Saturday, August 14, 2021

Is Your Phone Spying On You? - Is Your Phone Spying On You?

                                                    IS YOUR PHONE SPYING ON YOU?                              

 Data repression and sale: the spy on your mobile 

 By Genoveva López, Álvaro Lorite: Large companies and States have developed various espionage techniques through mobile phones. The data obtained is used for commercial or repressive purposes. 

 Surveillance and espionage are the two sides of a coin. Currency is the software embedded in the vertebrae of your digital device. The face is the massive surveillance and accumulation of data to create commercial profiles and segment advertising, for example, to recommend music that you did not know you wanted to listen to. The cross is total access to all the cracks in your life to have you under the spotlight, publicly discredit you, imprison you or kill you if necessary.

 "We have become used here in Mexico, but 15,000 people have been intervened around the world, it is outrageous, it is monstrous," says Mexican journalist Ignacio Rodríguez Reyna, one of those people spied on. The report published by Forbidden Stories in collaboration with Amnesty International and other media reveals that governments around the world contracted Pegasus software to the Israeli company NSO Group to spy on activists, journalists, political dissidents or human rights defenders in countries like Mexico, Morocco or Saudi Arabia. Still, the Israeli company says it is dedicated to making the world "a better place.

" Vulnerabilities on your mobile 

More and more people are familiar with the following conversation: “Yesterday we talked about these sneakers and today they came out on Instagram. I'm sure the cell phone spies on me ”. But, from everything we say, what exactly are the platforms spying on? Juan Tapiador is a researcher and professor of computer security at the Carlos III University of Madrid and a few years ago he published together with other colleagues a study entitled An Analysis of Pre-installed Android Software, in 2019. They were looking for confirm by scientific methods that "anecdotal evidence" that more and more people had regarding their mobile phones. The research group developed an application that it distributed through contacts and social networks. The application, Firmware Scanner, took a photo of everything that came pre-installed on Android phones. His suspicion was that many applications pre-installed on these phones extracted data from users. Through contacts and social networks, they managed to get many people to download Firmware Scanner and collected hundreds of thousands of photographs of the guts of their phones. "We found a confirmation on an unusual scale, of things that were more or less known, but not up to that level," says Tapiador. The surveillance was massive. 

Tapiador explains that many agents intervene in the supply chain: the one who manufactures the circuits, the one who integrates them, the one who inserts the camera or the one who introduces the microphone, to name a few. "What we know as manufacturers, the brand that sells you the device, are actually integrators, and their role is to assemble the parts previously manufactured by subcontractors," says the computer scientist. The chain does not only concern hardware, but continues to telephone operators, who also manipulate mobile phones and implement software applications whose purpose is to obtain user data. "In all this process, as part of the monetization scheme, which is pervasive on the internet and has to do with data collection, there are many agents who introduce software components," says the researcher. In the assembly chain of phones, it is not known which agent introduces which software. There is no traceability and no regulation that requires them to report on it.

 The motivations are diverse, but mainly they tend to attend to two principles: to achieve a predominance of the market, as is the example of Facebook, which wants to be present on all possible phones and monetize user data, or whatever. the same, obtain telemetry of the device and then sell that information. Many of these pre-installed applications are those that offer open back doors or vulnerabilities that software such as Pegasus can easily enter. 

 With minimal interaction such as taking a call or clicking a link, the back door of the phone opens without us knowing. Although spyware is different from what companies use to collect data, it is these basic features that make spying so easy. According to the forensic analysis of Amnesty International, in the case of the iPhone 11 and 12, the virus spread by sending a simple message without the need to click.

 

“I had already realized in 2017 that my phone was tapped and I stopped using it, but I kept it. When they contacted me in 2020 from Forbidden Stories, I donated my mobile to them to do the forensic work for their investigation. Since then I have tried to be more careful, I use encrypted emails and secure applications, but the truth is that there is such a vulnerability that one way or another they are going to achieve it, ”says Rodríguez Reyna. “Not only did they have access to all my conversations, contacts, emails, notes or the photos I took, they were able to turn on my camera or my microphone in my intimate and personal situations. They have access to control my device in real time. This not only puts us at risk, it puts our sources at physical risk. It places us in defenselessness and susceptibility to being blackmailed by acts of our private life that ridicule us or take away our credibility or any hint of dignity ”, she adds.

 And what difference does it make if I'm nobody 

 "Companies are not interested in the photographs of your kittens or in the conversations or in the messages, that does not happen", informs Tapiador, "but the metadata are very good predictors of the behaviors". The information collected by mobile applications is very valuable to later cross it with web browsing and build profiles that for many years have been used to provide targeted advertising services. "This is the gasoline that has moved the internet for the last decade or so," says this computer security researcher.

 In July 2020, the names of NSO Group and Pegasus returned to fill the national media thanks to the study of the cybersecurity institute of the University of Toronto, the Citizen Lab, which published that various public figures of the Catalan independence movement such as Roger Torrent - then president of the Parlament - were spied on by Pegasus. Despite the fact that the Government, through the CNI and the Ministries of the Interior and Defense, flatly denied being involved, the company NSO Groups has stated that the only clients of its flagship spy product are governments. A former employee stated that Spain had been a client of NSO Groups since 2015. 

"In the case of espionage, they are interested in your photos of kittens," jokes Tapiador, alluding to the latest megafiltration of 15,000 people spied on. “The NSO Group and Pegasus case is a totally different animal [to commercial surveillance]. They are companies that work with State security forces and bodies because countries have a need to monitor the devices of what they consider to be objectives, ”says Tapiador. 

Virginia Álvarez is head of research and internal policy at Amnesty International. "The company said that the software was only used for cyberterrorism, to locate criminals, but Amnesty has begun to have information that this software was being used to commit human rights violations and interference with the right to privacy is a crime", the activist and spokesperson for Amnesty International Spain reminds us.

 Cecilio Pineda is a Mexican journalist who was assassinated a few days after Pegasus entered his cell phone. According to The Guardian, despite no binding evidence, the leading hypothesis is that the virus was used to locate it.

 Rodríguez Reyna is one of the founders of 5th Element Lab, an organization dedicated to investigative journalism. Three of its members were infected by Pegasus. "When they began to monitor us, we were working on the Mexican branch of the Odebrecht corruption scheme," he says. This is one of the largest corruption schemes in the recent history of Latin America and its center of operations is the Brazilian construction company Odebrecht, which has bribed important figures from 12 governments on the continent. “We point to Emilio Lozoya, a figure close to Peña Nieto [former Mexican president], OHL's advisor in Mexico, as the Brazilian construction company's gateway to the country through bribes. In addition, a colleague of ours was creating the first map of the 2,000 clandestine graves of people murdered and disappeared by the State, ”he says. According to official data, there are 80,000 people missing in the last 15 years in Mexico.

 It's days since Pegasus got on his cell phone. According to The Guardian, although there is no binding evidence, the main hypothesis is that Cecilio Pineda is a Mexican journalist who was murdered shortly after the virus was used to locate him. Another well-known case in Mexico was that of one of the legal advisers in the fight to clarify the crime of the 43 disappeared students from Ayotzinapa. His phone was tapped, a phrase was taken out of context and spread on networks through false accounts, making people believe that he had betrayed the movement, which caused a tailcoat.  

Top 10 Remote Cell Phone Spy Apps of 2019
Top 10 Remote Cell Phone Spy Apps

 Cecilio Pineda is a Mexican journalist who was assassinated a few days after Pegasus entered his cell phone. According to The Guardian, even though there is no binding evidence, the leading hypothesis is that the virus was used to locate it. Another well-known case in Mexico was that of one of the legal advisers in the fight to clarify the crime of the 43 disappeared students from Ayotzinapa. His phone was tapped, a phrase was taken out of context and spread on networks through false accounts, making it believe that he had betrayed the movement, which caused a real fracture in it.

 The global surveillance and espionage industry

 “It is an entire industry that is behind this. I feel that we are facing almost absolute helplessness and it is something terrible ”, reflects Reyna. The cost of infecting a phone in Mexico, according to published data, would be around $ 64,000, and the government spent $ 32 million spying on 500 persons of interest. A large number of specialists consider that more regulation is necessary to control access to technological devices, especially telephones. Whether in the field of surveillance and access to metadata, whether in the case of espionage and access to data.

 Tapiador says there is no regulation that requires it to say which supplier in the supply chain puts software on mobile devices. "A problem with this world of databrokering is that it is very dark, it is not transparent at all," she warns. For the laws of protection of user data, transparency is very important, knowing what data is collected and for what purposes, and "in the cases of pre-installed software applications, it does not exist," the researcher says. 

Virginia Álvarez affirms that there is an absolute lack of control. "As long as there is no regulatory framework that does not prevent the misuse of spyware, Amnesty will continue to call for its non-commercialization." Dario Castañé, from the Pirate Party of Catalonia, considers that “a ban on the purchase and sale of spyware should be established, as well as reversing and canceling any initiative that will undermine the confidentiality of conversations, either through upload filters. , message control or back doors in the encryption algorithms ”.

 “It is time to stop and ask ourselves what is happening. We are facing a technological monster that has many arms, a soft dictatorship or dictatorship capable of moving power anywhere on the planet ”, reflects a spied Mexican journalist

 However, when we talk about espionage, the geopolitical interests of the States intersect in the regulation itself. From NSO they have stated that the publication "is biased and has a clear commercial motivation and that, in any case, it has not been the company that has made use of the software." It is still interesting, as an article in the Financial Times points out, that NSO client countries such as the United Arab Emirates or Saudi Arabia are recent allies with whom relations with Israel have grown. Countries such as Hungary, India or Rwanda also appear in the report, at a time when the former prime minister, Benjamin Netanyahu, was seeking alliances with far-right leaders in these countries. 

 In its report Operating from the Shadows, published in early July, Amnesty International argues that there is an entire industry of companies engaged in espionage. Other companies that were hired by the Government of Mexico are Hacking Team (Italy) or Rayzone Group (Israel). We can also find companies linked to major controversies such as Clearview AI, involved in a scandal for storing millions of photos from social networks. Or Palantir, the Silicon Valley spy machine related to various operations outside the law. They are all multi-million dollar companies. According to the Amnesty report, the playing field for espionage products has been delimited by the decisions of different States that have allowed legal authorizations that violate basic human rights in order to apply them both outside and within their territories.

 However, it must be taken into account that the technology that allows it is in the hands of these companies. “It is time to stop and ask ourselves what is happening. We are facing a technological monster that has many arms, a soft dictatorship or dictatorship capable of moving power anywhere on the planet ”, reflects Rodríguez Reyna.

 Genoveva López. @genolomo - Álvaro Lorite. @lorojuntaletras 

 Source: https://www.elsaltodiario.com/espionaje/vigilancia-espionaje-mercado-represion

No comments: