DP News – Week 35. New player in the mass surveillance ‘market’?

The recent news about hefty fines imposed on Clearview AI and the class-action lawsuit against the software giant Oracle might finally take the back-burner, as a new player seems to take its place on the scene.

An Italian poorly known company Tykelabs and its parent entity RCS Labs have been reported by Google’s Threat Analysis Group and Lookout Research to be the developers and distributors of the new spyware dubbed “Hermit”. The spyware is allegedly able to intercept and record calls, to get access to various types of data like messages, call logs, contacts, photos, and to see the smartphone’s location.

As Google points out, “In some cases, we believe the actors worked with the target’s ISP to disable the target’s mobile data connectivity”. “Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover their data connectivity. We believe this is the reason why most of the applications masqueraded as mobile carrier applications.”

The Hermit’s traces have reportedly been found in the EU (Italy, Romania, Greece, Portugal) and also far beyond it (Kazakhstan, Syria and others).

While having much to do with information security issues in general and social engineering attacks in particular, the Tykelabs’s activity might be seen as yet another stepping stone towards the world of mass surveillance and global databases keeping large volumes of personal data unknowingly to data subjects. This also leaves thoughts on how many other similar companies, which haven’t been brought to the limelight thus far, may exist across the globe.

The above calls for proper regulatory and enforcement actions from the EU authorities, of course. As some prophets of doom and gloom say, 10-15 years later, an out-of-control surveillance industry may make privacy a thing of the past, implying that all efforts to combat it will have turned out to be useless.