One ordinary day, Jay Gibson was taken aback by an unexpected notification on his iPhone. The message stated, “Apple has detected a targeted mercenary spyware attack against your iPhone.”
Gibson, a former employee of companies involved in developing spyware, was surprised to receive such a notification on his personal phone. Overwhelmed, he contacted his father, turned off his phone, and decided to purchase a new one.
“I was in a panic,” Gibson recounted to TechCrunch. “It was chaotic. A complete mess.”
Gibson’s experience is becoming increasingly common, with individuals receiving warnings from tech giants like Apple, Google, and WhatsApp regarding potential spyware attacks. These companies are taking proactive measures to alert users when they are targeted by government hackers using spyware developed by companies such as Intellexa, NSO Group, and Paragon Solutions.
While Apple, Google, and WhatsApp provide notifications, they do not intervene in the subsequent steps. They guide users to seek assistance but refrain from direct involvement in resolving the issue.
Warning
Upon receiving a notification of being targeted by government hackers, it is crucial to take the matter seriously. These tech companies possess extensive data on user activities and can accurately identify malicious activities on devices and accounts. If they alert you of being targeted, it is likely accurate.
Receiving a notification from Apple or WhatsApp does not necessarily indicate a successful hack but rather an attempted intrusion. Google typically notifies users after blocking an attack, advising them to enhance security measures like enabling multi-factor authentication and utilizing the Advanced Protection Program.
In the Apple ecosystem, activating Lockdown Mode enhances device security, making it challenging for hackers to compromise Apple devices. While Apple claims no successful hacks against users with Lockdown Mode enabled, it is essential to remain vigilant.
Mohammed Al-Maskati, director of Access Now’s Digital Security Helpline, shared recommendations for individuals wary of government spyware targeting. These include keeping devices and apps updated, enabling Lockdown Mode, and utilizing Google’s Advanced Protection for accounts and Android devices, among other precautions.
Reaching out for help
Subsequent actions following a notification depend on the individual’s circumstances. Open-source tools like the Mobile Verification Toolkit (MVT) can assist in detecting potential spyware attacks, although technical expertise is required.
For journalists, dissidents, academics, or activists facing such threats, organizations like Access Now, Amnesty International, and The Citizen Lab offer investigative support. Meanwhile, individuals outside these categories, such as politicians or business executives, may need to seek assistance from private security companies like iVerify, Safety Sync Group, or Hexordia.
Specialized teams like Lookout and TLPBLACK also provide investigative services for cyberattacks involving malware and device compromise. These organizations can help individuals investigate suspected hacks and enhance their cybersecurity.
Investigation
Following initial outreach for assistance, organizations may conduct forensic checks remotely to analyze diagnostic reports from devices. Depending on the findings, a detailed investigation may require sending a full device backup to experts for further analysis.
Modern spyware often operates stealthily, attempting to erase traces of intrusion after extracting data. While investigators strive to uncover the extent of the attack, some spyware may leave no discernible traces, posing challenges in identifying the breach.
For individuals targeted by government hackers, the decision to publicize the attack rests with them. While organizations may encourage disclosure to raise awareness or expose spyware misuse, individuals are not obligated to share their experiences publicly.
Receiving a spyware notification can be unsettling, but being prepared and seeking assistance from reputable sources can mitigate risks. Stay informed and prioritize cybersecurity to safeguard against potential threats.
