Cyber Surveillance
Ukraine’s DiiA and the Spread of Israel’s Spyware Presages a Grim Future
Imagine a World where a smartphone is mandatory for a citizen and phone encryption is useless, where AI is profiling you as you speak and government gets your psych profile real-time. Would you be on the list of threats to the State?
It’s starting and it’s not only with spyware
Ukraine’ DiiA software is leading the world.
e-Governance it’s called. Many other countries are going down that road, but Ukraine is streets ahead. Probably the nearest rival is Estonia, but the Russian invasion has spurred Ukraine to deeper development and deployment efforts.
DiiA has proved to be a useful tool in the war against Russia, harnessing the Ukrainian population in a common cause. And there are no paper files to be bombed, burned or captured. We don’t know where Ukraine’s data is housed, but we know it was ‘relocated’ to the cloud early in the war.
And ‘harnessing’ is the right word.
Just add Israeli spyware to the mix and we’re heading down an increasingly rocky road.
DiiA
Diia ( ‘Action’; also an acronym for Ukrainian: ‘State and Me’) is a mobile app, a web portal and a brand of e-governance in Ukraine.
Launched in 2020, the Diia app allows Ukrainian citizens to use digital documents in their smartphones instead of physical ones for identification and sharing purposes. The Diia portal allows access to over 50 governmental services. Eventually, the government plans to make all kinds of state-person interactions available through Diia. — Wikimedia
With the likely spread of Ukraine’s DiiA software to other countries, soon everyone will have to own a smartphone to be able to live in a modern society.
The US is very keen to help Ukraine export the software and several countries have already expressed an interest.
I wonder why? Does the NSA have a backdoor into it?
Will we ever see it used in the US?
I wonder again.
And almost every smartphone will be spying.
That’s a fact.
Your life and full biometrics will be on your smartphone or intimately linked to it. Sitting alongside spyware which you don’t know is there.
It’s starting.
On May 23 [2023], the first Diia in DC Summit took place in Washington.
Deputy Prime Minister for Innovation, Development of Education, Science, and Technology — Minister of Digital Transformation Mykhailo Fedorov presented the achievements of digital Ukraine and the vision of further development.
USAID Administrator Samantha Power announced a partnership with Colombia and Zambia to explore opportunities to improve existing digital systems, develop new digital services for citizens, and create an Action equivalent. — United24Media
And then…
Israel leads the way with spyware
Israel’s NOS spyware, sorry, security company, has been selling its Pegasus spyware on the open market, more or less.
Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is able to exploit iOS versions up to 14.7, through a zero-click exploit. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps — Wikipedia
Apple sued NSO in 2021 seeking an injunction to stop the hacking, and in April 2023 Apple announced that its new Lockdown mode was working well.
Useful for iPhone users who are high-level targets, such as journalists and human rights activists, Apple’s Lockdown Mode has been found by researchers to have helped block attacks from the notorious Israeli cyber-intelligence firm, the NSO Group, using its Pegasus spyware. — techradar
Pegasus has apparently been sold to many governments and now a research note from Canada’s Citizen Lab based at the University of Toronto has uncovered widespread infections of Pegasus on the smartphones of prominent Armenian citizens. They are not specifically claiming that the government of Armenia was responsible. The area is currently a war zone with fighting between Armenian and Azerbaijani forces. Report.
These surveillance tools have become known in the security community as “mercenary spyware” and in a recent (March 2023) response the Biden-Harris administration approved an Executive Order prohibiting the U.S. government from using commercial spyware that poses national security risks or has been misused by foreign actors to enable human rights abuses.
However, the US government’s reasons may be less altruistic — they may be worried that they don’t really know what’s under the hood of this alien software. Home-brewed is better and safer. Theoretically, at least.
But now there are new threats.
What’s next on the cyberspying menu?
Obviously, spyware suppliers take great care to make the final payloads tricky to detect, isolate, analyze and defend against by creating deployment sequences needing little or no user interaction.
The spyware delivery mechanism is usually an exploit chain that can start a zero-click exploit, like FORCEDENTRY, which is an NSO product.
Alternatively, entry can be gained with a link that the victim is tricked into clicking (i.e., a “one-click” exploit). This is the approach used by surveillance company Cytrox (now Intellexa), to deploy their own spyware known as “PREDATOR.”
Here’s what cybersecurity outfit Talos (part of Cisco) had to say on its blog:
— Our research specifically looks at two components of this mobile spyware suite known as “ALIEN” and “PREDATOR,” which compose the backbone of the spyware implant. Our findings include an in-depth walkthrough of the infection chain, including the implants’ various information-stealing capabilities.
— A deep dive into both spyware components indicates that ALIEN is more than just a loader for PREDATOR and actively sets up the low-level capabilities needed for PREDATOR to spy on its victims.
— We assess with high confidence that the spyware has two additional components — tcore (main component) and kmem (privilege escalation mechanic) — but we were unable to obtain and analyze these modules.
PREDATOR has been around since 2019 and is designed to be flexible so that new Python-based modules can be delivered without the need for continual exploitation. Automatic updates, invisible, sneaky. That makes it flexible and pernicious.
Talos’s latest research uncovered the wide scope of the meshing of PREDATOR and ALIEN, providing proof that ALIEN is much more than just a loader for PREDATOR as previously thought.
Like the Pegasus spyware, which needs zero user interaction to infect victims’ devices, Predator and Alien have been seen to exploit zero-day and other vulnerabilities to infect and take over Android phones.
No defence
Forget encrypted services such as Telegram, Signal or Proton. Any outgoing data will be captured and analysed pre-encryption. Your DiiA life on the phone will be accessible.
What can you do?
With Pegasus, your phone can be turned on without you knowing it.
Basically, you don’t know what your phone is up to at any time so keep the battery flat until you need it. Yes, not really practical I know.
Barring that, it sounds as if we spies are back to dead letter boxes and brush-pasts, but without carrying our trackable smartphones.
And now the Moscow-based Karspersky security outfit has had some employees phones infected with new-brand malware via a zero-click vulnerability — an invisible iMessage.
Even a cybersecurity company gets caught.
Then the spin.
“We are quite confident that Kaspersky was not the main target of this cyberattack,” said founder Eugene Kaspersky.
Moscow? Justice?
Inevitable conclusions
Yes, the Ukraine War has accelerated technology in many areas and apart from the drones, missiles and all the other bad but necessary stuff, it’s DiiA that may have the longest term effect, at least outside the gulag that Russia is becoming.
I can’t help but think that with the huge advances in AI, we will each own a smartphone with DiiA that controls our lives (no choice), identifies us (biometrics will be mandatory), examines our bank account, collects our taxes, carries our health records and logs our movements, spoken conversations, messaging, online behaviour and detailed preferences.
All those technical capabilities already exist, and now people are keen to have ChatGPT and other AI installed on their smartphones. And soon, the functionality will be buried in the browser. It’s black box stuff. Mad.
From there it’s trivial to produce and maintain a psychological analysis of an individual. And a short hop to detect individuals who are threats to the state. On our phones, feeding back into centralised government AI systems.
Governments will surely act on that.
It’s a dreadful vision of the future. And it’s not very far away.
That 4 am knock on the door is coming soon.
Or maybe it will be like Brazil where the government systems were flaky.
_poster.jpg){kind=link}
I doubt it. Not with AI running the show.
And why bother with the 4 am visit? AI is taking all the jobs. AI only needs to make your phone explode — or fry your brain — if your profile is ‘abnormal’.
You will not be able to hide out of range of a cellphone tower. Musk’s Starlink satellites will be connecting cellphones — even on the ocean (other satellites constellations will be available, but…)
Do you really think that governments believe in privacy?
We’re living with Pegasus. Predator and Alien are self-installing right now.
I certainly don’t want to be around when Terminator arrives.
The idea of free society would be a joke.
Going underground anyone?
Paul Weller, wherever you are, write us another about going off-grid.
With instructions, please.
Final thought: If you don’t own a smartphone then you will automatically be ‘a person of interest’ as they say. Knock, Knock…
If you follow me I guarantee variety in your inbox with some unusual perspectives! I write passionately on a wide range of topics that interest me I also write about…
…spycraft
My novels are available at my Gumroad bookstore. Also at Amazon and Apple