An Israeli tech firm has unleashed a potent cyberweapon that leverages the advertising system to penetrate phones and computers, letting civilians be monitored on an unprecedented scale, a Haaretz investigation has found. The investigation included interviews with sources from Israel’s offensive cyber and security systems, and defence industries.
The new spyware exploits the world of digital advertising, which is supposed to be completely anonymous, to bypass the security mechanisms of Apple, Google and Microsoft and install advanced spyware on civilians’ telecom devices. Such capabilities were only available to states until now.
“These capabilities can turn any ad into a kind of digital bullet,” a source familiar with the technology is reported as saying in Haaretz. The Israeli daily described its own investigation as a story about “how advertisements turned into tools of war on the digital battlefield.”
The new technology has also begun to trickle out into the commercial defence market. An investigation by Haaretz Magazine and the newspaper’s National Security and Cyber digital investigation desk has discovered that in the shadow of the coronavirus pandemic – when certain tools were developed and deployed to track the spread of the virus — a new and disturbing cyber and espionage industry has come into being in Israel. A number of Israeli firms have developed technologies that are capable of exploiting advertising to collect data and monitor citizens. Hundreds of thousands – if not millions – of people can be monitored in this way.
A small group of elite companies are said to have taken things a step further: They have created technology that uses ads for offensive purposes and injecting spyware. As millions of ads compete for the right to penetrate our screens, Israeli firms are selling technology clandestinely that transforms these ads into surveillance tools, or even into weapons that are capable of penetrating our computers and phones.
One of the companies mentioned in the report is Insanet, whose existence was made public for the first time. It is said to possess “insane capabilities”, according to sources in the industry. The company is owned by former ranking members of Israel’s defence establishment, including a past head of the National Security Council, Dani Arditi. The investigation reveals that the company has developed technology that exploits ads both for tracking and for infection. It’s not by chance that the company has named its product Sherlock.
READ: New Israel spyware, exposed for targeting journalists, politicians in several countries, shut down
Insanet is said to have obtained authorisation from the Israeli defence ministry to sell its technology globally. Another Israeli firm, Rayzone, has developed a similar product and this year received approval in principle to sell it to its clients in the West.
There are currently no defences against these technologies, and it’s not clear whether they can be blocked at all. Even the smartest and most advanced defences of Apple, Google and Microsoft currently lack the capacity to block this sort of infection. The technology is able to bypass the security and privacy restrictions of Apple and Google, and infiltrates phones through a sophisticated use of advertising information.
Warning of the dangers of the technology, the investigation highlighted the connection between the world of espionage and the private market, which it described as a perfect example of what is referred to as “surveillance capitalism”: how information collected for commercial ends is exploited by states for intelligence purposes and morphs, with a little help from Israeli high-tech entrepreneurs, into a security product, where it is liable to become a weapon against private citizens.
Israel has nurtured a thriving industry developing offensive cyber and digital surveillance capabilities. Numerous Israeli firms now sell powerful spyware to government clients worldwide, creating a largely unregulated “digital arms” industry. Products like the notorious Pegasus spyware can hack into phones by exploiting security vulnerabilities.
The Haaretz investigation found that a disturbing new trend is to use digital advertising networks and data to infiltrate devices covertly. Companies are fusing vast troves of advertising profiles and tracking data to convert commercial information into intelligence for surveillance purposes. This emerging field of “AdInt” can geo-locate devices through ads and infect them with spyware under the cover of targeted advertising. AdInt provides a backdoor into smartphones that avoids oversight regulations on security products since it uses public ad data.
Officials worry that the spyware industry is already out of control, and fear how Israel’s tools will be used by undemocratic states once exported. Human rights advocates warn that ad-based hacking techniques could enable targeted state surveillance and repression of dissidents and minorities.