The Electronic Frontier Foundation and mobile security company Lookout released a report today detailing a major hacking campaign -- dubbed Dark Caracal -- that's believed to have originated from Lebanon's General Directorate of General Security (GDGS), one of the country's intelligence agencies. The companies found information gathered from thousands of victims from over 20 countries through espionage efforts extending back to 2012. Targets included military personnel, journalists, activists, financial institutions and manufacturing companies and some of the stolen data included documents, call records, texts, contact information and photos. Michael Flossman, a Lookout security researcher, told the Associated Press, "It was everything. Literally everything."
The hackers used malicious apps that resembled legitimate communication platforms like Signal and WhatsApp to steal the trove of data, loading up the fake versions with malware that allowed them to tap into users' conversations. "One of the interesting things about this ongoing attack is that it doesn't require a sophisticated or expensive exploit," EFF Staff Technologist Cooper Quintin said in a statement. "Instead, all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware." However, the hackers' storage of the stolen info also wasn't terribly sophisticated, as it was all left exposed online on an unprotected server. "It's almost like thieves robbed the bank and forgot to lock the door where they stashed the money," Mike Murray, Lookout's head of intelligence, told the AP.
The EFF and Lookout were able to link the data to a WiFi network coinciding with the location of Lebanon's GDGS. "Based on the available evidence, it is likely that the GDGS is associated with or directly supporting the actors behind Dark Caracal," noted the report. EFF Director of Cybersecurity Eva Galperin said that pinpointing the campaign to such a precise location was remarkable, telling the AP, "We were able to take advantage of extraordinarily poor operational security."