Microsoft hacking tool came from Israel – allegation


An Israeli group sold a tool to hack into Microsoft Windows, Microsoft and technology human rights group Citizen Lab said, shedding light on the growing business of finding and selling tools to hack widely used software.

The hacking tool vendor, Candiru, created and sold a software exploit to penetrate Windows, one of many intelligence products sold by a secretive industry that finds flaws in common software platforms for clients a report by Citizen Lab said.

Technical analysis by security researchers details how Candiru’s hacking tool spread around the globe to unnamed customers, where it was used to target civil society organisations, including a Saudi dissident group and a left-leaning Indonesian news outlet, the reports by Citizen Lab and Microsoft show.

Evidence recovered by Microsoft Corp suggested it was deployed against users in countries including Iran, Lebanon, Spain and the United Kingdom, according to the Citizen Lab report.

“Candiru’s growing presence and use of its surveillance technology against global civil society, is a potent reminder the mercenary spyware industry contains many players and is prone to widespread abuse,” Citizen Lab said in its report.

Microsoft repaired the discovered flaws on Tuesday through a software update. Microsoft did not directly attribute the exploits to Candiru, referring to it as an “Israel-based private sector offensive actor” under the codename Sourgum.

“Sourgum generally sells cyberweapons enabling its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure and internet-connected devices,” Microsoft wrote in a blog post. “These agencies then choose who to target and run the actual operations themselves.”

Candiru’s tools exploit weaknesses in common software products, like Google’s Chrome browser.

On Wednesday, Google released a blog post where it disclosed two Chrome software flaws Citizen Lab found connected to Candiru. Google again did not refer to Candiru by name, describing it as a “commercial surveillance company.” Google patched the vulnerabilities earlier this year.

Cyber arms dealers like Candiru often chain multiple software vulnerabilities to create effective exploits to reliably break into computers remotely without a target’s knowledge, computer security experts say.

These covert systems cost millions of dollars and are often sold on a subscription basis, making it necessary for customers to repeatedly pay a provider for continued access, people familiar with the cyber arms industry told Reuters.

“No longer do groups need technical expertise, they just need resources,” Google wrote in its blog post.