Researchers call several countries as potential agents of spyware

The governments of Australia, Canada, Cyprus, Denmark, Israel and Singapore will be agents of the Israeli company Paragon Solutions, according to a new technical report issued by a famous digital security laboratory.

On Wednesday, a group of academic circles and security researchers were placed at the University of Toronto, which was achieved in the spyware industry for more than a decade, Publish a report On the start of the establishment of the founding Israeli monitoring, with the definition of the six governments as “suspect deployment operations.”

At the end of January, WhatsApp has been notified of about 90 users The company believes that it is targeted with Paragon Spypware programs, Scandal In Italy, where some Subordinate Goals He lives.

Paraguce has long tried to distinguish himself from competitors, such as NSO collection – From spyware He has He was They were abused in numerous Countries By claiming to be a more responsibility seller. In 2021, an unveiled executive official Paragon Forbes said These authoritarian or non -democratic systems will never be their customers.

In response to the scandal pushed by WhatsApp notifications in January, it may have been an attempt to enhance her claims about being a responsible seller for spyware, CEO of Paragon John. Teccrunch said The company “licenses its technology to a selected group of global democracies – mainly, the United States and its allies.”

In late 2024, the Israeli news means mentioned this AE Industral Partners in the United States has acquired AE Industrial Partners on Paragon For at least $ 500 million in advance.

In the report on Wednesday, Citizen Lab said it was able to set the infrastructure of the server used by Paragon for its spyware tool, which the Graphite seller describes, based on “advice from a collaborator”.

Starting with that advice, and after developing many fingerprints capable of identifying Paragon servers associated with digital certificates, Citizen Lab researchers found that many IP addresses are hosted in local telecom companies. Citizen Lab said she believes that these servers belong to Paragon clients, based on the first letters of certificates, which seem to match the names of the countries where the servers are located.

According to Citizen Lab, one of the fingerprints developed by the researchers led to a digital certificate registered on the graphite, in what appears to be an important operating error by the spyware maker.

“Strong circumstantial evidence supports a link between Paragon and the infrastructure that we have appointed,” he wrote in the report.

The report said: “The infrastructure that we found is linked to web pages entitled” Paragon “that was returned by IP addresses in Israel (where its headquarters are in Paragon), in addition to the TLS certificate that contains the name of the organization” Graphite “.

Citizen Lab noted that her researchers identified many other symbols, indicating potential government agents from Paragon. Among the suspected clients, Citizen Lab has dedicated OPP police in Canada, which appears to be a specific agent given that one of the IP addresses of the suspect Canadian customer is directly linked to OPP.

Techcrunch contacted the official speakers of the following governments: Australia, Canada, Cabros, Denmark, Israel and Singapore. Techcrunch also called the Ontario Province Police. None of the actors responded to our requests to comment.

Upon reaching it by Techcrunch, Paragon’s Fleming said that Citizen LAB has communicated with the company and provided “a very limited amount of information, and some appear to be inaccurate.”

“Given the limited nature of the information provided, we cannot provide a comment at this time,” Feling added. Fellang did not answer when Techcrunch asked what is not accurate about the Citizen Lab report, and he did not answer questions about whether the countries identified by Citizen Lab are Paragon agents, or their relationship with its Italian customers.

Citizen Lab noted that all people who were notified by WhatsApp, who then arrived at the organization to analyze their phones, use Android phone. This allowed researchers to determine the “criminal artifact” left by Paragon spyware, which researchers called “Bigpretzel”.

“The company can confirm that we believe that the Citizen Lab indicates that Bigpretzel is associated with Paragon,” Meta Zade Alsawah told Techcrunch in a statement.

“We have seen directly how commercial spyware weapons can be targeted by journalists and civil society, and these companies must be responsible,” read a dead statement. “Our security team is constantly working to remain at the forefront of threats, and we will continue to work to protect people’s ability to communicate in particular.”

Given that Android phones do not always maintain the records of certain devices, Citizen Lab notes that there is likely to be more people who were targeted by graphite programs, even if there is no evidence of Paragon spyware on their phones. For people identified as victims, it is not clear whether they are targeting on previous occasions.

Citizen Lab also pointed out that Paragon’s graphite spyware targets and settled specific applications on the phone – without the need for any interaction of the target – instead of prejudice to the broader operating system and device data. In the case of beppe Caccia, One of the victims in ItalyWho works in a non -governmental organization that helps immigrants, Citizen Lab found evidence that spyware had two other applications on his Android device, without naming applications.

The citizen pointed out that targeting specific applications instead of the device’s operating system, may make it difficult for criminal investigators to find evidence of penetration, but applications may give more clarity in spyware operations.

“Paragon spyware is more difficult than identifying competitors such as” NSO GROUP’s “PEGASUS, but at the end of the day, there is no” perfect “” spyware “attack,” Bill Marxzak, the first researcher at Citizen Lab, told Techcrunch. “

The clues may be in different places of what we are used to, but with cooperation and exchange of information, even the most difficult cases that collapse. ”

Citizen Lab also said he analyzed IPhone for David Yambio, who works closely with Caccia and others in the NGO. Yambio received a notification from Apple about targeting his phone by spyware mercenaries, but researchers were unable to find evidence that he was targeting Paragon spyware.

Apple did not respond to a request for comment.