Lebanon must investigate claims of mass spying – rights groups

BEIRUT, Lebanon – Eight rights groups including Human Rights Watch called on Lebanese authorities Wednesday, January 24, to investigate reports of a massive espionage campaign traced back to a government security agency. 

Digital researchers last week said they had uncovered a hacking campaign using malware-infected messaging apps to steal smartphone data from people in more than 20 countries, including journalists and activists.

The report tracked the threat, which the researchers dubbed “Dark Caracal”, to a building in Beirut belonging to the Lebanese General Security Directorate.

Eight rights groups and media organisations called on Lebanon’s general prosecutor on Wednesday to investigate who was behind the campaign. 

“If these allegations are true, this intrusive surveillance makes a mockery of people’s right to privacy and jeopardizes free expression and opinion,” said Lama Fakih, deputy Middle East director at Human Rights Watch.

“Lebanese authorities should immediately end any ongoing surveillance that violates the nation’s laws or human rights, and investigate the reports of egregious privacy violations.” 

Other signatories included the Lebanese Center for Human Rights (CLDH), the SKeyes Center for Media and Cultural Freedom, and Lebanon’s Social Media Exchange (SMEX). 

Hundreds of gigabytes of data have been taken from thousands of victims in more than 21 countries, said the report, authored by digital rights group Electronic Frontier Foundation and mobile security firm Lookout.

They called Dark Caracal “one of the most prolific” mobile espionage campaigns to date.

With fake versions of secure messaging services like WhatsApp and Signal, the scheme has enabled attackers to take pictures, capture audio, pinpoint locations, and mine handsets for private data. 

According to the report, Dark Caracal used FinFisher, surveillance software used by governments around the world. 

In 2015, Toronto-based research group Citizen Lab found that General Security and other Lebanese security forces have used FinFisher for surveillance in Lebanon. 

General Security chief Abbas Ibrahim did not explicitly deny the report. 

“The report is very, very, very exaggerated. We don’t have these capabilities. I wish we had those abilities,” he said. 

In comments to the media, Interior Minister Nouhad Mashnuq also appeared to confirm there was at least some truth to the report. 

“It’s not that it’s not true, it’s just very overblown,” said Mashuq. – Rappler.com