Israeli software company Insanet has released a novel product known as Sherlock, which has the capability to infiltrate devices via online advertisements. This tool is designed to monitor targets and gather data for its clientele.
A recent probe by Haaretz brought to light that this spyware has been procured by a non-democratic nation state. This revelation marks the first public disclosure of Insanet's surveillance tool. Notably, Sherlock can seamlessly penetrate platforms such as Microsoft Windows, Google Android, and Apple iOS.
Unprecedented Commercialization of Spyware
The investigation by Haaretz underscored the uniqueness of this case. “This is the first case in the world where a system of this sort is being sold as technology, as opposed to a service,” journalist Omer Benjakob highlighted. Insanet has secured the green light from Israel's Defense Ministry to market Sherlock internationally as a military-grade product, albeit with stringent conditions. The company's roots trace back to 2019, with its founders having significant ties to Israel's defense and cybersecurity sectors.
The Collaborative Marketing Strategy
Insanet collaborated with Candiru, another Israeli spyware developer, to promote Sherlock alongside Candiru's own spyware solutions. The cost for a Sherlock infection is reportedly set at a staggering six million euros. The Electronic Frontier Foundation's Director of Activism, Jason Kelley, expressed concerns over Insanet's utilization of ad technology to infect devices. He emphasized the potential risks associated with online ads, which can be manipulated to target specific demographics. “This method of surveillance and targeting uses commercially available data that's very difficult to erase from the internet,” Kelley commented.
Protective Measures Against Data Harvesting
While the high price tag of Sherlock might limit its widespread use, the potential threats to activists, journalists, and government officials cannot be ignored. However, there are steps that individuals can take to shield themselves from Sherlock and similar technologies. Mayuresh Dani, Qualys threat research manager, recommended the use of anti-adware tools, ad blockers, and privacy-centric browsers. On a broader scale, Kelley advocated for the implementation of consumer data privacy laws to curb the profitability of data collection.