EXPLANATION: Target list of Israeli hack-for-hire companies is growing
Press freedom and human rights activists are outraged by a new report on NSO Group, the notorious Israeli hacker company. The report, by a global media consortium, expands public knowledge of the target list used in NSO’s military-grade spyware. According to the report, this now includes not only journalists, rights activists and opposition politicians, but also their relatives.
The groups denounced the virtual absence of regulation of commercial surveillance tools. While allegations of widespread targeting by NSO’s Pegasus malware are even partially true, UN High Commissioner for Human Rights Michelle Bachelet said in a statement, a “red line has been crossed again and again in all impunity “.
Here’s what you need to know about this issue.
NSO GROUP HAS LONG BEEN ACCUSED OF UNETHICAL HACKING. WHAT’S UP?
The new investigation, based on data leaks of unspecified origin, builds significantly on previous efforts. Paris-based non-profit journalism Forbidden Stories and human rights group Amnesty International have obtained the data and claim that these are people potentially targeted for surveillance by NSO clients.
Journalists from the consortium combed through a list of more than 50,000 cell phone numbers, identifying more than 1,000 people in 50 countries. They include 189 journalists, 85 human rights activists and several heads of state. Journalists included employees of The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.
Amnesty was able to examine the smartphones of 67 people on the list, finding evidence of an attempted or successful Pegasus infection in 37. Its investigators discovered that the phone of the fiancee of Washington Post reporter Jamal Khashoggi, Hatice Cengiz, was infected just four days after he was killed at the Saudi consulate in Istanbul in 2018. They found Pegasus on the phones of the co-founders of the independent Indian online outlet The Wire and repeated infections on the phones of two Hungarian investigative journalists with the Direkt36 outlet.
The list of potential targets included Roula Khalaf, editor-in-chief of the Financial Times.
Fifty people close to Mexican President Andres Manuel Lopez Obrador were also on the list of potential targets. They include his wife, children, assistants and cardiologist. Lopez Obrador was in opposition at the time. A Mexican journalist whose phone number was added to the list during this time, Cecilio Pineda, was assassinated in 2017.
After Mexico, most of the potential targets were in the Middle East, where Saudi Arabia is reportedly among NSO clients. Also on the list were numbers in France, Azerbaijan, Kazakhstan and Pakistan, Morocco and Rwanda.
According to the Committee to Protect Journalists, there are few effective obstacles to preventing autocratic governments from using sophisticated surveillance technology to attempt to intimidate or silence a free press.
WHAT DOES NSO SAY?
NSO denies ever having maintained a list of “potential targets, past or existing”. He claims to only provide his services to “approved government agencies” for use against terrorists and serious criminals, and denies any association with Khashoggi’s murder. But the company does not disclose its customers and claims it has “no visibility” on the data. Security researchers who have studied NSO’s activity dispute this claim, saying the company directly handles high-tech espionage.
There is no doubt that the deployment of the NSO software creates various logs and other data that the company can access, said John Scott-Railton, a researcher at Citizen Lab, the University of Toronto-based watchdog that monitors Pegasus abuse since 2016.
Amnesty has not identified the source of the leak or how the data was authenticated to protect the security of its source. Citizen Lab has reviewed Amnesty’s methodology for confirming Pegasus infections and found it to be valid. Scott-Railton said he has no doubts that the leaked data “contains an intention to target.”
The presence of a phone number in the data does not necessarily mean that an attempt was made to hack a device, said Amnesty, which found traces of Pegasus infection on the cell phones of 15 journalists from the listing.
Amnesty claims the malware is so effective that it can hack even the latest models of Apple’s iPhone operating system, undetected because it sucks up personal and location data and takes control of the devices’ microphones and cameras. . In a statement, Apple’s chief security engineer Ivan Krstić did not directly respond to Amnesty’s request, instead highlighting the rarity of these targeted attacks and the company’s dedication to security. of its users.
ISRAL APPROVES THIS ACTIVITY?
When asked about its approvals of NSO exports, Israel’s Defense Ministry said in a statement that it “approves the export of cyber products exclusively to government entities, for lawful use, and only for the purpose of preventing and d ‘investigating crime and the fight against terrorism’. He said national security and strategic considerations are taken into account.
Last year, an Israeli court dismissed Amnesty’s lawsuit to revoke NSO’s export license, citing insufficient evidence.
Since 2016, Citizen Lab and Amnesty have primarily documented OSN’s targeting of rights activists, dissidents and journalists, including dozens of Al-Jazeera employees. But the new list significantly expands the scope of potential targets to include members of Arab royal families, diplomats and business leaders, according to the consortium, which includes The Washington Post, The Guardian, Le Monde and Sueddeutsche Zeitung.
CAN SOMEONE BE TARGET? HOW CAN THE INFECTION BE OPPOSED?
No one not involved in the collection of sensitive information outside of the United States needs to be very concerned. NSO Group’s malware and other commercial monitoring tools customers typically focus on high-profile targets.
But those in NSO’s sights may not be able to avoid infection. Its infection methods often do not require user interaction, such as clicking a link in a text message.
One of those zero-click options exploited a loophole in WhatsApp, the popular encrypted mobile messaging service. WhatsApp and its parent company Facebook sued NSO in federal court in San Francisco in 2019.
The WhatsApp lawsuit accuses NSO Group of targeting some 1,400 WhatsApp users. Until this week, that was the largest number of potential Israeli company spyware targets gathered in one place.