Sunday, May 5, 2024

Vogon Today

Selected News from the Galaxy

StartMag

What emerged from the Predator Files investigation

7 months ago babelfish

What emerged from the Predator Files investigation

A recent report published by Amnesty International uncovered a series of attacks against civil society, journalists, politicians and academics in the European Union, the United States and Taiwan using Predator spyware

After Pegasus, another spyware has attacked European institutions and beyond.

In the first half of the year, politicians from the European Union, the United States and other figures including United Nations officials were invited to visit websites designed to install hacking software known as Predator.

Like its better-known competitor Pegasus, Predator is a highly intrusive and difficult-to-detect spy program capable of turning on the microphones and cameras of Apple iPhones and devices running Google's Android software, recovering all files and reading private messages, even when they are end-to-end encrypted.

This is what emerges from the recent report by Amnesty International , part of the “Predator Files” project, an investigation conducted in collaboration with the journalistic consortium the European Investigative Collaborations (EIC) and supported by further in-depth reports by Mediapart and Der Spiegel .

According to the investigation, at least 50 accounts belonging to 27 people and 23 institutions were targeted – but not necessarily infected by Predator spyware – between February and June, via the social networks X (formerly Twitter) and Facebook.

All the details.

ATTACKS VIA PREDATOR SPYWARE

Between February and June 2023, Amnesty International said social media platforms X (formerly Twitter) and Facebook were used to publicly target at least 50 accounts belonging to 27 individuals and 23 institutions. The cyber-surveillance tool used is Predator.

As explained by Amnesty International, Predator is a type of highly invasive spyware that has unrestricted access to a device's microphone and camera and all its data, such as contacts, messages, photos and videos, while users are completely unaware once it infiltrated your device.

MADE BY INTELLEXA

Just as the Israeli company Nso Group is behind the previously known Pegasus, Predator was developed and sold by the Intellexa alliance. This alliance, which advertised itself as “based and regulated in the European Union,” is a complex and often shifting group of companies that develop and sell surveillance products.

As the newspaper Domani explains, “the spy virus produced by the Franco-Israeli alliance Nexa-Intellexa was bought by many dictatorial regimes around the world, but in a specific case it became the protagonist of a special surveillance campaign. Aimed not only at knowing the secrets of internal enemies, but at attacking foreign powers. A military-style attack, fought with cyber weapons. Much cheaper and in theory capable of guaranteeing anonymity."

THE OBJECTIVES

The targets include the President of the European Parliament Roberta Metsola, the Taiwanese President Tsai Ing-Wen, the Americans Michael McCaul (MP) and John Hoeven (Senator), the German Ambassador to the United States Emily Haber and the French MEP Pierre Karleskind . According to Amnesty, several officials, academics and institutions were also targeted.

WHAT DOES ACCOUNT X @JOSEPH_GORD16 have to do with anything

According to the NGO's investigation, “many of the links identified as malicious and aimed at infecting targets with Predator” came from an X account named “@Joseph_Gordon16”. Amnesty believes that “it is likely that he acted on behalf of the Vietnamese authorities or interest groups in the country.”

“We have observed several dozen instances where '@Joseph_Gordon16' has included a malicious link related to “Predator” on various social media publications. Sometimes, the link appeared to come from a seemingly innocuous news source, such as the South China Morning Post, to trick the reader into clicking on it,” said Donncha Ó Cearbhaill, head of Amnesty International's Security Lab.

“Our analysis has shown that by clicking on the link, the reader's device could be infected with the “Predator” spyware. We don't know if any devices were infected and we can't say with absolute certainty that the person responsible was directly within the government of Vietnam, but the interests of the account and the Vietnamese authorities were closely aligned,” continued Donncha Ó Cearbhaill.

THE INVOLVEMENT OF VIETNAM

Finally, the investigation revealed evidence relating to a company part of the Intellexa alliance, which signed a multi-million dollar “infection solutions” deal with Vietnam's Ministry of Public Security in early 2020, called “Angler Fish” . Documents and export records also confirmed the sale of “Predator” to Vietnam's Ministry of Public Security through intermediaries.

“We believe this “Predator” attack framework is linked to a government actor in Vietnam,” Google security researchers, who also independently analyzed the malicious links, said, referring to Amnesty International.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/che-cosa-e-emerso-dallindagine-predator-files/ on Fri, 13 Oct 2023 07:26:10 +0000.