Open Access Government interviews Justin Albrecht, the threat intelligence officer who was behind the discovery of Hermit Spyware in Italy and Kazakhstan
Justin Albrecht, a threat intelligence officer from Whatch outHe was behind the recent discovery of the Hermit spyware that was discovered in Italy and Kazakhstan. Here, Albrecht explains the dangers of hermit spyware.
What is hermit spyware?
Hermit is an advanced spy software designed to target iOS and Android portable devices
Hermit is an advanced spyware designed to target iOS and Android mobile devices.
It is designed for Collecting large amounts of sensitive data On its victims such as location, contacts, private messages, photos, call logs, phone conversations, surrounding audio recordings, and more.
What is the purpose of hermit spyware?
The primary objective of Hermit is to conduct espionage against individuals in order to gather intelligence about their activities, social networks, contacts, whereabouts and lifestyle.
On paper, Hermit is what are known as “legal interception” tools and intended to be used by law enforcement and intelligence agencies to prevent crime and terrorism, and to mitigate risks to national security.
However, similar tools to Hermit, such as winged horse and “Predator” in the past to spy on activists and journalists, business leadersand opposition politicians and family members of the victims claiming to protect national security.
How dangerous is that?
The Hermit infected device is essentially a mobile flaw that allows Hermit operators to track a victim’s location in near real time, monitor phone calls and conversations that occur in secure chat apps, and listen for nearby conversations even if the device is not actively used.
In the wrong hands, it’s a very dangerous tool
In the wrong hands, it is a very dangerous tool, especially if the malware operators have bad intentions towards the victim.
How was it first discovered?
Lookout accommodates a large number of Android and iOS apps that our research team searches in an effort to find malware and protect our customers from such threats.
Hermit was discovered by one of our researchers in 2021 while searching for these samples after they noticed an apparently benign application with suspicious properties.
Who is responsible for Hermit Spyware?
We appreciate that the Italian companies RCS Lab SpA and Tykelab SRL are responsible for the development and deployment of Hermit.
Both companies are affiliated with Aurora SpA, an organization that controls eight separate companies primarily dedicated to providing surveillance technologies and services to government agencies.
Elettronica SpA recently acquired Aurora SpA, which also owns Italian monitoring company Cy4Gate.
Are governments doing enough to protect people from these kinds of threats?
While “legal interception” spyware has appeared in foreign espionage cases, it is more commonly deployed by law enforcement agencies and Secret Service agencies against targets in their own countries.
As such, the best protection that governments can provide against these threats is strong legal and judicial checks on the powers of these agencies. The strength of these controls varies widely between countries.
Additionally, governments—particularly those in countries where surveillance system vendors operate—could impose export controls on surveillance tools similar to those applied to kinetic weapons and apply pressure on vendors to prevent spread to countries likely to misuse spyware.
Not much has been done to protect people around the world
Aside from the actions the US government has taken against the NSO, little has been done to protect people around the world through such actions.
How common are these types of attacks?
Spyware such as Hermit or Pegasus is rather expensive for agencies that use these tools. Hence, attacks are necessarily targeted and usually deployed against high-value targets.
The likelihood of spyware being detected also increases with the number of targets it is being used against, and depending on the country, there may be a high political cost associated with spyware detection and public disclosure.
While the number of people targeted for these reasons is low, certain groups of people, such as journalists or human rights activists in some countries, are at much greater risk.