Mollitiam Industries claims to have created hackings tools that can take control of smartphones and laptops
A secretive cyberintelligence firm claims to have created powerful hacking tools that can remotely monitor and take control of Android, MacOS and Windows devices. Designed for those looking to “investigate targets in tactical operations,” Mollitiam Industries is promoting tools that are capable of the “anonymous interception, and the remote and invisible control of targets connected to the internet,” according to documents seen by WIRED
Marketing materials left exposed online by a third-party claim Mollitiam’s interception products, dubbed ‘Invisible Man’ and ‘Night Crawler,’ are capable of remotely accessing a target’s files, location, and covertly turning on a device’s camera and microphone. Its spyware is also said to be equipped with a keylogger, which means every keystroke made on an infected device – including passwords, search queries and messages sent via encrypted messaging apps – can be tracked and monitored.
To evade detection, the malware makes use of the company’s so-called “invisible low stealth technology” and its Android product is advertised as having “low data and battery consumption” to prevent people from suspecting their phone or tablet has been infected. Mollitiam is also currently marketing a tool that it claims enables “mass surveillance of digital profiles and identities” across social media and the dark web.
Cyberintelligence firms responsible for manufacturing invasive spyware technology, such as Israel’s NSO Group, Italy’s Hacking Team, and Germany’s FinFisher, have faced sustained criticism from human rights groups in recent years due to accusations of providing sophisticated spy tools to repressive regimes where they have been used to target members of civil society. The exposed documents are one of the first times Mollitiam’s surveillance capabilities have been revealed publicly. “Time and again we have seen the type of spyware sold by Mollitiam used to target journalists, activists, and others,” says Edin Omanovic, the advocacy director of Privacy International.
While Mollitiam Industries is less well-known than other cyberintelligence firms, its technology is regularly touted at ISS World conferences, a series of annual surveillance events dubbed a ‘wiretappers’ ball’ by privacy advocates. Recently it has promoted its ability to record WhatsApp calls and shared details of social engineering and phishing tactics used “to gain the target’s trust” during a webinar. Later this year it is scheduled to present a demo on the “latest technology used to take invisible control of target systems”. The lead sponsor of the conference is NSO Group, which is currently embroiled in a legal battle with WhatsApp over its hacking technology.
Little is publicly known about how Molltiam’s technology is used in the real-world. In January 2020, Colombian news magazine, Semana, published contracts that appear to show a division of the Colombian military had purchased Mollitiam’s ‘Invisible Man’ product the previous year for almost three billion pesos, almost £600,000. According to Reporters Without Borders, the technology was used to target several journalists at the magazine, including its editor, Alejandro Santos.
“We know that the Colombian government has been spying on journalists for many years and so anything that suggests they are getting better tools to be able to do that is deeply concerning,” says Natalie Southwick, the South and Central Americas program coordinator of the Committee to Protect Journalists. “Spyware is a massive threat to press freedom and the right of everyone to access information.”
Mollitiam Industries was established in 2018 and is based in Madrid, according to its LinkedIn page. Although not all of its clients are known, Spain’s intelligence agency and cyberspace command unit work with the company and officials in Brazil and Peru have also purchased its products, according to trade magazine, Intelligence Online.Most Popular
- The perfect number of hours to work every day? FiveBY MARGARET TAYLOR
- How to buy refurbished tech BY ANDREW WILLIAMS
- It’s time to ditch ChromeBY KATE O’FLAHERTY
- Nobody will watch GB News. That’s the pointBY WILL BEDINGFIELD
The company did not acknowledge or respond to multiple requests for comment about how its technologies work, who they are sold to, or how they have been used by those that have purchased them.
But Mollitiam Industries is also working on a project worth almost €650,000 which is part-funded by European Union’s Regional Development Fund. The project aims to build an intelligence platform that “extracts, analyses and correlates large amounts of data” from social media and the dark web. It will provide “a new way to automatically generate intelligence from the extracted data” by collecting and analysing data from several social media platforms simultaneously. Facebook, Twitter, Telegram and Tor are all included as potential sources of data collection. The two year project, which is one of several EU-backed initiatives the company has benefited from, is due to end in September 2021, according to official documents.
Privacy campaigners have criticised the EU’s decision to provide funds to the company, saying the “intrusiveness and covert nature” of the company’s interception products risk enabling human rights abuses. “The fact that they received EU public money to develop their business is shocking,” says Omanovic. “Mollitiam market capabilities that pose such a unique threat to our privacy and security that it’s highly debatable if such powers could ever be compatible with international human rights law.”
A spokesperson for the European Commission declined to comment on record about Mollitiam’s funding or the tools it was building. It is not the first time the EU has been accused of funding the spread of surveillance technology. According to a report published last year by Privacy International, Niger has received €11.5 million from the EU for the provision of drones, surveillance software, and IMSI catchers.
The EU’s role in increasing surveillance capabilities domestically and abroad comes despite calls by David Kaye, the former UN Special Rapporteur on freedom of expression, for an immediate moratorium on the sale, transfer and use of surveillance tools. In a 2019 report, Kaye noted that surveillance technologies including sophisticated hacking and interception tools are “causing immediate and regular harm to individuals and organisations that are essential to democratic life.”
The EU recently introduced new export regulations that seek “to prevent human rights violations and security threats” that are connected to the misuse of any surveillance technology. Access Now and other human rights organisations say the new regulation includes “positive elements” but remains a “missed opportunity for a more ambitious regulation that includes stronger protections needed to safeguard human rights and security.”
On its homepage, Mollitiam Industries acknowledges that it has to obtain government authorisation to export some of its products and says it is prohibited from selling its technology to countries that face EU sanctions. But Omanovic says existing regulations do not do enough to protect human rights.
“It is no surprise that their spyware has already reportedly been abused,” he says. “The Spanish authorities must now ensure that they block risky exports of surveillance tech and ensure that the public have access to information detailing which ones have been approved and to where.”