The Pakistani military is alleged to have hacked information from Australian diplomats potentially gaining access to sensitive metadata, texts and photos and tracking their movements.
The hacking is thought to have occurred after the Australians interacted with those whose phones were compromised after they downloaded apps or had their phones physically accessed by the hackers.
A United States mobile phone data security company, Lookout, detailed the hacking which it said it had reported to the appropriate authorities and may have links back to an individual previously associated with a Sydney-based company.
Lookout’s report said it had identified over 15 gigabytes of compromised data that included call records, audio recordings, device location information, text messages and photos.
It said analysis of the exfiltrated data found details of trips to the Pakistani cities of Quetta, and Balochistan by Australian diplomats.
The report contains an image of what appears to be a document detailing an itinerary for Australian diplomats.
“Visit of Australian diplomats” is the heading of the document which has been redacted by Lookout but appears to reference the names of the individuals undertaking a visit and discuss security arrangements.
The report says the tools were part of a “highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military” using surveillanceware families Lookout referred to as Stealth Mango (Android) and Tangelo (iOS).
“Our research shows that Stealth Mango is being actively managed by Pakistani based actors that are likely military,’’ it says. “We determined that government officials and civilians from the United States, Australia, the United Kingdom and Iran had their data indirectly compromised after they interacted with Stealth Mango victims.’’
It says the Australians may have had their data stolen after they associated with users who had been compromised by the Stealth Mango surveillanceware.
They further identified content from other countries officials and diplomats, including the United States, Australia, the United Kingdom and Iran, and believe this data may have been stolen when these victims interacted with Stealth Mango victims.
Among data that is believed to be uploaded and tracked from infected phones was installed packages and device information, changes in SIM card or phone numbers on the device, picture, video and audio files, SMS logs and deleted incoming messages, GPS tracking, functionality to detect when a victim is driving, calendar events and reminders and contact lists for various third party applications such as Yahoo and Google Talk among others.
The report notes that the developer of the spyware may have at one point been associated with a company headquartered in Sydney that develops similar legal applications that track devices.
It suspects the developer is part of a group of developers selling mobile surveillance ware and is based in a specific area in the Pakistani capital Islamabad — potentially a government building associated with the Pakistani ministry of education.
The Department of Home Affairs has been contacted for comment.