BOSTON (AP) – Human rights and press freedom activists are outraged by a new report on NSO Group, the notorious Israeli hacker company. The report, written by a global media consortium, expands public awareness of the target list used in NSO’s military-grade spyware. According to the report, this now includes not only journalists, rights activists and opposition politicians, but also their relatives.
The groups denounced Monday the virtual absence of regulation of commercial surveillance tools. While allegations of widespread targeting by NSO’s Pegasus spyware are even partly true, UN High Commissioner for Human Rights Michelle Bachelet said in a statement, a “red line has been crossed over and over again with complete impunity “.
Here’s what you need to know about this issue.
NSO GROUP HAS LONG BEEN ACCUSED OF UNETHICAL HACKING. WHAT’S UP?
The new investigation, based on data leaks of unspecified origin, builds significantly on previous efforts. Paris-based non-profit journalism Forbidden Stories and human rights group Amnesty International obtained the data they say points to potential targets for surveillance of NSO clients.
Journalists from the consortium combed through a list of more than 50,000 cell phone numbers, identifying more than 1,000 people in 50 countries. They include 189 journalists, 85 human rights activists and several heads of state. Journalists included employees of The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.
Amnesty was able to examine the smartphones of 67 people on the list and found attempted or successful Pegasus infections out of 37. It discovered that the phone of Washington Post reporter Jamal Khashoggi’s fiancee, Hatice Cengiz, was infected in just four days after his assassination in the Saudi consulate in Istanbul in 2018. Amnesty also found Pegasus on the phones of the co-founders of the independent Indian online outlet The Wire and repeated infections on the phones of two Hungarian investigative journalists with the Direkt36 point of sale.
The list of potential targets included Roula Khalaf, editor-in-chief of the Financial Times.
Fifty people close to Mexican President Andres Manuel Lopez Obrador were also on the list of potential targets. They include his wife, children, assistants and cardiologist. Lopez Obrador was in opposition at the time. A Mexican journalist whose phone number was added to the list during this period, Cecilio Pineda, was assassinated in 2017.
After Mexico, most of the potential targets were in the Middle East, where Saudi Arabia is reportedly among NSO clients. Also on the list were numbers in France, Azerbaijan, Kazakhstan and Pakistan, Morocco and Rwanda.
According to the Committee to Protect Journalists, there are few effective obstacles to preventing autocratic governments from using sophisticated surveillance technology to attempt to intimidate or silence a free press.
After an Amnesty’s forensic analysis released on Sunday showed it hosted NSO’s infrastructure, Amazon Web Services said it closed the Israeli’s accounts that were “confirmed to support reported hacking activity “. Amazon said it violated its terms of service.
WHAT DOES NSO SAY?
NSO denies ever having maintained a list of “potential targets, past or existing”. He claims to only sell to “approved government agencies” for use against terrorists and serious criminals, and denies any association with Khashoggi’s murder. The company does not disclose its customers and claims to have “no visibility” on the data. Security researchers dispute this claim, saying the company directly handles high-tech espionage.
There is no doubt that the deployment of NSO’s software creates various logs and other data that the company can access, said John Scott-Railton, a researcher at Citizen Lab, the University of Toronto-based watchdog body that has been monitoring Pegasus abuse since 2016.
Amnesty has not identified the source of the leak or how the data was authenticated to protect the security of its source. Citizen Lab has reviewed Amnesty’s methodology for confirming Pegasus infections and found it to be valid. Scott-Railton said he has no doubts that the leaked data “contains an intention to target.”
The presence of a phone number in the data does not necessarily mean that an attempt was made to hack a device, said Amnesty, which found traces of Pegasus infection on the cell phones of 15 journalists from the listing.
Amnesty claims the malware is so effective that it can hack even the latest models of Apple’s iPhone operating system, undetected because it sucks up personal and location data and takes control of the devices’ microphones and cameras. . In a statement, Apple’s chief security engineer Ivan Krstić did not directly respond to Amnesty’s request, instead highlighting the rarity of these targeted attacks and the company’s dedication to security. of its users.
ISRAL APPROVES THIS ACTIVITY?
When asked about its approvals of NSO exports, Israel’s Defense Ministry said in a statement that it “approves the export of cyber products exclusively to government entities, for lawful use, and only for the purpose of preventing and d ‘investigating crime and the fight against terrorism’. He said national security and strategic considerations are taken into account.
Last year, an Israeli court dismissed Amnesty’s lawsuit to revoke NSO’s export license, citing insufficient evidence.
Since 2016, Citizen Lab and Amnesty have primarily documented OSN’s targeting of rights activists, dissidents and journalists, including dozens of Al-Jazeera employees. But the new list significantly broadens the scope of potential targets to include members of Arab royal families, diplomats and business leaders, according to the consortium, which includes The Washington Post, The Guardian, Le Monde and Sueddeutsche Zeitung.
CAN SOMEONE BE TARGET? HOW CAN THE INFECTION BE OPPOSED?
No one who is not involved in collecting sensitive information outside of the United States needs to worry much. NSO Group’s malware and other commercial monitoring tools customers typically focus on high profile targets.
But those in NSO’s sights may not be able to avoid infection. Its infection methods often do not require user interaction, such as clicking a link in a text message.
One of those zero-click options exploited a loophole in WhatsApp, the popular encrypted mobile messaging service. WhatsApp and its parent company Facebook sued NSO in federal court in San Francisco in 2019.
The WhatsApp lawsuit accuses NSO Group of targeting some 1,400 WhatsApp users. Until this week, that was the largest number of potential Israeli company spyware targets gathered in one place.
PA correspondents Josef Federman in Jerusalem and Geir Moulson in Berlin contributed to this report.