Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Lebanon Must Investigate Claims of Mass Spying: Rights Groups

Eight rights groups including Human Rights Watch called on Lebanese authorities Wednesday to investigate reports of a massive espionage campaign traced back to a government security agency.

Eight rights groups including Human Rights Watch called on Lebanese authorities Wednesday to investigate reports of a massive espionage campaign traced back to a government security agency.

Digital researchers last week said they had uncovered a hacking campaign using malware-infected messaging apps to steal smartphone data from people in more than 20 countries, including journalists and activists.

The report tracked the threat, which the researchers dubbed “Dark Caracal“, to a building in Beirut belonging to the Lebanese General Security Directorate.

Eight rights groups and media organizations called on Lebanon’s general prosecutor on Wednesday to investigate who was behind the campaign.

“If these allegations are true, this intrusive surveillance makes a mockery of people’s right to privacy and jeopardises free expression and opinion,” said Lama Fakih, deputy Middle East director at Human Rights Watch. “Lebanese authorities should immediately end any ongoing surveillance that violates the nation’s laws or human rights, and investigate the reports of egregious privacy violations.”

Other signatories included the Lebanese Center for Human Rights (CLDH), the SKeyes Center for Media and Cultural Freedom, and Lebanon’s Social Media Exchange (SMEX).

Hundreds of gigabytes of data have been taken from thousands of victims in more than 21 countries, said the report, authored by digital rights group Electronic Frontier Foundation and mobile security firm Lookout.

They called Dark Caracal “one of the most prolific” mobile espionage campaigns to date. With fake versions of secure messaging services like WhatsApp and Signal, the scheme has enabled attackers to take pictures, capture audio, pinpoint locations, and mine handsets for private data.

Advertisement. Scroll to continue reading.

According to the report, Dark Caracal used FinFisher, surveillance software used by governments around the world.

In 2015, Toronto-based research group Citizen Lab found that General Security and other Lebanese security forces have used FinFisher for surveillance in Lebanon.

General Security chief Abbas Ibrahim did not explicitly deny the report.

“The report is very, very, very exaggerated. We don’t have these capabilities. I wish we had those abilities,” he said.

In comments to the media, Interior Minister Nouhad Mashnuq also appeared to confirm there was at least some truth to the report. “It’s not that it’s not true, it’s just very overblown,” said Mashuq.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.