Wine, Weapons and WhatsApp: A Skopje Spyware Scandal


A source with insight into the work of Cytrox, who spoke on condition of anonymity, says that Malinkovski’s father, Ilija, took part in the negotiations involving Cytrox when the company was still a start-up. In a statement to BIRN, however, Ilija Malinkovski denied having any connection to Cytrox.

Surveillance concerns raised before

In 2013, the Citizen Lab said it had identified ‘Command and Control servers’ of FinFisher, a sophisticated computer spyware suite sold exclusively to governments, in a number of countries including North Macedonia.

It cited an IP address of Makedonski Telekom, the country’s largest telecom provider, as being used by the spy software. Two years later, the Citizen Lab said that FinFisher servers traced to North Macedonia used the newsmagazine time.mk as a decoy.

The Citizen Lab said that, while marketed as a tool for fighting crime, FinFisher had been involved in “a number of high-profile surveillance abuses.”

“I did not participate in the process of establishing Cytrox in Macedonia, and hence my contacts are not related to the negotiation process with foreign investors and the operational activities of the company,” he said. “My business and personal contacts played no role in appointing my son Ivo Malinkovski as a manager employed in the local office.”

The source confirmed that there are companies also operating in Hungary and Israel under the name ‘Cytrox’, with the Hungarian firm responsible for development of software and the Israelis handling sales. Production moved to Skopje, they said, because those in charge were not happy with the performance of the Hungarian staff. In Skopje, Cytrox is registered as employing 16 people and an income last year of roughly 1.5 million euros.

The plan from the beginning was to develop surveillance software primarily for use by the police and state security agencies, they told BIRN.

A software engineer, who also spoke on condition of anonymity, described how such spyware works.

The target, he said, “does not have to do anything. It is enough to send him an ‘iMessage’, a message with a special gif, and the hackers already have access to the person’s device. They use a security hole in the phone’s operating system and install their own software to track the target. The user is not aware.”

Nour, a former presidential candidate and critic of the Egyptian leader Abdel Fattah al-Sisi, became suspicious when his device began “running hot”, the Citizen Lab reported. Subsequent analysis showed his phone had been infected both with Cytrox’s Predator and NSO Group’s Pegasus.

The Predator spyware managed to bypass the phone’s operating system protection using links sent via WhatsApp.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *