A new report shows that spyware can infiltrate devices through online ads.
While many users have used adblockers to avoid pesky ads which are otherwise the lifeblood of several sites and publications, using an adblocker might also save you from government surveillance.
At the center of controversy this time is Intellexa – a digital surveillance corporation owned by the former Israeli intelligence officer Tal Dilian which makes the Predator spyware.
Mercenary spyware company #Intellexa pitched using online ads to infect phones.
Everyone should block ads.
It's a matter of safety.
By @omerbenj & @e_triantafillou h/t @avischarfhttps://t.co/rc5J8ebXba pic.twitter.com/ORm98peDgq
— John Scott-Railton (@jsrailton) April 11, 2024
According to the documents seen by the Israeli media giant Haaretz, Intellexa showcased its proof of concept called Aladdin in 2022 “that makes it possible to infect mobile phones like iPhones or Androids through online advertisements alone.”
Key Highlights: Spyware Infiltration Through Online Ads
- Spyware via Ads: A report highlights how spyware like Intellexa’s Predator can infiltrate devices through online ads.
- Intellexa’s Aladdin: The spyware infects mobile phones by targeting specific users with job offers through malicious ads.
- Past Controversy: Similar spyware, Pegasus by NSO Group, has been used by governments to spy on political opponents and journalists.
- US Surveillance: Section 702 of FISA allows the US government to spy on Americans’ communications without a warrant, leading to debates over privacy rights.
- Government Use of Spyware: While spyware helps track criminals, it’s controversial when used against law-abiding citizens.
.
Report Shows Ads Could Be Used to Infect Devices with Spyware
Haaretz reported that the documents it reviewed included how the spyware infects targeted devices and had examples of malicious ads that “seemingly targeting graphic designers and activists with job offers, through which the spyware will be introduced to their device.”
It is however not certain whether Intellexa developed Aladdin for a government customer. Last year Haaretz only reported that another Israeli company Insanet developed an ad-based infection system that could locate an individual within an ad network.
To be sure, it is not the first time an Israel-based company is at the center stage of controversial spyware. Israeli cyber-intelligence firm NSO Group developed and sold the Pegasus spyware which was allegedly used by governments to spy – among others on political opponents.
Governments Have Used Spying Devices in the Past
Last year, amid hue and cry over the use of Pegasus by the Indian government, research by Amnesty International, in partnership with The Washington Post, showed how the spyware was used against journalists.
Donncha Ó Cearbhaill, Head of Amnesty International’s Security Lab, said, “Our latest findings show that increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment, and intimidation,”
He added, “Despite repeated revelations, there has been a shameful lack of accountability about the use of Pegasus spyware in India which only intensifies the sense of impunity over these human rights violations.”
OFFICIAL CONFIRMATION:🇪🇺MEP @KrzysztofBrejza is a #Pegasus spyware victim, per #Poland's national prosecutor's office.
After we publicly confirmed our forensic analysis, Brejza was targeted w/unrelenting, orchestrated disinformation. And harassment.
For a time, our @citizenlab… https://t.co/jmEUQDeBVO
— John Scott-Railton (@jsrailton) April 12, 2024
India was hardly the only country accused of using the Pegasus and Poland recently launched an investigation into its previous administration’s use of the spyware.
The Love-Hate Relationship Between Governments and Spyware
Governments globally, including the US, have a complicated relationship with spying software – using them when it suits them but speaking out against it when it hurts their interests.
Last year, 11 countries that included the “Five Eyes” allies, such as the US and the UK, signed the anti-spyware pact. In March, the Biden administration welcomes six more countries – Finland, Germany, Poland, Ireland, Japan, and South Korea – to the pact as it strengthens to curb the abuse of surveillance spyware.
On the other hand, it seems like the US government doesn’t even need spyware to spy on you. Earlier this month, the House voted to reauthorize section 702 of the Foreign Intelligence Surveillance Act (FISA) that essentially allows surveillance of Americans without a warrant.
.@SpeakerJohnson was incredibly wrong to vote w/ Dems against the 4th amend. when he killed the FISA warrant requirement and wrong to give in to the Dems spending demands. As I see it now, I'm not so sure there's a difference between him being in charge and Dems being in charge. pic.twitter.com/NoyRhUrvRM
— Rand Paul (@RandPaul) April 14, 2024
FISA was amended by the post-9/11 PATRIOT Act, giving the intelligence community (namely the CIA, FBI, and NSA) the ability to spy on whoever they want, whenever they want, without a warrant.
The 4th Amendment protects Americans from illegal search and seizure, requiring the government to receive a warrant or have probable cause to suspect a crime. However, because FISA lets the intelligence agencies scoop up any and all conversations between foreigners and US citizens without a warrant, it brazenly ignores the 4th Amendment.
The US intelligence community has been forced to admit that it regularly abuses FISA to the tune of over 278,000 illegal searches in just 2020 and 2021. Despite the flood of flagrantly illegal searches, absolutely no accountability was had. In its report, the Congressional Progressive Caucus said that while “FISA is intended to authorize federal agencies to gather information from foreigners’ communications, the government admits it is using the law to search Americans’ private communications — including internet activity, phone records, and texts — without a warrant.”
Many pundits and privacy-focused Congressmen have strongly criticized FISA 702, arguing that it is an obvious violation of the Constitution, specifically the 4th Amendment.
“These searches unjustly targeted individuals, including Members of Congress, 141 Black Lives Matter protesters, 19,000 donors to a congressional campaign, a local political party, tens of thousands of people involved in “civil unrest,” visitors to FBI offices, and individuals based solely on their race,” said the report.
Unfortunately for the US populous, the bill that just passed to reauthorize FISA included a selfish clause that would require the intelligence agencies to get consent from Congress to search the data of any member of Congress (but not regular citizens).
Now that they can effectively no longer be spied on without a warrant under FISA 702, our esteemed representatives have much less incentive to not reauthorize it when it needs to be renewed.
🚨 Congress gives itself a carve out in the reauthorization of FISA 702 warrantless spying on Americans.
The bill requires the FBI to notify and seek consent from Congress before violating the privacy of Congressmen.
This will persuade many members of Congress to vote yes. pic.twitter.com/usKVeNnq3b
— Thomas Massie (@RepThomasMassie) April 9, 2024
Things Are Not Really Black and White
To be sure, things are not black and white when it comes to using spyware and surveillance technologies as bad actors continue to find new ways to spy, scam, and hack.
Through active surveillance, governments can track down terrorists, white-collar criminals, as well as foreign agents. However, when the same surveillance is used against its law-abiding citizens, political adversaries, and friendly countries, it can become quite problematic.
It turns out that the government doesn’t even need to use its uncouth FISA powers or any kind of active surveillance to spy on its citizens. Last year, the Office of the Director of National Intelligence published a report that showed American intelligence agencies used data brokers to buy the private data of Americans.
The report said that this data “can be misused to pry into private lives, ruin reputations, and cause emotional distress and threaten the safety of individuals. Even subject to appropriate controls, CAI can increase the power of the government’s ability to peer into private lives to levels that may exceed our constitutional traditions or other social expectations.”
The US was also accused of spying on Germany between 2012 and 2014 which led to a diplomatic row between the two NATO allies.
Overall, like with every other technology, there are two sides to the coin. When done with the correct intent, even spyware and surveillance can serve the larger public good. However, when the same technology gets used (or rather abused) indiscriminately against normap people, it can become problematic as we have seen with multiple such cases.