Tag Archives: CIA hacking smart phones

From Pegasus to Pariah: Israeli Spying is Not Sexy

When international news organizations revealed that at least ten governments had used Pegasus, a powerful software tool created by Israel’s NSO Group, to hack into the smartphones of thousands of people around the world, including politicians, human-rights activists and journalists, the Israeli government shrugged. None of its ministers has publicly commented….Israeli defence exporters privately expressed ridicule. “Arms companies can’t keep track of every rifle and bullet they sell to legitimate customers,” said one. “Why should we have higher expectations when it comes to software?…Israeli spying is a sexy subject and these reports are the price for doing business.”

Countries that have received Pegasus software include Brazil, Hungary and India, along with Sunni Arab regimes with whom Israel recently established diplomatic relations: Bahrain, Morocco and the United Arab Emirates. Saudi Arabia, a fellow enemy of Iran, is listed, too. “Deals on cyber-surveillance are the kind of sweetener you can throw into a diplomatic package with a foreign leader,” says a former NSO consultant.

Excerpts from Let Pegasus fly: Israel is loth to regulate its spyware exports, Economist, July 31, 2021

How to Spy on Your Own Country for $1.25 per day

San Francisco-based Premise Data Corp. pays users, many of them in the developing world, to complete basic tasks for small payments. Typical assignments involve snapping photos, filling out surveys or doing other basic data collection or observational reporting such as counting ATMs or reporting on the price of consumer goods like food.

About half of the company’s clients are private businesses seeking commercial information, Premise says. That can involve assignments like gathering market information on the footprint of competitors, scouting locations and other basic, public observational tasks. Premise in recent years has also started working with the U.S. military and foreign governments, marketing the capability of its flexible, global, gig-based workforce to do basic reconnaissance and gauge public opinion.

Premise is one of a growing number of companies that straddle the divide between consumer services and government surveillance and rely on the proliferation of mobile phones as a way to turn billions of devices into sensors that gather open-source information useful to government security services around the world.

Premise launched in 2013,, As of 2019, the company’s marketing materials said it has 600,000 contributors operating in 43 countries, including global hot spots such as Iraq, Afghanistan, Syria and Yemen. According to federal spending records, Premise has received at least $5 million since 2017 on military projects—including from contracts with the Air Force and the Army and as a subcontractor to other defense entities. In one pitch on its technology, prepared in 2019 for Combined Joint Special Operations Task Force-Afghanistan, Premise proposed three potential uses that could be carried out in a way that is “responsive to commander’s information requirements”: gauge the effectiveness of U.S. information operations; scout and map out key social structures such as mosques, banks and internet cafes; and covertly monitor cell-tower and Wi-Fi signals in a 100-square-kilometer area. The presentation said tasks needed to be designed to “safeguard true intent”—meaning contributors wouldn’t necessarily be aware they were participating in a government operation…

 Another Premise document says the company can design “proxy activities” such as counting bus stops, electricity lines or ATMs to provide incentives for contributors to move around as background data is gathered. Data from Wi-Fi networks, cell towers and mobile devices can be valuable to the military for situational awareness, target tracking and other intelligence purposes. There is also tracking potential in having a distributed network of phones acting as sensors, and knowing the signal strength of nearby cell towers and Wi-Fi access points can be useful when trying to jam communications during military operations. Nearby wireless-network names can also help identify where a device is, even if the GPS is off, communications experts say.

Mr. Blackman said gathering open-source data of that nature doesn’t constitute intelligence work. “Such data is available to anyone who has a cellphone,” he said. “It is not unique or secret.” Premise submitted a document last July to the British government describing its capabilities, saying it can capture more than 100 types of metadata from its contributors’ phones and provide them to paying customers—including the phone’s location, type, battery level and installed apps. 

Users of the Premise app aren’t told which entity has contracted with the company for the information they are tasked with gathering. The company’s privacy policy discloses that some clients may be governments and that it may collect certain types of data from the phone, according to a spokesman…Currently the app assigns about five tasks a day to its users in Afghanistan, according to interviews with users there, including taking photos of ATMs, money-exchange shops, supermarkets and hospitals. One user in Afghanistan said he and others there are typically paid 20 Afghani per task, or about 25 cents—income for phone and internet services. A few months ago, some of the tasks on the site struck him as potentially concerning. He said the app posted several tasks of identifying and photographing Shiite mosques in a part of western Kabul populated largely by members of the ethnic Hazara Shiite minority. The neighborhood was attacked several times by Islamic State over the past five years…. Because of the nature and location of the tasks in a hot spot for terrorism, the user said he thought those tasks could involve spying and didn’t take them on.

Excerpt from Byron Tau, App Users Unwittingly Collect Intelligence, WSJ,  June 25, 2010

CIA Hacking Tools

On 7 March 2017, WikiLeaks began its new series of leaks on the U.S. Central Intelligence Agency…code-named “Vault 7” by WikiLeaks..

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones….

By the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware. Such is the scale of the CIA’s undertaking that by 2016, its hackers had utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA”…

Once a single cyber ‘weapon’ is ‘loose’ it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA’s DDI (Directorate for Digital Innovation)…. Malware called “Weeping Angel”, developed by the CIA’s Embedded Devices Branch (EDB), infests smart TVs, transforming them into covert microphones…  The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake-Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.

The CIA’s Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user’s geolocation, audio and text communications as well as covertly activate the phone’s camera and microphone.

Despite iPhone’s minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA’s Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. CIA’s arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.

The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.

Attacks against Internet infrastructure and webservers are developed by the CIA’s Network Devices Branch (NDB). The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB’s “HIVE” and the related “Cutthroat” and “Swindle” tools, which are described in the examples section below.

Cyber ‘weapons’ are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.  Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them. There are substantial price incentives for government hackers and consultants to obtain copies since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons’. Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their own purposes, obtaining advantage over their competitors in selling ‘hacking’ services…

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa….

If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target’s territory including observation, infiltration, occupation and exploitation...

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity…The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.  With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

Excerpts from, Vault 7: CIA Hacking Tools Revealed, Wikileaks Press Release, Mar. 7, 2017