Rumors Swirl Around Israeli Spyware Maker Paragon's Government Customers
The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of Israeli spyware maker Paragon Solutions, according to a new technical report by a renowned digital security lab.
The Citizen Lab, a group of academics and security researchers housed at the University of Toronto that has investigated the spyware industry for more than a decade, published a report about the Israeli-founded surveillance startup, identifying the six governments as “suspected Paragon deployments.”
At the end of January, WhatsApp notified around 90 users that the company believed were targeted with Paragon spyware, prompting a scandal in Italy, where some of the targets live. Paragon has long tried to distinguish itself from competitors, such as NSO Group — whose spyware has been abused in several countries — by claiming to be a more responsible spyware vendor.
In 2021, an unnamed senior Paragon executive told Forbes that authoritarian or non-democratic regimes would never be its customers. In response to the scandal prompted by the WhatsApp notifications, Paragon said it could not comment on individual users but promised to investigate the incident and take action if necessary.
The Scope of Paragon's Spyware
Paragon's Graphite spyware targets specific apps on the phone — without needing any interaction from the target — rather than compromising the wider operating system and the device’s data. This makes it harder for forensic investigators to find evidence of a hack, but may give app makers more visibility into spyware operations.
“Paragon's spyware is trickier to spot than competitors like [NSO Group's] Pegasus, but, at the end of the day, there is no 'perfect' spyware attack,” Bill Marczak, a senior researcher at Citizen Lab, told TechCrunch. “Maybe the clues are in different places than we're used to, but with collaboration and information sharing, even the toughest cases unravel.”
Citizen Lab also analyzed the iPhone of David Yambio, who works closely with those affected by Paragon's spyware. While Yambio received a notification from Apple about his phone being targeted by mercenary spyware, the researchers couldn't find evidence that he was targeted with Paragon's spyware.
The Impact on Victims
For the people who were identified as victims of Paragon's spyware, it's not clear if they were targeted on previous occasions. Citizen Lab noted that the Android phones used by many of those affected do not always preserve certain device logs, making it likely that more people may have been targeted.
Beppe Caccia, one of the victims in Italy, who works for an NGO that helps migrants, had two other apps on his Android device infected with Paragon's spyware without naming them. This targeting specific apps rather than the entire operating system can make it harder to identify and stop the hack.
Accountability
"We’ve seen first-hand how commercial spyware can be weaponized to target journalists and civil society, and these companies must be held accountable,” Meta's statement read. “Our security team is constantly working to stay ahead of threats, and we will continue working to protect peoples’ ability to communicate privately.”
Meta stated that the Graphite spyware is associated with Paragon. Apple also confirmed that they would investigate and take necessary actions.
The Future of Spyware Investigations
Bill Marczak from Citizen Lab emphasized that while there's no one-size-fits-all solution for stopping spyware attacks, collaboration and information sharing between researchers, governments, and technology companies are crucial in unraveling such cases.
"Maybe the clues are in different places than we're used to, but with this cooperation and vigilance, even the toughest cases can be solved," he added.