An Israeli group sold a tool for hacking Microsoft Windows, Microsoft and technology human rights group Citizen Lab announced Thursday, highlighting the growing business of finding and selling tools for hacking widely used software.
Hacking tool vendor Candiru developed and sold a software exploit that can break into Windows, one of many intelligence products sold by a mysterious industry that finds bugs in shared software platforms for its customers, one says Citizen Lab report.
The technical analysis by security researchers describes how Candiru’s hacking tool spread to numerous undisclosed customers around the world, where it was then used against various civil society organizations, including a Saudi dissident group and a left-wing Indonesian news agency, Citizen Lab and reports Microsoft show.
Attempts to reach Candiru for comment have been unsuccessful.
Evidence of the exploit recovered by Microsoft Corp (MSFT.O) suggests it was used against users in multiple countries including Iran, Lebanon, Spain and the UK, according to the Citizen Lab report.
“Candiru’s growing presence and use of its surveillance technology against global civil society is a powerful reminder that the mercenary spyware industry is multi-stakeholder and prone to widespread abuse,” Citizen Lab said in its report.
Microsoft corrected the detected errors with a software update on Tuesday. Microsoft did not directly attribute the exploits to Candiru, but referred to him under the code name Sourgum as an “offensive actor in the Israeli private sector”.
“Sourgum generally sells cyber weapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure, and Internet-connected devices,” Microsoft wrote on a blog post . “These agencies then choose who to address and carry out the actual operations themselves.”
Candiru’s tools also exploited weaknesses in other popular software products, such as Google’s Chrome browser.
On Wednesday, Google (BrilleL.O) published a blog post disclosing two Chrome software bugs that Citizen Lab found related to Candiru. Google did not name Candiru either, but referred to it as a “commercial surveillance company”. Google patched the two vulnerabilities earlier this year.
Cyber arms dealers like Candiru often chain multiple software vulnerabilities together to create effective exploits that can reliably infiltrate computers without the target’s knowledge, say computer security experts.
These types of covert systems cost millions of dollars and are often sold on a subscription basis, requiring customers to repeatedly pay a provider for continued access, people familiar with the cyber weapons industry told Reuters.
“Groups no longer need the technical know-how, just resources,” wrote Google in its blog post.
Source: Daily Techno News