It was an average day for Jay Gibson until he received an unexpected notification on his iPhone. The message stated, “Apple has detected a targeted mercenary spyware attack against your iPhone.”
Interestingly, Gibson had previously worked for companies that developed similar spyware, which made the notification even more shocking. He immediately called his father, turned off his phone, and decided to purchase a new one.
Feeling panicked, Gibson recounted the experience to JS, describing it as a chaotic situation. He is just one of many individuals who have been receiving notifications from tech giants like Apple, Google, and WhatsApp warning them about potential spyware attacks. These companies are taking a proactive approach in alerting users who may have been targeted by government hackers utilizing spyware developed by companies such as Intellexa, NSO Group, and Paragon Solutions.
While Apple, Google, and WhatsApp provide warnings to their users, they do not intervene beyond that point. Instead, they direct users to seek assistance elsewhere. This is the protocol that unfolds when users receive such notifications.
Warning
Upon receiving a notification about being targeted by government hackers, it is crucial to take the matter seriously. These tech companies possess extensive telemetry data regarding user activities on their devices and online accounts. Their security teams are well-versed in identifying and analyzing malicious activities, making their warnings highly credible.
Receiving a notification from Apple or WhatsApp does not necessarily mean that a successful hack occurred. It could indicate a failed hacking attempt, but the companies can still alert users about the situation. Google, on the other hand, likely blocked the attack and advises users to enable multi-factor authentication, including physical security keys and its Advanced Protection Program, to enhance account security.
For Apple users, activating Lockdown Mode is recommended to bolster device security and deter hackers. While Apple claims that no successful hacks have been reported with Lockdown Mode enabled, users should remain vigilant as no system is entirely foolproof.
Mohammed Al-Maskati, the director of Access Now’s Digital Security Helpline, shared advice on dealing with potential government spyware threats. Suggestions include keeping devices and apps updated, enabling Lockdown Mode for Apple devices, activating Google’s Advanced Protection for accounts and Android devices, avoiding suspicious links and attachments, regularly restarting phones, and monitoring any unusual device behavior.
Reaching out for help
The next steps following a notification depend on the user’s profile. There are tools like the Mobile Verification Toolkit (MVT) available for detecting suspected spyware attacks, though they require some technical expertise. Individuals falling under categories such as journalists, dissidents, academics, or human rights activists can seek assistance from organizations like Access Now, Amnesty International, The Citizen Lab, or Reporters Without Borders.
For executives or politicians, seeking help may require a different approach. Large corporations or political parties typically have security teams to handle such incidents. Private security firms like iVerify, Safety Sync Group, Hexordia, Lookout, and TLPBLACK offer services for investigating potential hacks and surveillance attempts.
Investigation
The investigative process varies based on the organization providing assistance. Initially, investigators may perform a forensic check remotely using a diagnostic report file created on the device. Subsequent steps may involve sending a full device backup or the actual device for a deeper analysis.
Modern spyware often operates covertly, attempting to conceal its activities and erase traces of intrusion. Investigators may face challenges in uncovering evidence due to the spyware’s evasive tactics.
Individuals targeted by spyware may have the option to publicize the attack to raise awareness or expose the perpetrators. Organizations assisting victims typically respect their privacy and offer support without requiring public disclosure.
While receiving a spyware notification is unsettling, it is essential to follow the recommended steps and seek help from reputable sources. Stay informed and prioritize your online security to minimize the risks associated with potential cyber threats.