Israeli group sold tools to hack windows, says Microsoft

An Israeli group sold a software exploit that can penetrate Microsoft windows, shredding the light on the growing business of finding and selling tools to hack widely used software, Microsoft and technology human rights group citizen lab said on Thursday.

Candiru, the hacking tool vendor created and sold a tool that can hack Windows, one of the many intelligence products sold by a secretive industry that finds flaws in common software platforms for their clients, said a report by Citizen Lab.

Technical analysis by security researches details how Candiru’s hacking tool spread the world to several unnamed customers, where it was then used to target various civil society organisations, including a Saudi dissident group and a left learning Indonesian news outlet, the reports by Citizen Lab and Microsoft show.

Candiru’s spyware targeted at least 100 members of civil society, including politicians, human rights activists, journalist, academics, embassy workers and political dissidents, the report said, in the places like Spain, UK, Singapore and within Israel and Occupied Palestinian territories. Researchers also found that more than 750 fake websites posing as groups including Amnesty International, Black Lives Matter movement, and the Russian postal service that were laced with the spyware.

Candiru has tries to remain in shadows ever since it’s founding, but there is no space in the shadows for companies that facilitate authoritarianism by selling spyware, said a senior fellow at the Citizen Lab.

On Wednesday, Google released a blog where it disclosed two Chrome software flaws that Citizen Lab found connected to Candiru. Google also did not refer to Candiru by name, but described it as a “commercial surveillance company”. Google patched the two vulnerabilities earlier this year.

Those types of covert systems cost millions of dollars and are often sold on a subscription basis, making it necessary for customers to repeatedly pay a provider for continued access, people familiar with the cyber arms industry told Reuters.

“No longer do groups need to have the technical expertise, now they just need resources”, Google wrote in its blog post.