Digital Espionage: The Dark Side of Online Advertisements
Watan – The digital realm, once a beacon of connectivity and shared experiences, now harbors unseen threats. Spyware programs targeting mobile devices have become more insidious, thanks to the strategies leading spyware manufacturers employ. A standout tactic exploits online advertisements to access users’ private information secretly. The Israeli tech enterprise, Insanet, has developed a tool that infiltrates devices through online ad networks, turning certain targeted ads into covert gateways.
No defense mechanisms currently exist against this specific spyware. Alarmingly, the Israeli government has approved Insanet’s sale of this intrusive technology. Reports show that while developers originally designed ad networks to protect the identities of social media and mobile phone users, manipulators can now exploit them. Combined with other data, especially phone location details, these networks can track and monitor individual online behaviors.
By definition, spyware is covert software that someone installs stealthily on unsuspecting users’ devices. They provide unauthorized access to the device’s content, from calls and texts to emails and voicemails. More advanced spyware can even take over the device, turning on its microphone and camera without the owner’s consent.
A detailed report from the Israeli publication, Haaretz, highlights that Insanet’s innovation uses ad networks as a delivery mechanism, rather than exploiting device vulnerabilities. This approach differs from other spyware like the Pegasus software by NSO Group, which takes advantage of security gaps in Apple’s iOS. In response, Apple released a security patch on September 7, 2023.
Insanet’s Sherlock stands out because of its unique operation method. Users design specific ad campaigns tailored to their target’s demographics and location and embed the spyware within an ad exchange. When the victim sees the ad, the spyware installs itself on their device discreetly.
From 2011 to 2023, over 74 governments have partnered with commercial entities to buy spyware or digital forensic tools. These tools serve various purposes, from surveillance and intelligence gathering to crime prevention and counter-terrorism. Law enforcement agencies also use spyware for similar goals, especially when tackling cybercrime, organized crime, or threats to national security.
Experts are still examining Sherlock’s full range of capabilities. However, initial findings indicate it can compromise Windows computers, Android devices, and iPhones. The practice of using ad networks to spread malware, known as malvertising, isn’t new. Historically, such malware targeted computers, often to launch ransomware attacks or steal passwords for unauthorized access.
