Israeli software maker Insanet has reportedly developed a commercial product called Sherlock that can infect devices via online ads to spy on targets and collect data on its customers.
This comes out from a Haaretz investigation, which this week reported that the spyware had been sold to a country that is not a democracy.
The Haaretz report marks the first time that details about Insanet and the surveillance system it has developed have been made public. Sherlock can run on Microsoft Windows, Google Android and Apple iOS devices (cross platform), according to the manufacturer.
"According to the research findings, this is the first time in the world that a system of this kind is sold as a technology, as opposed to a service," reports Omer Benjakob, adding that Insanet received approval from Israel's Ministry of Defense to to sell Sherlock worldwide as a military product is supposed to be subject to several strict restrictions, such as selling only to Western nations.
"Even to present it to a potential customer in the West, specific permission would have to be obtained from the Ministry of Defense and it is not always given," says Benjakob.
Founded in 2019, the company is owned by former military personnel. Its founders include former head of Israel's National Security Council Dani Arditi and cyber entrepreneurs Ariel Eisen and Roy Lemkin.
Arditi, who, according to his LinkedIn profile, is the CEO of an Israeli technology company called IFG Security, did not respond to questions from reporters. Lemkin, CEO of Exceed Ventures, a cyber intelligence fund, followed suit.
"Insanet is an Israeli company, which operates in full and absolute compliance with Israeli law and its strict regulatory guidelines," the company was quoted as saying in the newspaper.
To market its spyware, Insanet allegedly worked with Candiru, an Israel-based spyware maker that has already been sanctioned by the US. Sherlock's partnership with Candiru's spyware can set the client back six million euros.
The Haaretz publication featured a Candiru marketing document from 2019 that states:
“Sherlock could hack Windows-based computers as well as iPhones and Androids. Until now, different companies have specialized in hacking different devices. Candiru focused on computers, NSO could hack iPhones and its competitors specialized in Androids. With this system, the documents show, virtually any device could be hacked.
Electronic Frontier Foundation Director Jason Kelley said Insanet's use of ad technology to infect devices and spy on customers makes the malware particularly worrisome. Malicious online advertisements not only provide a potential vehicle for the delivery of malware, through carefully crafted images or JavaScript that exploit vulnerabilities in browsers and operating systems, but can be used to track specific groups of people.
"This method of tracking and targeting uses commercially available data that is very difficult to delete from the Internet," Kelley said. "Most people have no idea how much of their information has been collected or shared by data brokers and ad tech companies, and have little ability to delete it."
Another very interesting thing is that Sherlock is designed to use legitimate data collection and digital advertising technologies, which are also used by big tech companies and online media. This helps target people for espionage at the government level. Other spyware, such as NSO Group's Pegasus or Cytrox's Predator and Alien, are much easier to detect.
