
Situation Report
A new report by Citizen Lab, a group of academics and security researchers housed at the University of Toronto, has identified several countries as potential customers of Paragon Solutions, an Israeli spyware vendor.
The report alleges that Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely clients of Paragon's Graphite spyware.
This revelation challenges Paragon's long-standing claims of being a responsible vendor that only sells to democratic regimes, particularly the United States and its allies.
Technical Findings
Citizen Lab's investigation mapped Paragon's server infrastructure, uncovering IP addresses hosted at local telecom companies that they believe belong to Paragon's customers.
These findings were based on digital certificates, with initials matching the names of the countries where the servers are located.
A significant operational mistake by Paragon led to a digital certificate registered to Graphite, further strengthening the link between the company and the infrastructure.
The researchers also identified the Ontario Provincial Police (OPP) in Canada as a specific customer, given that one of the IP addresses for the suspected Canadian customer is linked directly to the OPP.
Paragon's Response
Paragon's executive chairman, John Fleming, stated that Citizen Lab provided limited and potentially inaccurate information.
However, he did not specify what was inaccurate or comment on whether the identified countries are indeed Paragon customers.
This response has done little to quell the controversy surrounding the company's clientele and practices.
Spyware Tactics and Challenges
Citizen Lab's research indicates that Paragon's Graphite spyware targets specific apps on Android phones, making it more difficult to detect compared to other spyware like NSO Group's Pegasus.
This tactic may give app makers more visibility into spyware operations, but it also poses challenges for forensic investigators trying to uncover evidence of a hack.
As Bill Marczak, a senior researcher at Citizen Lab, noted, collaboration and information sharing are crucial in unraveling even the toughest cases.
Discussion