On monitoring - Omer Benjakob in Haaretz:
‘We’re being monitored. It’s a universally acknowledged truth about this digital age. Technology firms and advertisers know almost everything about us: where we are, what we buy, which apps we download and how we use them, our search histories and past purchases, even our sexual orientation and what fetishes we’re into. There’s only one thing that advertisers don’t or aren’t supposed to have access to: our identity. The world of ads and the data behind them is meant to be anonymous.
We’ve all been there. We read the post of a friend who just got back from vacation, and a few hours later an ad for a hotel pops up on our screen, and similar ones hound us for days, following us across websites and social media – but few of us have any idea how or why this happens.
Whenever we open an application or a website on our phone, without our noticing, a rapid process of mass negotiation takes place, and a complex and aggressive market embodying the whole economy of the internet plays out: In a split second – a fraction of the moment that elapses until the page we want opens – an automatic bidding process occurs between hundreds of thousands of different advertisers. They are fighting to advertise exactly to us at this exact moment in time. The more accurate the information the advertisers have about us, the more segmented and targeted the data, the greater the chances that we’ll actually click – and thus the price of the ad increases.’ (…)
‘ A number of Israeli firms have developed technologies that are capable of exploiting advertising to collect data and monitor citizens. Hundreds of thousands – if not millions – of people can be monitored in this way.’
‘As millions of ads compete for the right to penetrate our screens, Israeli firms are clandestinely selling technology that transforms these ads into tools of surveillance – or even into weapons that are capable of penetrating our computers or phones.’
‘This is a story about technology that bypasses the security and privacy restrictions of Apple and Google, and infiltrates phones through a sophisticated use of advertising information. It’s an investigation into how advertisements turned into tools of war on the digital battlefield. A story about the dangerous connection between the world of espionage and the private market, and a perfect example of what is referred to as “surveillance capitalism”: how information collected for commercial ends is exploited by states for intelligence purposes and morphs, with a little help from Israeli high-tech entrepreneurs, into a security product, where it is liable to become a weapon against private citizens.’
‘A few years ago, people discovered that data collected for advertising and commercial needs could also be used for other ends, and that these exchanges can also be used for geotracking, surveillance of our location. This is the little-known field of AdInt (ad intelligence). Its aim is to convert data and information collected for advertising purposes into intelligence.
“In a certain sense, Google and Apple created an espionage market,” explains a person in the AdInt industry, referring to the two companies whose operating systems power most smartphones. “They just hoped that people wouldn’t understand that the information that advertisers collect can also be intelligence gold. Another way to think of it is that Apple and Google are themselves a type of espionage firm. There are simply some who know how to exploit that.”’
‘This is how, in the shadow of the coronavirus crisis, a new industry of mass AdInt came into being. A company founded by Eric Banoun, one of the pioneers of offensive cyber in Israel, offered the Shin Bet security service an ad-based surveillance and monitoring service. As Gur Megiddo reported in TheMarker, the idea was to reverse-engineer information about users in large ad networks for intelligence purposes. In this case, the aim was to engage in mass monitoring to track the spread of the pandemic.
The firm is called Intelos and its product is called AdHoc. It’s marketed to law enforcement agencies and business clients alike. The company’s products are not considered to be security-related and are therefore not regulated. There’s a whole industry of similar companies.’
‘The investigation shows that there are a number of Israeli firms that are offering intel of this sort to many different kinds of clients. One such company is Rayzone, which is considered a pioneer in the field and actually coined the term AdInt. Its product, called Echo, is not under state supervision because it too makes use of information that is considered open. It’s sold to private bodies, but an official Israeli body also showed interest in purchasing it for the purpose of attempting to surveil Palestinians in Israel.
Other companies offer less advanced products. One of them, Bsightful, markets its capabilities to those in the private advertising world. According to sources in this field, the company’s activity is based on cross-matching browsing data and other sources of commercially available information that can be purchased, mined or otherwise extracted from the web. The company was acquired by another cyber firm, Cognyte, which offers similar capabilities – but to states and armed forces. In other words, the same information and the same technologies, only with different uses: one commercial, the other for intel.
But some companies don’t make use of ads only for surveillance. They go a step further, creating tools that use ads to penetrate phones and computers.
How does this work? An advertising profile for the target audience is compiled. After that, an ad campaign tailored to the audience is created, and it is bombarded with ads, thus allowing mass geo-surveillance. Next, the spyware or malware is placed into a campaign.
With the aid of an advertiser or an ad infrastructure, the infected ad is uploaded into the ad exchange and the bidding begins – until the target receives the ad and the malicious code infiltrates the device.
Sources in the industry say it was clear to them from the outset that the technology would quickly become a slippery slope. “AdInt is a legitimate field, as long as it remains within the realms of general tracking,” one such source says. “Those who turn it into a weapon are playing with fire. All that’s needed is one snafu, one case of abuse, for the entire capability to be burned.”’
‘Spyware like Pegasus hacks smartphones by exploiting security vulnerabilities in the iPhone operating system. But we’re talking about something different here. This isn’t an attempt to breach a device via the backdoor, but to allow something to enter it cleverly through a front window, a window that is wide open thanks to the world of advertising that sustains the entire internet economy.
De facto, this technology creates a new “vector” into the device for those who are capable of developing spyware by themselves, or for existing clients of companies such as NSO. If, as some say, Pegasus is the nuclear bomb of the digital age, these new capabilities can be likened to the guided missile on which the digital nuclear warhead is delivered.’
‘It’s long been known that states have surveillance capabilities and that they can use them against their own citizens, even in the age of encrypted smartphones. In recent years, the public has learned that non-Western countries – in Africa, Asia, Central America and the Arab world – also possess these abilities, not because they were able to develop them independently, but because they acquired them in the private international digital arms market.
These capabilities, created in no small part by Israeli firms, were originally intended to prevent terrorism and serious crime, are also being abused, notably by illiberal, undemocratic countries that have little experience with such advanced technologies. As with arms, alongside the regulated, legal market, darker and less supervised markets also form, through which technologies – be it arms or digital arms – are sold to dubious countries to which even Israel prohibits selling, and perhaps even to private bodies. Sources in the industry warn that this time, too, as occurred with offensive cyber, there are liable to be similar consequences.’
‘The Defense Ministry, NSO, Candiru, Paragon, AdHoc, Bsightful and Cognyte chose not to respond to this investigative report.’
Read the article here.
That’s a very interesting take on Apple and Google, they are already spy firms, albeit with other aims most spy firms.
These products will end up in illiberal countries, a nice euphemism for rogue states. And dissidents, journalists and other 'undesirable' people will be monitored, imprisoned and/or killed.
See for example this article about Pegasus and Mexico.