Stories

Lebanese spies exposed in cyber hacking campaign

Lebanese flag.
Lebanon's flag is seen hanging over a building in downtown Beirut. Photo: Salah Malkawi / Getty Images

Hackers with links to Lebanon’s main intelligence agency left hundreds of gigabytes of intercepted data on the open internet, per a report from security firm Lookout, Inc. and the Electronic Frontier Foundation. Victims of the hack span 21 different countries, including in the U.S. and European countries, per the report, which is calling the hacking campaign “Dark Caracal.”

Why it's unique: The report links state-backed hackers to a specific building. Electronic Frontier Foundation Director of Cybersecurity Eva Galperin told the AP's Rachel Satter she can only recall one other time in history that that precision has been achieved.

  • The smoking gun: The report identifies the intersection where the WiFi network was active that test devices appear to have used to launch the hacking software. That intersection is where Lebanon’s General Directorate of General Security is located and is just north of where the IP address of the spyware’s control panel was mapped. The AP was able to partially verify the WiFi network’s location.

In the hacked and exposed data: Syrian battlefield photos, private phone conversations, passwords, pictures of children’s birthday parties, per the AP.

  • How the hackers tricked people, per the report: They spoofed websites and apps, such as encrypted apps WhatsApp and Signal, to steal passwords and eavesdrop. The hackers tricked some users to visit bad web sites via message apps , and tricked others with fake Facebook profiles of women. Some may have been compromised with physical attacks on their phones while they were away from them.

Next: The report’s authors told the AP more revelations and evidence are to come.

Go deeper: The world's top cyber powers

More stories loading.