Candiru’s Spyware Attack| Fact Check
The state-of-the-art espionage tools have compromised security in today’s era and Israeli spyware firm Candiru has allegedly taken a step ahead with its spyware targeting journalists, activists and more.
Candiru spyware at glance: National security pre-requisite or crackdown on dissent
Deemed as a stunt necessary to protect our national borders, espionage has been an active part of the today’s world. And since the early years of this century, these tools have been in great demand by the national governments.
Arguably, if such a counter technique is not developed, internet activity, tracking login information and spying on sensitive information won’t be possible. All this because a nation cannot afford to risk its civilian lives.
For instance the UAE, which setup its national security unit using the former NSO employees, used the technology to eliminate terror threats. However, also used it to tackle dissent. Its example lies with detention of Emirati activist Ahmed Mansoor, who was put behind the bars for 10 years. His fault, criticising regime over social media.
Where does Candiru spyware attack stand?
Looking at Israel, we understand the nation is home to a number of hackers-for-hire businesses, but Candiru among those names has remained highly discrete.
It continued to operate with little to no record, before a researcher claimed that Tel-Aviv based firm sold espionage tools to the government of Uzbekistan.
The ethical apprehension to which raises questions on morality grounds and calls on the government to stop partnering with abusers of technology. But to Candiru, everything has meant business, especially if the target uses Microsoft Windows.
According to Brian Bartholomew, a researcher at Russian cybersecurity company Kaspersky Lab, who was able to link multiple Windows loopholes used in Uzbek attacks to Candiru, also found out that Saudi and UAE were also directly involved.
Recently, Candiru Cyber attack targeted at least 100 activists, journalists and dissidents across 10 countries. Much to their speciality, the targets were using Microsoft Windows. The software, as reported, was purchased by operatives in Saudi Arabia, Israel, Hungary and Indonesia, among other nations.
Microsoft was told of these vulnerabilities by researchers at Citizen Lab, and the company finally released a patch on July 13. It was also revealed that spyware used two entry points CVE-2021–31979 and CVE-2021–33771.
For a cost of 16 million euros, clients to Candiru can make unlimited attempts to infiltrate any number of devices. But the activity remains barred to tracking 10 devices at a time. Meanwhile, if you wish to pay an extra 1.5 million euros, an additional 15 targets can be monitored, while 5.5 million more and you can hack 25 more devices.
Not only Candiru, NSO group of Israel has also been named for selling spyware technology to despotic regimes including the Saudi and UAE. Candiru’s apparent connection with NSO is linked via Omri Lavie, who is their main financial backer and one of the three men who set up NSO.
Candiru cyber attack and its information remains out of sight for a better part of the world. The spyware developing firm was founded in 2014, and has changed its names multiple times. As reported, the company just like mercenary spyware corporations, also recruits from Unit 8200, which is the signals intelligence unit of the Israeli Defence Forces. It currently operates under the name of Saito Tech Ltd.
Firms like Candiru are threat to existence, and the use of surveillance against activists, journalists or anyone raising their voice against government, poses a serious question over their role. And if its this case or past instances, what remains clear is that most governments indulge in technologies to continue weaponising free speech and instill fear.