50,000 phone numbers worldwide on list linked to Israeli spyware: reports
An Israeli firm accused of supplying spyware to governments has been linked to a list of tens of thousands of smartphone numbers, including those of activists, journalists, business executives and politicians around the world, according to reports.
The NSO Group and its Pegasus malware—capable of switching on a phone's camera or microphone, and harvesting its data—have been in the headlines since 2016, when researchers accused it of helping spy on a dissident in the United Arab Emirates.
Sunday's revelations—part of a collaborative investigation by The Washington Post, The Guardian, Le Monde and other media outlets—raise privacy concerns and reveal the far-reaching extent to which the private firm's software could be misused.
The leak consists of more than 50,000 smartphone numbers believed to have been identified as connected to people of interest by NSO clients since 2016, the news organizations said, although it was unclear how many devices were actually targeted or surveilled.
NSO has denied any wrongdoing, labelling the allegations "false."
On the list were 15,000 numbers in Mexico—among them reportedly a number linked to a murdered reporter—and 300 in India, including politicians and prominent journalists.
Last week, the Indian government—which in 2019 denied using the malware to spy on its citizens, following a lawsuit—reiterated that "allegations regarding government surveillance on specific people has no concrete basis or truth associated with it whatsoever."
The Post said a forensic analysis of 37 of the smartphones on the list showed there had been "attempted and successful" hacks of the devices, including those of two women close to Saudi journalist Jamal Khashoggi, who was murdered in 2018 by a Saudi hit squad.
Among the numbers on the list are those of journalists for Agence France-Presse, The Wall Street Journal, CNN, The New York Times, Al Jazeera, El Pais, the Associated Press, Le Monde, Bloomberg, The Economist, and Reuters, The Guardian said.
The use of the Pegasus software to hack the phones of Al Jazeera reporters and a Moroccan journalist has been reported previously by Citizen Lab, a research center at the University of Toronto, and Amnesty International.
Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty originally shared the leak with the newspapers.
Pocket spy
The Post said the numbers on the list were unattributed, but other media outlets participating in the project were able to identify more than 1,000 people in more than 50 countries.
They included several members of Arab royal families, at least 65 business executives, 85 human rights activists, 189 journalists and more than 600 politicians and government officials—including heads of state, prime ministers and cabinet ministers.
Many numbers on the list were clustered in 10 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates.
Pegasus is a highly invasive tool that can switch on a target's phone camera and microphone, as well as access data on the device, effectively turning a phone into a pocket spy. In some cases, it can be installed without the need to trick a user into initiating a download.
NSO issued a denial on Sunday that focused on the report by Forbidden Stories, calling it "full of wrong assumptions and uncorroborated theories," and threatening a defamation lawsuit.
"We firmly deny the false allegations made in their report," NSO said.
It said it was "not associated in any way" with the Khashoggi murder, adding that it sells "solely to law enforcement and intelligence agencies of vetted governments".
Roughly three dozen journalists at Qatar's Al-Jazeera network had their phones targeted by Pegasus malware, Citizen Lab reported in December, while Amnesty said in June the software was used by Moroccan authorities on the cellphone of Omar Radi, a journalist convicted over a social media post.
Founded in 2010 by Israelis Shalev Hulio and Omri Lavie, NSO Group is based in the Israeli hi-tech hub of Herzliya, near Tel Aviv.
Pegasus spyware affair 'completely unacceptable' if true: EU chief
European Commission chief Ursula von der Leyen said Monday the spyware scandal involving an Israeli software firm and up to 50,000 smartphone numbers was "completely unacceptable" if true.
"This has to be verified, but if it is the case, it is completely unacceptable," she told reporters in Prague.
Media outlets including The Washington Post, The Guardian and Le Monde drew links Sunday between the Israel-based NSO Group, accused of supplying spyware to governments, and a list of tens of thousands of smartphone numbers, including those of activists, journalists, business executives and politicians around the world.
Von der Leyen, who was in Prague to present a Czech post-COVID recovery plan worth 7 billion euros ($8.2 billion) approved by the EU, slammed the alleged attack on journalists' phones.
"Free press is one of the core values of the European Union," she said after meeting Czech Prime Minister Andrej Babis.
The NSO Group and its Pegasus malware—capable of switching on a phone's camera or microphone, and harvesting its data—have been in the headlines since 2016, when researchers accused it of helping spy on a dissident in the United Arab Emirates.
The leak consists of more than 50,000 smartphone numbers believed to have been identified as connected to people of interest by NSO clients since 2016, the news organizations said, although it was unclear how many devices were actually targeted or surveilled.
NSO has denied any wrongdoing.
Founded in 2010 by Israelis Shalev Hulio and Omri Lavie, NSO Group is based in the Israeli hi-tech hub of Herzliya, near Tel Aviv.
Pegasus spyware: how does it work?
Governments around the world are facing bombshell allegations that they used Israeli-made malware to spy on the phones of activists, journalists, corporate executives and politicians.
But how exactly does the Pegasus spyware work? How does it get onto people's phones—and what can it do once it's there?
How does Pegasus sneak its way onto a phone?
Researchers believe that early versions of the hacking software, first detected in 2016, used booby-trapped text messages to install itself onto the phones of targets.
The recipient would have to click on a link in the message in order for the spyware to download.
But this limited the chances of a successful installation—particularly as phone users have grown increasingly wary of clicking on suspicious links.
More recent versions of Pegasus, developed by the Israeli firm the NSO Group, have exploited weak spots in software commonly installed on mobiles.
In 2019 the messaging service WhatsApp sued NSO, saying it used one of these so-called "zero-day vulnerabilities" in its operating system to install the spyware on some 1,400 phones.
By simply calling the target through WhatsApp, Pegasus could secretly download itself onto their phone—even if they never answered the call.
More recently, Pegasus is reported to have exploited weaknesses in Apple's iMessage software.
That would potentially give it access to the one billion Apple iPhones currently in use—all without the owners needing to even click a button.
What does the malware do once it's installed?
"Pegasus is probably one of the most capable remote access tools there is," said Alan Woodward, cybersecurity professor at the University of Surrey in the UK.
"Think of it as if you've put your phone in someone else's hands."
It can be used to read the target's messages and emails, look through the photos they've taken, eavesdrop on their calls, track their location and even film them through their camera.
Pegasus' developers have got "better and better at hiding" all trace of the software, making it difficult to confirm whether a particular phone has been bugged or not, Woodward said.
That is why it remains unclear how many people have had their devices tapped, although new reports by international media say more than 50,000 phone numbers had been identified as being of interest to NSO clients.
However, Amnesty International's Security Lab, one of the organisations investigating Pegasus, said it had found traces of successful attacks on Apple iPhones as recently as this month
How did NSO develop such powerful spyware?
Multi-billion-dollar tech companies like Apple and Google invest vast amounts of cash each year in making sure they aren't vulnerable to hackers who could bring their systems crashing down.
They even offer "bug bounties" to hackers, paying handsome rewards if they warn the company about flaws in their software before they can be used to launch an attack.
Woodward said Apple, which prides itself on a reputation for security, had "made some fairly big efforts" to identify weak spots.
But "inevitably there will be one or two" flaws in such complex software.
Analysts also believe NSO, whose staff includes elite former members of the Israeli military, likely keeps a close eye on the dark web, where hackers frequently sell information about security flaws they have found.
"It's also worth saying that not everyone has an up-to-date phone with up-to-date software on it," Woodward added.
"Some of the old vulnerabilities that Apple has closed down, and which Google have closed down with Android—they can still be out there."
Is it possible to remove the spyware?
Since it's extremely difficult to know for sure if your phone is carrying the malware, it's also difficult to know definitively that it has been removed.
Woodward said Pegasus may install itself onto the phone's hardware or into its memory, depending on the version.
If it's stored in the memory, rebooting the phone could in theory wipe it off—so he recommended that people at risk of being targeted, such as business leaders and politicians, regularly switch their devices off and on again.
"It sounds like overkill to a lot of people, but there is anti-malware software out there for mobile devices," he added.
"If you're someone at risk, you probably want to have some anti-malware software installed on your phone."
Spyware campaign targeted journalists, activists: researchers
A spyware campaign using tools from a secretive Israeli firm was used to attack and impersonate dozens of human rights activists, journalists, dissidents, politicians and others, researchers said Thursday.
Statements from Microsoft security researchers and the University of Toronto's Citizen Lab said powerful "cyberweapons" were being used in precision attacks targeting more than 100 victims around the world.
Microsoft said it patched this week the vulnerability exploited by the group, known by the names Candiru and Sourgum.
Citizen Lab said in a blog post that "Candiru is a secretive Israel-based company that sells spyware exclusively to governments," which can then use it to "infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts."
"We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities," Citizen Lab said.
Microsoft observed at least 100 victims in the Palestinian territories, Israel, Iran, Lebanon, Yemen, Spain, Britain, Turkey, Armenia and Singapore.
The US tech firm said it moved to thwart the attacks with Windows software updates that prevent Candiru from delivering its malware.
"Microsoft has created and built protections into our products against this unique malware, which we are calling DevilsTongue," a Microsoft statement said.
"We have shared these protections with the security community so that we can collectively address and mitigate this threat."
According to Microsoft, DevilsTongue was able to infiltrate popular websites such as Facebook, Twitter, Gmail, Yahoo and others to collect information, read the victim's messages and retrieve photos.
"DevilsTongue can also send messages as the victim on some of these websites, appearing to any recipient that the victim had sent these messages," said the statement from Microsoft Threat Intelligence Center.
"The capability to send messages could be weaponized to send malicious links to more victims."
Citizen Lab researchers found evidence the spyware can exfiltrate private data from a number of apps and accounts, including Gmail, Skype, Telegram and Facebook.
It can also capture browsing history and passwords, as well as turn on the target's webcam and microphone, according to the findings.
Citizen Lab said the Israeli firm's current name is Saito Tech Ltd, and that it has some of the same investors and principals as NSO Group, another Israeli firm under scrutiny for surveillance software.
© 2021 AFP
No comments:
Post a Comment