EU-bankrolled cybersecurity firm develops intrusive tech that allows ‘anonymous’ snooping & remote control of net devices – media

Flush with EU funds, a shadowy Spain-based cyberintelligence firm has reportedly created invasive surveillance tech that enables clients to take “remote and invisible control” of net-connected devices while evading detection.

The “anonymous interception” products, branded as ‘Invisible Man’ and ‘Night Crawler’, can remotely access files on a target’s device, discern their location, and even discreetly switch on cameras and microphones, according to WIRED magazine.

The developer, Mollitiam Industries, is also reportedly hyping up a tool that allows for the “mass surveillance of digital profiles and identities” across social media and even the dark web – which sounds strikingly similar to its work on a data-harvesting project funded in part by the EU’s Regional Development Fund.

That project is aimed at developing an automated intelligence-generation platform that analyzes and correlates large amounts of data “from open internet sources.” It is reportedly worth €650,000 ($788,027) and is slated to end in September.

However, that is only one of several EU-funded projects that have filled the company’s coffers, according to official documents accessed by WIRED. Although there is no full public listing of clients, a 2019 article from trade publication Intelligence Online noted that it works with Spain’s intelligence agency and cyberspace command unit.

“The fact that they received EU public money to develop their business is shocking. Mollitiam market capabilities that pose such a unique threat to our privacy and security that it’s highly debatable if such powers could ever be compatible with international human rights law,” Edin Omanovic, advocacy director at privacy watchdog Privacy International, told WIRED.

Accessing unprotected online marketing materials, the report noted that Mollitiam’s “invisible low-stealth technology” and “low data and battery consumption” features allows its tools to operate without arousing suspicion.

Another feature is a keylogger that comes built-in with the spyware – allowing for the tracking and recording of every keystroke a target makes on an infected device, including passwords, web search activity and even texts exchanged on encrypted messaging apps.

During a recent webinar, Mollitiam showcased its tech’s ability to record WhatsApp calls and divulged details of social engineering and phishing tactics used “to gain the target’s trust.”

The report comes at a time when privacy concerns are being raised about efforts by law enforcement and intelligence agencies to gain access to personal data by circumventing encrypted messaging technologies.

The creation and use of the encrypted chat ANOM, central to the recent interagency sting operation against organized crime, has been held up as an example. The app contained a secret master key that allowed law enforcement to decrypt and record messages on the fly.

“We worry about intelligence services having backdoors… Most people don’t think about intelligence services actually creating the app in order to entrap people,” CIA whistleblower John Kiriakou told RT in a recent interview about that operation.

“I think we should all just assume that our communications, even our encrypted communications, are being monitored,” said Kiriakou, who said the episode was a sobering reminder about the limits to online privacy for those naive to believe digital messages are safe from snooping.

Earlier this year, the EU updated its rules on export of dual-use technology, including cyber-surveillance tools, so as to “prevent human rights violations and abuses.” However, the new regulations were deemed by privacy organizations to be too “fragile” to act as safeguards.

Neither the company nor European authorities have responded to the report.

If you like this story, share it with a friend!