solutions.
And:
Having said as much about Apple products, I am curious if Android anti-viral solutions can actually scan for and eliminate state-level spyware. And if they would.
Consider it: would Kaspersky detect & eliminate Russian spyware? Would Bitdefender detect & eliminate EU spyware? Would McAfee detect & eliminate US spyware? Most of us know that the answer is probably "No." What do you do then? Try and vote in more privacy-conscious politicians? Run anti-viral software not made anywhere near your country? What?
Smartphone OS' are the problem (Score:2)
And to be clear, this isn't a technical problem, it's a legal problem. Apple