Thursday, November 25, 2021

MAKE SOME POPCORN FOR THIS ONE —
Apple sues Israeli spyware group NSO

"Egregious, deliberate, and concerted effort" to target and attack iPhone users.


HANNAH MURPHY, PATRICK MCGEE, AND MEHUL SRIVASTAVA, FT
- 11/24/2021, 
ARTS TECHNICA

 / A man walks by the building entrance of Israeli cyber company
 NSO Group at one of its branches in the Arava Desert on November 11, 2021, in Sapir, Israel.
Amir Levy | Getty Images

Apple is suing NSO Group Technologies, the Israeli military-grade spyware manufacturer that created surveillance software used to target the mobile phones of journalists, political dissidents, and human rights activists, to block it from using Apple products.

The iPhone maker’s lawsuit, filed on Tuesday in federal court in California, alleged that NSO, the largest known Israeli cyber warfare company, had spied on and targeted Apple users. It is seeking damages as well as an order stopping NSO from using any Apple software, device, or services.

NSO develops and sells its spyware, known as Pegasus, which exploits vulnerabilities in iPhones and Android smartphones and allows those who deploy it to infiltrate a target’s device unnoticed.

Apple’s suit provided new details about a recently patched vulnerability, nicknamed FORCEDENTRY, that was used by NSO’s clients for about eight months to deliver code to an unspecified number of targets.

NSO said its software had saved “thousands of lives . . . around the world” and that its technology helped governments “catch paedophiles and terrorists.”

The company has never provided any evidence to back up those claims, citing confidentiality agreements with the government agencies that NSO sells to with the approval of the Israeli authorities.

It has recently appealed to the Israeli government to help lobby the White House to remove NSO from a US Department of Commerce blacklist for selling a technology that has resulted in “transnational repression,” according to two people familiar with the request.Advertisement


It is not known if the Israeli government has acted on that request.

The US government announced this month that it had added NSO Group and rival Tel Aviv-based Candiru to the trade blacklist, which would restrict exports of US hardware and software to the companies, as it cracks down on the global hacking-for-hire industry.

Apple’s lawsuit comes as Moody’s cut NSO’s debt two notches to eight levels below investment grade, indicating a high risk of default on $500 million in loans.

The company had fully drawn down a bank credit line, Moody’s said, and tight liquidity meant NSO could breach a covenant on its debt, leading to a default.

Pegasus was revealed in July to have been used to target smartphones belonging to dozens of journalists, human rights activists, and politicians, according to an investigation by a consortium of newspapers.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” Craig Federighi, Apple’s senior vice-president of software engineering, said in a statement. “Apple devices are the most secure consumer hardware on the market—but private companies developing state-sponsored spyware have become even more dangerous.”

Apple’s complaint comes just weeks after the US Court of Appeals for the Ninth Circuit held that NSO and its parent company Q Cyber were not sovereign entities and therefore were not shielded from an earlier lawsuit brought by Facebook accusing NSO of targeting users of its WhatsApp messaging service.

In the complaint, Apple called NSO a group of “notorious” and “amoral” hackers that act as “mercenaries” creating cyber-surveillance machinery “that invites routine and flagrant abuse” for commercial gain.

The US company accused NSO of violating multiple federal and state laws “arising out of their egregious, deliberate, and concerted efforts in 2021 to target and attack Apple customers.”

FURTHER READING  Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware

Apple issued an emergency software update in September after a vulnerability from Pegasus was exposed by researchers at the University of Toronto’s Citizen Lab.

Apple suing 'hacker-for-hire' firm NSO that Canadian cyber watchdog Citizen Lab warned them about

Pegasus spyware has been used to target Apple products

Cybersecurity experts say NSO is a dangerous menace, not the 'lawful interception' it claims to be. (Mark Lenniha/The Associated Press)

Tech giant Apple announced Tuesday it is suing Israel's NSO Group, the world's most infamous hacker-for-hire company for creating and selling software designed to break into their devices.

The tech giant said in a complaint filed in federal court in California that NSO Group employees are "amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse."

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," said Craig Federighi, Apple's senior vice-president of software engineering.

The move by Apple comes after cybersecurity watchdog group Citizen Lab, at the University of Toronto, warned Apple of a vulnerability in its software that could allow a type of spyware called Pegasus to infect Apple devices without the user doing anything or knowing about it.

How Pegasus works

Security researchers have found Pegasus being used around the world to break into the phones of human rights activists, journalists and even members of the Catholic clergy.

Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously controls the smartphone's microphones and cameras. Researchers have found several examples of NSO Group tools using so-called "zero click" exploits that infect targeted mobile phones without any user interaction.

NSO claims it created the spyware for legitimate law enforcement purposes, but cybersecurity experts have long suspected the company has no qualms about who or what it sells its services to.

"It is important for all of us to have awareness of what NSO Group has been up to," said Chester Wisniewski, principal research scientist at security firm Sophos, in an interview with CBC News. 

"Those of us who look into spyware, which is ultimately what NSO Group produces, have suspected them of doing this for years."

The hacker company did not immediately respond to a request for comment.

"Mercenary spyware firms like NSO Group have facilitated some of the world's worst human rights abuses and acts of transnational repression while enriching themselves and their investors," Citizen Lab's director Ron Deibert said in a statement. "They claim they are selling a carefully controlled "lawful interception" tool, but in reality what they are providing is despotism-as-a-service."

Wisniewski agrees that Citizen Lab deserves some credit, both for finding the proof of what NSO was up to and drawing attention to it by bringing the focus to such a high profile company such as Apple.

"If Citizen Lab hadn't done the work they had done, Apple probably wouldn't be as upset about it, and therefore they wouldn't have done anything," he said.

Exiled NSA contractor Edward Snowden also credited Citizen Lab with shining a light on the issue.

Growing list of lawsuits

It's the latest blow to the hacking firm, which was recently blacklisted by the U.S. Commerce Department and is currently being sued by social media giant Facebook.

The Biden administration announced this month that NSO Group and another Israeli cybersecurity firm called Candiru were being added to the "entity list," which limits their access to U.S. components and technology by requiring government permission for exports.

Apple also announced Tuesday that it was donating $10 million US, as well as any damages won in the NSO Group lawsuit, to cybersurveillance researchers and advocates.

While he welcomes Apple's move, Wisniewski says it ultimately probably won't solve the problem. 

"It's unlikely to have any effect whatsoever on NSO Group continuing to do what they do," he said. "It's not going to stop them from producing spy tools and continuing to sell them to governments."


No comments: