back to article Someone is touting a mobile, PC spyware platform called Dark Caracal to governments

An investigation by the Electronic Frontier Foundation and security biz Lookout has uncovered Dark Caracal, a surveillance-toolkit-for-hire that has been used to suck huge amounts of data from Android mobiles and Windows desktop PCs around the world. Dark Caracal [PDF] appears to be controlled from the Lebanon General …

  1. DCFusor

    Good luck

    If (keyword) the "intelligence" community - 5 eyes flavor, doesn't know who else is doing it - it's themselves.

    You know they'd find out a lot quicker than EFF could - it's not like they have no money or resources.

    1. Voland's right hand Silver badge

      Re: Good luck

      This looks like a distinctly tier2 effort.

  2. israel_hands

    This article is in serious need of being properly edited. Paragraphs that don't follow on from the previous one, words and even entire sentences repeated. I'm surprised this was put live in it's current state.

    EDIT: And it's been completely rewritten. Perhaps the hacks here need the same 10 minute cooldown between submitting something and it being visible to everyone else.

    1. diodesign (Written by Reg staff) Silver badge

      Re: israel_hands

      Due to a technical cockup, an old draft of the piece went live instead of the final edit. We keep a history of all article revisions, and an early revision overwrote the latest one.

      I just restored the final edit. The piece was edited hours ahead of publication, and set to go live at 8am PT / 4pm UTC. We don't publish stuff straight to the web - it gets edited by at least one editor.

      Basically, someone with a browser tab open with an old version of the story clicked on 'save and close', rather than 'close', in our web publishing system, and overwrote the clean version. Oops. But it's fixed.

      Don't forget to email corrections@theregister.com if you spot anything wrong.

      C.

      1. Mayday
        Alert

        Re: israel_hands

        This reminds me of what a colleague (it was not me!) did once.

        Working in a large ISP, he had two terminal windows open. One was to his lab box and another one was a live LNS with approx 20k DSL subscriber services terminating.

        I think you know what happened next. If you aren't sure, he copied some intended for the lab box into the live kit and instantly killed 20k user services.

        I thought it was funnier than what he did.

        1. israel_hands

          Re: israel_hands

          Yeah, I've been caught out by something similar myself. Now I tend to colour-code windows to make it easy to tell them apart.

          @Diodesign: That sounds fair enough, we've all done similar I don't doubt. I did think it was pretty shocking compared to the normal standards around here. Maybe this tale should get cross-referenced to On-Call?

  3. Destroy All Monsters Silver badge

    Malware gluttony!

    Once up and running, the software nasty downloads more malware from command-and-control servers.

    Evidently, you can never download enough malware!

  4. Anonymous Coward
    Anonymous Coward

    who exactly is running and using the Dark Caracal network

    surely none of our leading democracies?!

  5. CAPS LOCK

    Big Cats

    BBC1 8:00pm.

    1. Anonymous South African Coward Bronze badge
      Trollface

      Re: Big Cats

      Wild and wet ones too?

  6. Anonymous Coward
    Anonymous Coward

    They don't need it with Samsung

    I had a Samsung Galaxy S8 come into reserve stock off someone who was let go, and when I was checking how to set it up for another user I abandoned it and instead started a search for whoever authorised its purchase so they could start talking to our lawyer.

    We have extreme high privacy demands, and what the Samsung Galaxy demands to be accepted before it even wants to work is not just excessive, I would venture it is effectively illegal under existing privacy laws.

    There is an aspect to Data Protection that does not permit companies to force users to give access to their personal data, and the Samsung Galaxy S8 breaks that in many important ways. I am up to my eyeballs in work right now, but I reckon I will have time next week to report this formally to the Privacy Commission and CC the EU Art 29 working group.

    From what I've seen, I reckon getting a deal with Samsung would be easier than installing spyware..

    1. Anonymous Coward
      Anonymous Coward

      Re: They don't need it with Samsung

      I would love to see the report!

      Alcatel recently "upgraded" it's factory installed File Manager to include McAfee "antivirus" software as well as pushing advertising on to the users device.

      It has the ability to scan the users network and Bluetooth connections.

      Mind you, the devices already had AVG antivirus pre-installed from the factory as well.

      There was no warning, no opt-in or opt-out and no prominent "privacy" policy displayed anywhere.

      Users have complained loudly to both Alcatel and McAfee to no avail.

      The line between "malware" and "legitimate" apps is no longer distinguishable.

  7. This post has been deleted by its author

  8. This post has been deleted by its author

  9. Charles 9

    Call me when these mallards start spreading silently over the air. THEN we'll really be into the whole "government out to get you" territory.

  10. Anonymous Coward
    Anonymous Coward

    More laughable clickbait

    Seems you need to do quite alot of manual steps to get this. Essentially you don't accidentally get this, someone needed physical access to your phone and deliberately put it there...

    The sooner Google remove the ability to allow untrusted sources the better. Sure everyone will kick off and start crying like babies, some will shout about monopoly, as FDroid and Amazon app store and such would be obsolete, but it's the right thing to do, and it's no different to what Apple already does.

    1. Charles 9

      Re: More laughable clickbait

      So you'd rather submit to a walled garden and give up your freedom? As in your phone is no longer yours to do with as you please?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon