Spyware can be used to Follow Canadians
Privacy – 4 min read May 14, 2019

Spyware Can be Used to Follow Canadians

It's a chilling tale that has unveiled a sinister use of technology. Not only can technology aid governments in tracking dangerous persons, but it can also help bad actors track members of the media. In fact, it's the tale of how a cybersecurity tool marketed to governments is falling into the wrong hands. 

 

 

The Story of Javier Valdez Cárdenas

 

It begins with the murder of a celebrated Mexican journalist named Javier Valdez Cárdenas. As founder of RioDoce, a weekly magazine covering organized crime and drug trafficking, Cárdenas was on the forefront of a dangerous struggle to expose the Mexican drug war. Unsurprisingly, his work made him an enemy of some of the most dangerous players in the drug trafficking world. Starting with a series of exposés in 2009 entitled “Hitman: Confessions of an Assassin in Ciudad Juarez,” Valdez Cárdenas became a bold voice against drug cartels.

After enduring years of threats against himself and his staff, Valdez Cárdenas was killed by gunmen on May 15, 2017. He was shot 12 times after leaving the RioDoce offices and the perpetrators took his laptop, files, and his cellphone. In the days following his murder, the staff of RioDoce as well as the Valdez Cárdenas’ family began to receive odd text messages promising information on his killer. And this is where this tragic tale takes a shockingly disturbing turn.

A year later, two writers from The Globe & Mail, along with Mexican partners, came across new information that pointed to the Mexican government as the source of these text messages. After acquiring a Israeli-based surveillance app called Pegasus for US$80-million, the Mexican government infected the recipients’ phones with the Pegasus spyware. The infected phones then acted as a digital secret agent, giving the government the ability to eavesdrop and record conversations.

 

Not only can technology aid governments in tracking dangerous persons, but it can also help bad actors track members of the media.

 

The Controversy Surrounding Surveillance with Pegasus

 

Pegasus is developed by NSO Group, which markets its spyware as a powerful aid in combating terrorism and aiding in criminal investigations. Once it is installed on a device, it enables a jailbreak that can track phone calls, read text messages, and gather information from other apps operating on the device, such as Facebook, iMessage, Gmail, Skype, etc.

NSO Group provides assurances that it always uses due diligence to ensure that Pegasus isn't being used maliciously. Yet, this has not always been the case. After the murder of Valdez Cárdenas, and following an investigation that exposed how Pegasus was used to maliciously target innocent civilians, NSO Group has come under considerable global fire for developing a tool that is used in violation of human rights.

NSO Group is facing several lawsuits, including one that accuses the company of providing Pegasus spyware to the Saudi Arabian government in the aftermath of the brutal killing of Washington Post journalist, Jamal Khashoggi, at a Saudi Consulate. The lawsuits allege that the NSO Group knowingly violated human rights laws by providing the Saudi government with surveillance spyware that was then used to spy on Khashoggi and several of his colleagues.

One of these colleagues is Saudi dissident and refugee Omar Abdulaziz, a close confidant of Khashoggi, who was targeted by the Pegasus spyware while in Canada. In the months prior to Khashoggi’s murder, it is alleged that the Saudi government was able to use Pegasus to monitor conversations between the two over private messaging.

The use of such spyware breaches the privacy rights of individuals. Borders and distance don't offer any protection. Research done by the Citizen Lab shows that people in 45 different countries worldwide have had devices infected by Pegasus, with 30 different countries currently operating the spyware. Many of these countries have a notoriously bad track record in terms of human rights and freedom of the press—including countries like Saudi Arabia, United Arab Emirates, and Bahrain.

 

Moving Forward to end Spyware Abuse

 

Numerous lawsuits against NSO Group are still in progress. Should they be found liable for allowing the abuse of its Pegasus spyware, the company would likely make major changes in who can access their product and how it can be used. This could set a standard moving forward for manufacturers and providers of surveillance spyware.

Another avenue is to hit ‘em where it hurts: in the pocketbook. The spyware market is always booming, and draws the attention of major investors including banks and pension funds. Should the industry continue to demonstrate indifference to shocking evidence of such carelessness and disturbing abuse, investors will undoubtedly become more hesitant to associate themselves with the industry.

 

What does this mean to Canadians?

 

The average Canadian is unlikely to be targeted by a foreign government but many Canadian companies could find themselves being surveilled by foreign competition. Consult with an IT services specialist if you would like to learn more about your vulnerability to spyware.

 

If you're interested in locking down your systems from spyware, get in touch with CITI. We'll educate your users and implement a layered defence that will protect every system on your network with anti-spyware solutions. 

 

 

Learn about your IT security. Register for a free cybersecurity consultation.  Book Now Considering moving to the cloud? Find out if the cloud is right for your  company.Book Now
Guide to Email Security from our Practice Safe Cyber Series Download Your Poster
Global Toronto and CreateTO City of Toronto Agencies Case Study
Learn about your IT security. Register for a free cybersecurity consultation.  Book Now
Guide to Ransomware Attacks in Canada
Considering moving to the cloud? Find out if the cloud is right for your  company.Book Now
New IT Infrastructure Transforms Organization. KCI Ketchum Canada
Engage our services and get 10 hours free. It's easy to work with CITI. Become  a client.Book Appointment

IT Insights from our Blog

Read more

We're here to help!

Moving to the Cloud
Cybersecurity

Is your management team asking about your IT security policies and practices? Are you worried about a cybersecurity breach? CITI’s comprehensive IT security services provide all the information your company needs to deal with current and future security situations and concerns. Learn about your IT security. Register for a free cybersecurity session.

Managed Services

There is another way to manage your IT that doesn’t require you call your IT firm. Managed IT services offer proactive care, support, monitoring and maintenance of your computer systems for a fixed monthly fee. Process-driven, less involvement, more predictable cost. Yes, Virginia, there is a way to keep your IT running smoothly that does not require you to make a call.

Pay-As-You-Go

Are you concerned about minimizing IT maintenance costs? Perhaps you’re techno savvy. Or maybe you only need an IT firm for complex IT situations. CITI can provide exactly the volume of IT services that you want and need from network troubleshooting to helping a user with a jammed printer. Our full range of services are available on a per incident basis.

Disaster Recovery

Is the stuff of your nightmares power outages? The only way to deal with a severe interruption to business operations is to plan for it. Beginning with a disaster recovery plan through implementing and maintaining failsafe, foolproof, rock-solid offsite backups, CITI has helped 100s of companies protect their most valuable asset—their data and systems.

IT Consulting

Uncertain if your company should move to the cloud? Do you have doubts about the best way to back up your data? Looking for ways to minimize your vulnerability to IT security breaches? Perhaps you’re looking for help with your annual IT budget. CITI’s IT advisory services help businesses make informed strategic and tactical decisions on information technology.

Call Us