US NCSC and DoS share best practices against surveillance tools

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools.

The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools.

In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes.

Surveillance tools can be used to record audio, including phone calls, track the phone’s location, and access and retrieve all content on a phone (i.e. text messages, files, chats, commercial messaging app content, contacts, and browsing history).

These tools were used in attacks aimed at journalists, dissidents, and other persons around the world.

“Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections.” reads the guidance. “In some cases, malign actors can infect a targeted device with no action from the device owner. In others, they can use an infected link to gain access to a device.”

Below is the list of cybersecurity practices recommended by the NCSC and the US State Department to mitigate the risk of exposure to attacks using these tools:

• Regularly update device operating systems and mobile applications.
• Be suspicious of content from unfamiliar senders, especially those which contain links or attachments.
• Don’t click on suspicious links or suspicious emails and attachments.
• Check URLs before clicking links, or go to websites directly.
• Regularly restart mobile devices, which may help damage or remove malware implants.
• Encrypt and password protect your device.
• Maintain physical control of your device when possible.
• Use trusted Virtual Private Networks.
• Disable geo-location options and cover camera on devices.
• While these steps mitigate risks, they don’t eliminate them. It’s always safest to behave as if the device is compromised, so be mindful of sensitive content.

In November, the Commerce Department’s Bureau of Industry and Security (BIS) sanctioned four companies for the development of spyware or the sale of hacking tools used by nation-state actors.

The firms are NSO Group and Candiru from Israel, Computer Security Initiative Consultancy PTE. LTD from Singapore, and Positive Technologies from Russia.

NSO Group and Candiru are being sanctioned for the development and sale of surveillance software used to spy on journalists and activists. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, surveillance tools)

[adrotate banner=”5″]

[adrotate banner=”13″]