Candiru is an Israeli cybersecurity company which develops spyware. Now the company has been charged with selling its tech to those who use it against people fighting for their human rights. Candiru is accused of behaving like a mercenary.
The charges against Candiru come from both Citizen Lab and Microsoft. The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.
Originally founded in 2014 by Yaakov Weizmann and Eran Shorer, Candiru has gone through a number of name changes and is officially known today as Saito Tech Inc. The company is said to market “untraceable” spyware to governments which they can use for spying on computers, mobile devices, and cloud accounts.
Citizen Lab is clearly not a fan of Candiru, which can be understood from their description of the company. They call Candiru a “secretive Israel-based company that sells spyware exclusively to governments” whose spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts. Citizen Labs sites Uzbekistan, Singapore, Saudi Arabia, the UAE and even Qatar as Candiru clients.
“Like many of its peers,” says Citizen Lab, “Candiru appears to license its spyware by number of concurrent infections, which reflects the number of targets that can be under active surveillance at any one instant in time. Like NSO Group, Candiru also appears to restrict the customer to a set of approved countries.”
They say that they came to their conclusions using Internet scanning. Citizen Lab states that they identified more than 750 websites linked to Candiru’s spyware infrastructure and that they found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities.
According to their research, Candiru’s Windows payload seems to have features which can removes files, access all messages saved in the Windows version encrypted messaging app Signal, as well as steal cookies and passwords from Chrome, Internet Explorer, Firefox, Safari, and Opera browsers.
Whatever the veracity of Citizen Lab’s claims against Candiru, they mitigated it with a somewhat subjective summary. “Candiru’s apparent widespread presence, and the use of its surveillance technology against global civil society, is a potent reminder that the mercenary spyware industry contains many players and is prone to widespread abuse,” they wrote.
They went on to talk about the need for governments to take the threat of these types of spyware more seriously and called for tougher regulation to prevent firms like Candiru from operating.