Talk:Dark Caracal

This is the talk page for discussing improvements to the Dark Caracal article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Computer Security: Computing Low‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Espionage Low‑importance

	Dark Caracal is within the scope of WikiProject Espionage, which aims to improve Wikipedia's coverage of espionage, intelligence, and related topics. If you would like to participate, visit the project page, or contribute to the discussion.EspionageWikipedia:WikiProject EspionageTemplate:WikiProject EspionageEspionage articles
Low	This article has been rated as Low-importance on the project's importance scale.

Mass surveillance Low‑importance

	Dark Caracal is within the scope of WikiProject Mass surveillance, which aims to improve Wikipedia's coverage of mass surveillance and mass surveillance-related topics. If you would like to participate, visit the project page, or contribute to the discussion.Mass surveillanceWikipedia:WikiProject Mass surveillanceTemplate:WikiProject Mass surveillanceMass surveillance articles
Low	This article has been rated as Low-importance on the project's importance scale.

Definition[edit]

I believe the definition needs to be fixed. This article currently defines Dark Caracal as a "spyware system". However, the primary sources define it as an "actor" and/or a "malware espionage campaign" and most of the reliable secondary sources define it as either a "hacker group" or a "spyware campaign conducted by a hacker group".

Primary sources:

As the modern threat landscape has evolved, so have the actors. The barrier to entry for cyber-warfare has continued to decrease, which means new nation states — previously without significant offensive capabilities — are now able to build and deploy widespread multi-platform cyber-espionage campaigns. This report uncovers a prolific actor with nation-state level advanced persistent threat (APT) capabilities, who is exploiting targets globally across multiple platforms. The actor has been observed making use of desktop tooling, but has prioritized mobile devices as the primary attack vector. This is one of the first publicly documented mobile APT actors known to execute espionage on a global scale. Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut.^[1]

Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign against military personnel, enterprises, medical professionals, lawyers, journalists, educational institutions, and activists.^[2]

The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. [...] The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut.^[3]

Secondary sources:

Hackers allegedly working for the government of Lebanon stole hundreds of gigabytes from thousands of victims all over the world, and they did it using phishing, relatively simple custom-made malware with no fancy zero-day exploits, and using recycled infrastructure, according to a new report. [...] The researchers have dubbed the group Dark Caracal and they identified victims inside governments, militaries, utility companies, financial institutions, manufacturing companies and defense contractors going as far back as 2012. The researchers declined to give out more details about the targets. This makes them “the most globally active” government hacking group Lookout has seen to date, according to the firm’s researcher Michael Flossman.^[4]

The hackers have been dubbed Dark Caracal and, after mistakenly leaking digital clues, were traced back to a building belonging to the Lebanese General Security Directorate in Beirut, where the country's chief communications intelligence agency operates. The researchers claimed the group had stolen hundreds of gigabytes of data across more than 20 countries in North America, Europe, the Middle East and Asia, with at least 2,000 victims in total. Michael Flossman, security researcher at Lookout, told Forbes there are likely many thousands more infected with the group's various spywares for PCs and cellphones, noting he and his colleagues didn't have complete visibility of the Dark Caracal attacks.^[5]

There’s a string of spyware campaigns operating out of a government building in Lebanon, according to new research from Lookout Security and the Electronic Frontier Foundation. Dubbed “Dark Caracal,” the new group is linked to attacks on thousands of victims in more than 21 different countries, a range of targets so broad that researchers believe the campaign may represent a new kind of spyware for hire. [...] Galperin believes Caracal is part of a new kind of spyware service, one that contracts jobs by the target rather than selling tools outright. Seen through that lens, the Caracal attacks look like a single actor based in Lebanon taking on six jobs at once for a variety of buyers, a kind of digital spy for hire.^[6]

The hacking campaign exposed Thursday by EFF and Lookout — which they dub “Dark Caracal” — was discovered in the wake of an entirely different cyberespionage campaign targeting Kazakh journalists and lawyers.^[7]

Dubbed Dark Caracal, the advanced persistent threat (APT) campaign has managed to steal hundreds of gigabytes of data, including personal information and intellectual property, from more than 21 countries and thousands of victims, according to the 51-page report (PDF) released Thursday.^[8]

The threat, dubbed Dark Caracal by the researchers, looks as if it could come from a nation state and appears to use shared infrastructure linked to other nation-state hackers, the report said. [...] The researchers believe Dark Caracal has been operating since 2012 but it has been hard to track because of the diversity of seemingly unrelated espionage campaigns originating from the same domain names. Over the years Dark Caracal's work has been repeatedly misattributed to other cybercrime groups, the researchers said.^[9]

The state-backed hackers, dubbed “Dark Caracal” by the report’s authors - after a wild cat native to the Middle East - used phishing attacks and other tricks to lure victims into downloading fake versions of encrypted messaging apps, giving the attackers full control over the devices of unwitting users.^[10]

I propose that we change the definition from "spyware system" to something like "spyware campaign conducted by a hacker group". --Dodi 8238 (talk) 09:14, 20 January 2018 (UTC) [edited 11:10, 20 January 2018 (UTC)][reply]

This secondary source also supports the idea that Dark Caracal refers to the campaign:

The campaign, discovered by the Electronic Frontier Foundation and the mobile security firm Lookout, is known as Dark Caracal and seems to be the work of nation state-funded hackers.^[11]

Because there have been no objections, I have now made the change myself. --Dodi 8238 (talk) 13:27, 21 January 2018 (UTC)[reply]

References

^ "Dark Caracal; Cyber-espionage at a Global Scale" (PDF) (Technical report). Lookout and Electronic Frontier Foundation. 18 January 2018.
^ Murray, Mike (18 January 2018). "Mobile Advanced Persistent Threat actor conducting global espionage campaign from Lebanon" (Blog post). Lookout, Inc.
^ "EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World" (Press release). Electronic Frontier Foundation. 18 January 2018.
^ Franceschi-Bicchierai, Lorenzo (18 January 2018). "Lebanese Government Hackers Hit Thousands of Victims With Incredibly Simple Campaign". Motherboard. Vice.
^ Fox-Brewster, Thomas (18 January 2018). "500 Hacks From Beirut Show Any Government Can Spy On Google's Androids". Forbes. Retrieved 20 January 2018.
^ Brandom, Russell (18 January 2018). "Researchers have discovered a new kind of government spyware for hire". The Verge.
^ Satter, Raphael (18 January 2018). "Report links hacking campaign to Lebanese security agency". The Washington Post.
^ Kanaracus, Christopher (18 January 2018). "Sprawling Mobile Espionage Campaign Targets Android Devices". Threatpost.
^ "Data-stealing spyware 'traced to Lebanon'". BBC News. 19 January 2018.
^ Auchard, Eric (18 January 2018). "Lebanese security agency turns smartphone into selfie spycam: researchers". Reuters.
^ Newman, Lily Hay (20 January 2018). "Security News This Week: Hacking Group's Mobile Malware Spies on Thousands Worldwide". Wired.

[1] "Dark Caracal; Cyber-espionage at a Global Scale" (PDF) (Technical report). Lookout and Electronic Frontier Foundation. 18 January 2018.

[2] Murray, Mike (18 January 2018). "Mobile Advanced Persistent Threat actor conducting global espionage campaign from Lebanon" (Blog post). Lookout, Inc.

[3] "EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World" (Press release). Electronic Frontier Foundation. 18 January 2018.

[4] Franceschi-Bicchierai, Lorenzo (18 January 2018). "Lebanese Government Hackers Hit Thousands of Victims With Incredibly Simple Campaign". Motherboard. Vice.

[5] Fox-Brewster, Thomas (18 January 2018). "500 Hacks From Beirut Show Any Government Can Spy On Google's Androids". Forbes. Retrieved 20 January 2018.

[6] Brandom, Russell (18 January 2018). "Researchers have discovered a new kind of government spyware for hire". The Verge.

[7] Satter, Raphael (18 January 2018). "Report links hacking campaign to Lebanese security agency". The Washington Post.

[8] Kanaracus, Christopher (18 January 2018). "Sprawling Mobile Espionage Campaign Targets Android Devices". Threatpost.

[9] "Data-stealing spyware 'traced to Lebanon'". BBC News. 19 January 2018.

[10] Auchard, Eric (18 January 2018). "Lebanese security agency turns smartphone into selfie spycam: researchers". Reuters.

[Newman-2018-1-20-11] Newman, Lily Hay (20 January 2018). "Security News This Week: Hacking Group's Mobile Malware Spies on Thousands Worldwide". Wired.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]