Anonymous ID: b759fb July 22, 2022, 8:06 a.m. No.16780843   🗄️.is đź”—kun

https://english.almayadeen.net/news/technology/israeli-candiru-spyware-behind-new-attack-on-journalists

 

Israeli Candiru spyware behind new attack on journalists

 

Security researchers at Avast Threat Labs, a global security company, have linked the discovery of an actively exploited zero-day vulnerability in Google Chrome to an Israeli spyware maker known to target journalists in West Asia.

 

The attacks were attributed to a spyware vendor based in "Tel Aviv," Candiru. The company is registered under the name "Saito Tech" in "Israel".

 

Last year in April 2020, an online security firm, ESET, revealed that the Middle East Eye was targeted by the hacking-for-hire group.

 

David Hearst, the editor-in-chief of MEE, remarked at the time that the “Middle East Eye is no stranger to such attempts to take our website down by state and non-state actors. Substantial sums of money have been spent trying to take us out. They have not stopped us reporting what is going on in all corners of the region and it will not stop us in future. They will not stop us reaching a global audience.”

 

In November 2021, Candiru was sanctioned by the US Commerce Department for engaging in activities that threaten US national security.

 

The last Candiru attack, detected by Avast, was in March, and it was done using an advanced toolset that targeted individuals in Palestine, Yemen, and Turkey, in addition to journalists in Lebanon where Candiru compromised a website at an unnamed news agency.

 

“We can’t say for sure what the attackers might have been after, however often the reason why attackers go after journalists is to spy on them and the stories they’re working on directly, or to get to their sources and gather compromising information and sensitive data they shared with the press,” Avast said in a statement.

 

Candiru's first exposure was in July 2021, and it was exposed by Microsoft and Citizen Lab. At least 100 activists, journalists, and dissidents in 10 countries were targeted by the company.

 

Citizen Lab has previously reported that Saudi Arabia and the UAE are "likely Candiru customers" and that the firm also "has become closer to Qatar" in recent times.

 

In July, Citizen Lab reported that Candiru and Pegasus, produced by Israeli NSO Group, have been used by governments, including Morocco, Saudi Arabia, and the United Arab Emirates, to hack into phone data of activists and journalists around the world.

Anonymous ID: b759fb July 22, 2022, 8:13 a.m. No.16780875   🗄️.is đź”—kun

https://english.almayadeen.net/news/technology/twitter-employee-accused-of-spying-for-ksa-heads-to-trial

 

Twitter employee accused of spying for KSA heads to trial

 

From 2013 until 2015, Ahmad Abouammo was in charge of promoting the Twitter accounts of celebrities, journalists, and other significant personalities in the Middle East.

 

However, the Justice Department says he abused his access to Twitter user data, obtaining personal information from political dissidents and passing it on to Saudi Arabia in exchange for a costly watch and hundreds of thousands of dollars.

 

He is scheduled to attend a trial in federal court in San Francisco this week on charges of working as an agent of a foreign authority inside the United States, conducting wire fraud and laundering money.

 

“We look forward to vindicating Abouammo and for him to have his day in court,” said Angela Chuang, a lawyer representing him. The government expects Abouammo’s legal team to argue that he worked lawfully as a consultant to Saudi Arabia, according to a court filing. Chuang declined to comment on legal strategy.

 

The case, which demonstrates the Saudi government's zeal in obtaining information about its detractors, is happening at a critical juncture in US-Saudi diplomacy.

 

US-KSA diplomatic struggle

 

The allegations resurfaced in light of President Biden's first visit to the country, which he had previously sworn to make a "pariah", last week, in the hopes of establishing better Saudi-Israeli relations and relief from high gas prices.

 

Biden met with Crown Prince Mohammed bin Salman (MBS) and other Saudi officials. Human rights campaigners, meanwhile, slammed the visit, accusing the President of ignoring the death of Jamal Khashoggi, a Washington Post journalist killed by Saudi operatives in 2018.

 

Twitter tightens employee access

Twitter has stated that it has reduced employee access to user data since Abouammo's departure in 2015, but the firm continued to face security issues. Hackers used the accounts of notable people, including Elon Musk, to promote a cryptocurrency hoax in 2020.

 

Twitter agreed to pay a $150 million fine in May to settle allegations that it deceived users about how it handled their personal data. Twitter informed users that it was collecting their email addresses and phone numbers to protect their accounts, but that the information was also used to assist marketers to target advertisements.

 

What are Abouammo and Alzabarah accused of?

Abouammo and another former Twitter employee, Ali Alzabarah, were charged in 2019. According to the Justice Department, the individuals exploited their Twitter accounts to gather information about thousands of people, which they then provided to Ahmed Almutairi, who the department claims served as their go-between with Saudi officials.

 

It is worth mentioning that Almutairi previously owned a social media marketing firm that provided services to the Saudi royal family.

 

According to the Justice Department, the men obtained "private user data, such as device identifiers, phone numbers, and IP addresses, all of which may have been utilized by the Saudi government to identify and locate the individuals behind the accounts, including political dissidents."