Skip to main content

Why You Don’t Need to Be Bezos to Worry About Spyware

In this article

The news that an iPhone owned byAmazon.com Chief Executive Officer Jeff Bezos had beenhacked prompted widespread speculation about how it happened and whether the Saudi crown prince may have been involved, as some investigators have alleged. But it also led many people to wonder whether their own phone might be turned against them. Spyware is used by law enforcement and intelligence agencies to track criminals and terrorists, and by repressive governments to spy on enemies. Beyond targeted spyware that secretly hacks phones, hundreds of companies track people’s everyday internet use.

1. What is spyware?

It’s a subset of malware, the name given broadly to software that harms unsuspecting users.Spyware specifically is software meant to extract information such as internet browsing history or private communications from devices it’s installed on without the user’s consent. In its most sophisticated form, spyware can be unwittingly downloaded on a phone and extract texts and private files and monitor a user’s actions. Those types of spyware are often developed by intelligence agencies or a small but growing number of private firms — many run by former military intelligence officers. Spyware can also be used by the private sector to send consumers pop-up ads, redirect them to unwanted websites ortrack browsing history to predict what types of products and services they may be interested in.

2. Is spyware only on phones?

No, but phones are increasingly becoming the primary target. Some spyware is so advanced that is can turn on your phone’s microphone, secretly record and even take pictures with the camera. The fact that many users now keep sensitive data on mobile devices make them even more attractive targets. With the use of encrypted chat apps growing, governments around the world want the most sophisticated tools to conduct clandestine surveillance on mobile phones. The result is an industry that’sexpanding rapidy. “This industry seems to just keep growing,” said Eric Kind, director ofAWO, a London-based data rights law firm and consulting agency. “Ten years ago, there were just a few companies. Now there are 20 or more.” That’s left the creators of popular devices and software racing to patch newly discovered vulnerabilities before spyware makers can exploit them.

3. What happened to Bezos?

We still don’t know exactly what happened, and it’s unclear if we ever will. Here’s what we do know: On May 1, 2018, Bezos allegedly received a video file on his iPhone X from a WhatsApp account used by Mohammed Bin Salman, the crown prince of Saudi Arabia; the two men had exchanged numbers at a dinner in Los Angeles a few weeks earlier. A forensic analysis of Bezos’s phone, conducted last year byFTI Consulting Inc., concluded that massive amounts of data started being secretly uploaded from Bezos’s phone within hours of receiving the video file. The analysts didn’t find the spyware on Bezos’s phone, but concluded with medium to high confidence that it had been infected by malware contained in the message from the crown prince’s account. They cited the timing of the spike in data being transmitted from Bezos’s phone and two later messages from the crown prince’s account that allegedly contained information that wasn’t widely known to the public. Saudi Arabia has denied any involvement.

4. What happened to that data?

That’s also unclear. However, in January 2019, theNational Enquirer published an expose of Bezos’s extramarital affair with television news personality Lauren Sanchez. The supermarkettabloid paid $200,000 to Sanchez’s brother for the billionaire’s secrets, according to the Wall Street Journal; the brother, Michael Sanchez, has called the Journal’s reporting“wrong.” An investigator hired by Bezos raised doubts that Sanchez was the Enquirer’s only source, suggesting instead that the Saudis may have been involved. “Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information,” the investigator, Gavin De Becker wrote, in a March 31, 2019column in the Daily Beast. De Becker hired FTI Consulting, which later confirmed his allegation. The Saudi Embassy called allegations that the kingdom is behind the Bezos hack “absurd” and the Enquirer’s parent company said they only had one source for the story.

5. Could that happen to me?

Yes, but the likelihood of that varies greatly. If you are a lawyer, journalist, activist or politician in possession of sensitive data, or an enemy of a regime that has little regard for human rights, you could be especially vulnerable to this kind of digital attack. The Citizen Lab at theUniversity of Toronto has identifiedover 100 cases where the powerful spyware developed byNSO Group has been abused. NSO Group has pushed back on Citizen Lab’s claims, saying it has no role in choosing the targets of its spyware, only that it sells its software to governments around the world for use in law enforcement investigations. ASaudi dissidentsued NSO Group in 2018, alleging that his phone was hacked by the Saudi government using the company’s spyware, in part to eavesdrop on communications between him and Washington Post journalist Jamal Khashoggi, who was later murdered by a Saudi assassination team. WhatsApp has alsofiled a lawsuit against NSO group, alleging that it violated its terms of service by using WhatsApp as a delivery mechanism for its spyware.

6. What can I do?

The best way to try to protect yourself against the most intrusive spyware is to keep your phone and computer’s software updated and to beware of suspicious emails and text messages. When it comes to the everyday surveillance and harvesting of information by social media companies and app makers, your best bet is to check your privacy settings, read terms and conditions closely and do without programs you’re uneasy about. But even sophisticated users — like Bezos — find it hard to shield their phones against the most advanced spyware on the market. Also hard to avoid are the dragnet surveillance programs operated by governments around the world that indiscriminately sweep up massive amounts of internet traffic, though using encrypted chat apps like Signal may help.

7. Are there rules about spyware?

Not too many, though activists are hoping that the Bezos hack will change that. Some countries, including the U.K., Germany, Austria and Italy, have laws governing hacking by law enforcement. A judicial warrant is required in the U.S., except under certain circumstances. But it is still unclear which countries are engaging in this kind of hacking. And the private companies that develop these hacking tools typically go to great lengths to ensure that its customers are never revealed. The most in-depth look we’ve ever had into the operations of a spyware developer was when Hacking Team itselfgot hacked, exposing its customers and the inner workings of its tools.

The Reference Shelf

  • TheCitizen Lab research tracking NSO Group’s spyware being used in 45 countries.
  • A leakeduser manual for NSO Group’s most publicized spyware, Pegasus.
  • A60 minutes interview with the CEO of NSO Group.
  • A Bloomberg Newsarticle on how experts think Saudi Arabia outsources its cyber arsenal.
Source: Read Full Article

Comments

Popular posts from this blog

Fears coronavirus will spark divorce surge as couples self-isolate for months

Coronavirus is "very likely" to lead to an increase in marriage break-ups because of people being confined together for long periods in self-isolation, a leading divorce lawyer has said.Baroness Shackleton of Belgravia, whose previous clients have included Sir Paul McCartney, the Prince of Wales, Madonna and Liam Gallagher, revealed the view of the profession as a growing number of households go into voluntary lockdown in a bid to curb the spread of infection.Official health advice states that if one person in a property has a persistent cough or fever, everyone living there should stay at home for 14 days.Nicknamed the "Steel Magnolia" for her skills and charm, Lady Shackleton told peers at Westminster: "The prediction amongst divorce lawyers is that following self-imposed confinement it is very likely that the divorce rate will rise."Our peak times are after long exposure during the summer holidays and over Christmas."One only has to imagine what i…

At Least 23 People Dead in Australia Bushfires As Blazes Continue Raging

SYDNEY (AP) — A father and son who were battling flames for two days are the latest victims of the worst wildfire season in Australian history, and the path of destruction widened in at least three states Saturday due to strong winds and high temperatures.The death toll in the wildfire crisis is now up to 23 people, Prime Minister Scott Morrison said after calling up about 3,000 reservists to battle the escalating fires, which are expected to be particularly fierce throughout the weekend.“We are facing another extremely difficult next 24 hours,” Morrison said at a televised news conference. “In recent times, particularly over the course of the balance of this week, we have seen this disaster escalate to an entirely new level.”Dick Lang, a 78-year-old acclaimed bush pilot and outback safari operator, and his 43-year-old son, Clayton, were identified by Australian authorities after their bodies were found Saturday on a highway on Kangaroo Island. Their family said their losses left them…

Data-obsessed Brits spend an entire WEEK per year 'analysing their lives with gadgets', survey suggests

DATA driven Brits spend the equivalent of a WHOLE WEEK of each year tracking and analysing their behaviour, according to research.A survey of 2,000 adults revealed we typically use analytical apps and devices to monitor six parts of our lives.More than half (51 per cent) monitor their steps and movement, with 39 per cent tracking their fitness and 34 per cent regularly monitoring their heart rate.And one quarter of adults use apps to see how much sleep they get each night.But according to a new survey, commissioned to encourage the use of smart meters in UK homes during Big Energy Saving Week and beyond, three quarters (76 per cent) of Brits admit they haven’t the foggiest how much energy they use at home.In total, adults spend 30 minutes every day checking their health, behaviour and finances on apps and devices – the equivalent of 183 hours or seven-and-a-half days per year.A quarter like to track areas of their life because it inspires them to improve, while 22 per cent say it make…