According to a new technology report from the prestigious Digital Security Laboratory, the governments of Australia, Canada, Cyprus, Denmark, Israel and Singapore may be customers of Israeli spy maker Paragon Solutions.
A civic lab of a group of scholars and security researchers at the University of Toronto on Wednesday, which has investigated the spyware industry for more than a decade A report was released Regarding the surveillance startups established by Israel, six governments were identified as “suspicious Paragon deployments.”
At the end of January, WhatsApp has notified 90 users The company believes it is targeting Paragon spyware Tips for scandal Where in Italy Some of Target live.
Paragon has long tried to differentiate itself from its competitors, e.g. NSO Group – Whose spyware have Arrived Abuse exist Some nation – Claiming to be a responsible spyware provider. In 2021, a senior Paragon executive who asked not to be named Tell Forbes This dictatorship or non-democracy will never become its client.
In response to the scandal arising from WhatsApp notification in January and possibly to strengthen its attempts to become a responsible spyware provider, Paragon’s executive chairman John Fleming Tell TechCrunch The company “licensed its technology to select global democracies, mainly the United States and its allies.”
Israeli news media reports at the end of 2024 US Venture Capital AE Industrial Partners have acquired Paragon At least $500 million in the early stage.
In a report released Wednesday, Citizen Lab said it was able to map the server infrastructure Paragon uses for its spyware tool based on “tips from collaborators”, codenamed “Vendor.”
Starting with this prompt, after developing several fingerprints that can identify relevant exemplary servers and digital certificates, researchers at Citizen Labs discovered several IP addresses hosted by local telecommunications companies. Citizen Labs said it believes these are servers belonging to Paragon customers, which are partly based on the abbreviation of the certificate, which appear to match the name of the country where the server is located.
According to Citizen Lab, one of the fingerprints developed by its researchers led to a digital certificate registered to graphite, which seemed to be a major operational error for spyware manufacturers.
“There is strong indirect evidence to support the link between Paragon and the infrastructure we mapped,” the Citizen Laboratory wrote in the report.
“The infrastructure we found links to a webpage titled ‘Paragon’ returned by the Israeli IP address, as well as a TLS certificate containing the organization’s name “Graphite”.”
The Citizen Lab noted that its researchers identified several other code names that indicated other potential government clients. Among the suspicious client countries, Citizen Labs picked out the Ontario Police (OPP) in Canada, which is particularly Paragon customers, given that one of the alleged IP addresses of Canadian clients is directly linked to the OPP.
Contact Us
Do you have more information about Paragon and this spyware activity? With non-working devices, you can contact Lorenzo Franceschi-bicchierai in a signal of +1 917 257 1382 or via Telegram and Keybase @lorenzofb or e-mail. You can also Security.
TechCrunch contacted the spokesperson for the following governments: Australia, Canada, Cyprus, Denmark, Israel and Singapore. TechCrunch also contacted the Ontario Provincial Police. No representative responded to our request for comment.
When TechCrunch arrived, Paragon’s Fleming said the Citizen Lab contacted the company and provided “very limited information, some of which seemed inaccurate.”
“We are currently unable to comment given the limited nature of the information provided.” When TechCrunch asked the Citizen Lab report inaccurately, Fleming did not respond, nor did he answer questions about the country identified by Citizen Lab as a Paragon client, or the status of its relationship with Italian clients.
Citizen Lab noted that all people who were notified by WhatsApp then analyzed with the organization and used Android phones. This allowed researchers to identify the “forensic artifacts” left by Paragon’s spyware, which the researchers call “BigPretzel.”
Meta spokesman Zade Alsawah told TechCrunch in a statement that the company “can confirm that we believe the metrics Citizen Lab is called BigPretzel and is related to Paragon.”
“We have seen how commercial spyware weapons can be weaponized into target journalists and civil society, and these companies must be responsible.” “Our security teams have been working to keep threats and we will continue to work to protect people’s ability to communicate privately.”
Given that Android phones don’t always keep certain device logs, Citizen Lab points out that even without evidence of Paragon’s spyware on the phone, it could be a target for Graphite Spyware. For those identified as victims, it is not clear whether they were targeted in previous circumstances.
Citizen Lab also noted that Paragon’s graphite spyware targets and harms specific applications on the phone without any interaction with the target – rather than damages the data of the broader operating system and device. In the case of Beppe Caccia, One of the victims of ItalyCitizen Lab works to help immigrant NGOs, he found evidence that spyware infected two other apps on his Android device without naming them.
Citizen Labs noted that operating systems targeting specific applications rather than devices may make it harder forensic investigators to find evidence of hacking, but may make application manufacturers more aware of spyware operations.
“Paragon’s spyware is as tricky as a competitor [NSO Group’s] Pegasus, but at the end of the day, there is no “perfect” spy attack,” Bill Marczak, senior researcher at Citizen Lab, told TechCrunch
Maybe these clues are different from what we used to be, but with collaboration and information sharing, even the toughest cases can be dissolved. ”
Citizen Lab also said it analyzed David Yambio’s iPhone, which worked closely with Caccia and other NGOs. Yambio received a notification from Apple that his phone was targeted by hired spyware, but researchers could not find evidence that he targeted Paragon’s spyware.
Apple did not respond to a request for comment.
