Google will fight government hackers who spy on journalists human
Software

Google will fight government hackers who spy on journalists, human rights activists and politicians

Google intends to stop hacking campaigns carried out using spyware, as they often involve targeted surveillance of journalists, dissidents and politicians. According to the company, suppliers of so-called “commercial surveillance” systems contribute to the spread of dangerous hacking tools. Spyware providers, in turn, claim that their software is legitimately used in law enforcement and the fight against terrorism.

  Image source: Pixabay

Image source: Pixabay

Government hackers took advantage of three previously unknown zero-day vulnerabilities in Apple’s iOS operating system last year, according to Google’s threat intelligence team. They used spy tools developed by European surveillance and hacking technology startup Variston, whose malware has already been analyzed twice by Google in 2022 and 2023.

Researchers from Google’s threat intelligence team discovered the use of Variston software in March 2023 to target iPhones in Indonesia. The hackers delivered an SMS text message containing a malicious link that infected the victim’s phone with spyware, and then redirected the victim to a news article in the Indonesian newspaper Pikiran Rakyat. Google did not disclose who was the government sponsor of this attack.

Variston was founded in 2018 in Barcelona by Ralf Wegener and Ramanan Jayaraman and soon after acquired Italian computer security and zero-day vulnerability research company Truel IT. According to rumors, Variston’s staff has recently decreased significantly, although there is no talk of a decrease in activity yet. According to Google, Variston is collaborating “with several other organizations in developing and delivering spyware.”

Google calls Protected AE, founded in 2016 in the United Arab Emirates, one of such organizations. Registration documents describe the company’s profile as “Protect Electronic Systems.” On the official website Protected AE positions itself as “a leading company in the field of cybersecurity and forensics”. According to Google, Protected AE “integrates the spyware it develops with the Heliconia platform and infrastructure [от Variston] into a complete package, which is then offered for sale either to a local broker or directly to the government customer”.

While Israeli spyware makers such as NSO Group, Candiru and QuaDream have received a lot of attention in the past few years, Google’s report shows that European spyware makers are also expanding their presence and capabilities. Google researchers are tracking about 40 companies that sell exploits and surveillance spyware to government customers around the world.

In addition to Variston, Google analysts note the Italian companies Cy4Gate, RCS Lab and Negg. RCS Lab was founded in 1993 and previously partnered with now-defunct spyware maker Hacking Team, but did not develop spyware on its own until recent years, focusing instead on selling traditional carrier wiretapping products.

Google is confident that spyware can be used to spy on journalists, human rights activists, dissidents and opposition politicians, whom the company classifies as “high risk users”. “Although the number [этих] users are small compared to other types of cyber threats, the consequences are much wider, – says Google. — This type of targeted attack threatens free speech, a free press, and the integrity of elections around the world.”

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment