First Published: 2018-01-18

Lebanese intelligence service may be spying using smartphones worldwide
Lebanon's GDGS has run more than 10 campaigns since at least 2012 aimed mainly at Android phone users in at least 21 countries.
Middle East Online

The attacks, which seized control of Android smartphones, allowed the hackers to turn them into victim-monitoring devices

FRANKFURT - Lebanon's intelligence service may have turned the smartphones of thousands of targeted individuals into cyber-spying machines, in one of the first known examples of large-scale state hacking of phones rather than computers, researchers said on Thursday.

Lebanon's General Directorate of General Security (GDGS) has run more than 10 campaigns since at least 2012 aimed mainly at Android phone users in at least 21 countries, mobile security firm Lookout and digital rights group Electronic Frontier Foundation (EFF) said in a joint report.

The attacks, which seized control of Android smartphones, allowed the hackers to turn them into victim-monitoring devices and to steal any data from them undetected, researchers said. No evidence was found that Apple phone users were targeted, which may simply reflect the popularity of Android in the Middle East.

The state-backed hackers, dubbed "Dark Caracal" by the report's authors - after a wild cat native to the Middle East - used phishing attacks and other tricks to lure victims into downloading fake versions of encrypted messaging apps, giving the attackers full control over the devices of unwitting users.

Michael Flossman, the group's lead security researcher, said that EFF and Lookout took advantage of the Lebanon cyber spying group's failure to secure their own command and control servers, creating an opening to connect them back to the GDGS.

"Looking at the servers, who had registered it when, in conjunction with being able to identify the stolen content of victims: That gave us a pretty good indication of how long they had been operating," Flossman said in a phone interview.

The researchers found technical evidence linking servers used to control the attacks to a GDGS office in Beirut by locating wi-fi networks and internet protocol address in or near the building. They cannot say for sure whether the evidence proves GDGS is responsible or is the work of a rogue employee.

Responding to a question about the claims made in the report, Major General Abbas Ibrahim, director general of GDGS, said he wanted to see the report before commenting on its contents.

He added: "General Security does not have these type of capabilities. We wish we had these capabilities."

Ibrahim was speaking ahead of the report’s publication.

 

More strikes hit E. Ghouta as UN delays truce vote

Russia pours cold water on UN bid to condemn Iran over missiles to Yemen

Egypt presidential race starts with Sisi likely to win

Saudi Arabia to boost entertainment in next decade

Blatter supports Morocco bid for 2026 World Cup

Turkey says US embassy Jerusalem opening in May 'extremely worrying'

Lebanon says both suspects in Kuwait murder of Filipina maid held

38 dead in Mogadishu car bombings

Morocco police arrests prominent newspaper publisher

Syria regime continues to pound Ghouta as world stutters

UN rights commission wants S.Sudan war crimes charges

Iran grounds airline's ATR planes after crash

Turkey summons Dutch diplomat over Armenian 'genocide' vote

Turkey navy threatens to engage Italian drillship near Cyprus

Iran police shoving headscarf protester sparks social media storm

UN Security Council to vote Friday on Syria ceasefire

Dubai says Djibouti illegally seized African port

Dutch parliament recognises 1915 Armenian massacre as genocide

Heavily bombarded Eastern Ghouta awaits UN resolution

Russia says Syria rebels rejected offer to evacuate E. Ghouta

UN diplomats press for Syria ceasefire without Russia veto

Iranian minister’s presence at UN rights meeting angers critics

Iran warns it will leave nuke deal if banks cannot do business

Qatar to plant thousands of trees to ‘beautify’ World Cup venues

Pro-Kurdish party says Turkey lying about 'no civilian deaths' in Afrin

African migrants protest Israeli detention policy

Egypt sentences 21 to death for planning attacks

Israeli handball teams in Qatar spark furious outcry from locals

UN report highlights S.Sudan journalist treatment

Palestinian dies after being shot by Israeli soldiers

Gulf states urge Syria to end Ghouta violence

Wanted Bahraini militants die at sea en route to Iran

Iran's Ahmadinejad calls for immediate free elections

Merkel calls for end to 'massacre' in Syria

Iraq urges FIFA to lift ban on hosting internationals

Carnage of Ghouta's bombs breaking families

Blockaded Gaza Strip forced to pump sewage into sea

African migrants start hunger strike over Israel expulsion

UN chief 'deeply alarmed' by Eastern Ghouta violence

Three militiamen killed in Libya car bomb attack

Russia denies ‘groundless’ accusations of role in Ghouta killings

Turkey says whoever helps YPG is 'legitimate target'

Morocco dismantles IS-linked terrorist cell

Turkey urged to end gas standoff with Cyprus

PKK attack near Iraq kills 2 Turkish soldiers