Image source: Microsoft
By Alan Suderman
Microsoft said Thursday it has blocked tools developed by an Israeli hacker-for-hire company that were used to spy on more than 100 people around the world, including politicians, human rights activists, journalists, academics and political dissidents.
Microsoft issued a software update and worked with the Citizen Lab at the University of Toronto to investigate the secretive Israeli company behind the hacking efforts. Citizen Lab said the company goes by several names including Candiru, which according to legend is a parasitic fish found in the Amazon that attacks human private parts.
Microsoft said people targeted in “precision attacks” by the spyware were located in the Palestinian territory, Israel, Iran, Lebanon, Yemen, Spain, the United Kingdom, Turkey, Armenia, and Singapore. Microsoft did not name the targets but described them generally by category.
Citizen Lab said Candiru’s spyware infrastructure included websites “masquerading as advocacy organizations” such as Amnesty International and Black Lives Matter.
The reports by Microsoft and Citizen Lab shine new light on an opaque and lucrative industry of selling sophisticated hacking tools to governments and law enforcement agencies. Critics say such tools are often misused by authoritarian governments against innocent people.
“A world where private sector companies manufacture and sell cyberweapons is more dangerous for consumers, businesses of all sizes and governments,” Microsoft said in a blog post.
Attempts to reach representatives of Candiru were unsuccessful.
Microsoft said the business model for companies such as Candiru is to sell its services to government agencies, which then likely choose the targets and run the operations themselves.
Citizen Lab published parts of what it said were a leaked proposal by Candiru for hacking services that offered a la carte hacking options. For 16 million euros ($18.9 million), the company would allow the customer to monitor 10 devices simultaneously in a single country. For an extra 5.5 million euros ($6.5 million), 25 additional devices could be monitored in five more countries.
Citizen Lab said Candiru’s spyware targets computers, mobile devices and cloud accounts.
Thursday’s disclosure by Microsoft was part of what the company said was a broader effort to “address the dangers” caused by hacker-for-hire companies. Microsoft is supporting Facebook in its lawsuit against NSO Group, which is also based in Israel and is perhaps the most prominent private offensive spyware company.
Facebook filed a federal civil suit in 2019 allegedly that NSO Group targeted some 1,400 users of Facebook’s encrypted messaging service WhatsApp with highly sophisticated spyware.