Spies’ blunder reveals Lebanon’s global surveillance campaign
"It's almost like thieves robbed the bank and forgot to lock the door where they stashed the money."
Mike Murray, head of intelligence at Lookout
LEBANON: A major hacking operation to snoop on government and military officials in 21 countries has been traced back to Lebanon’s intelligence agency after spies accidentally uploaded stolen data to the internet.
The hi-tech surveillance campaign, dubbed Dark Caracal, retrieved call logs, audio recordings, WhatsApp messages, location information and the browsing history of thousands of victims’ smartphones across north Africa, Europe, the Middle East and North America, according to a report published yesterday.
The report, by mobile security firm Lookout and digital rights group Electronic Frontier Foundation, claimed the hacking arsenal was discovered after Lebanese spies published a gigabyte of the stolen data online.
‘‘It’s almost like thieves robbed the bank and forgot to lock the door where they stashed the money,’’ Mike Murray, head of intelligence at Lookout, told the Associated Press.
By sifting through the stolen information, security experts were able to deduce that the victims included members of the military, government officials, medical practitioners, education professionals and academics from a range of countries including Germany, Italy, Russia, South Korea, the United States and Syria. British officials appear not to have been affected.
The data was gleaned from a set of phones that appeared to have been configured to road test the spyware. The test devices all seemed to have connected to a wi-fi network active at the site of Lebanon’s security headquarters, the report found.
The report also reveals how the spies used a network of spoof websites and malicious smartphone apps masquerading as WhatsApp and Telegram to steal passwords and eavesdrop on conversations while capturing at least 486,000 text messages.
The tranche of data spanned a huge variety of themes, from photographs from Syrian battlefields to details of children’s birthday parties.
Victims were also targeted through Facebook groups and WhatsApp messages that were booby-trapped with malicious software. Once downloaded, that software captured smartphone data and sent it back to servers owned by the Lebanese General Directorate of General Security (GDGS) in Beirut. The GDGS is known for its intelligence gathering and for its offensive cyber capabilities.
It is unclear how long Dark Caracal had been in action, but the report suggested that this was not a one-ofa-kind project and that other governments probably had access to similar tools.
Discoveries of state-sponsored cyberespionage campaigns have become more common as countries in the Middle East and Asia attempt to match the digital prowess of the US, China and Russia.