Monday, November 08, 2021

Report: NSO spyware found on 6 Palestinian activists’ phones

By FRANK BAJAK and JOSEPH KRAUSS

1 of 4
FILE - A logo adorns a wall on a branch of the Israeli NSO Group company, near the southern Israeli town of Sapir, Aug. 24, 2021. The cellphones of six Palestinian human rights activists were infected with spyware from the notorious Israeli hacker-for-hire company NSO Group as early as July 2020, a security researcher discovered just days before Israel’s defense minister branded some of their employers terrorist organizations. It was the first time the military-grade Pegasus spyware was known to have been used against Palestinian civil society activists. (AP Photo/Sebastian Scheiner, File)


JERUSALEM (AP) — Security researchers disclosed Monday that spyware from the notorious Israeli hacker-for-hire company NSO Group was detected on the cellphones of six Palestinian human rights activists, half affiliated with groups that Israel’s defense minister controversially claimed were involved in terrorism.

The revelation marks the first known instance of Palestinian activists being targeted by the military-grade Pegasus spyware. Its use against journalists, rights activists and political dissidents from Mexico to Saudi Arabia has been documented since 2015.

A successful Pegasus infection surreptitiously gives intruders access to everything a person stores and does on their phone, including real-time communications.

It’s not clear who placed the NSO spyware on the activists’ phones, said the researcher who first detected it, Mohammed al-Maskati of the nonprofit Frontline Defenders.

Shortly after the first two intrusions were identified in mid-October, Israeli Defense Minister Benny Gantz declared six Palestinian civil society groups to be terrorist organizations. Ireland-based Frontline Defenders and at least two of the victims say they consider Israel the main suspect and believe the designation may have been timed to try to overshadow the hacks’ discovery, though they have provided no evidence to substantiate those assertions.

Israel has provided little evidence publicly to support the terrorism designation, which the Palestinian groups say aims to dry up their funding and muzzle opposition to Israeli military rule. Three of the hacked Palestinians work for the civil society groups. The others do not, and wish to remain anonymous, Frontline Defenders says.


The forensic findings, independently confirmed by security researchers from Amnesty International and the University of Toronto’s Citizen Lab in a joint technical report, come as NSO Group faces growing condemnation over the abuse of its spyware and Israel takes heat for lax oversight of its digital surveillance industry.

Last week, the Biden administration blacklisted the NSO Group and a lesser-known Israeli competitor, Candiru, barring them from U.S. technology.

Asked about the allegations its software was used against the Palestinian activists, NSO Group said in a statement that it does not identify its customers for contractual and national security reasons, is not privy to whom they hack and sells only to government agencies for use against “serious crime and terror.”

An Israeli defense official said in a brief statement that the designation of the six organizations was based on solid evidence and that any claim it is related to the use of NSO software is unfounded. The statement had no other details, and officials declined requests for further comment. The official spoke on condition of anonymity to discuss security matters.

Israel’s Defense Ministry approves the export of spyware produced by NSO Group and other private Israeli companies that recruit from the country’s top cyber-capable military units. Critics say the process is opaque.

It’s not known precisely when or how the phones were violated, the security researchers said. But four of the six hacked iPhones exclusively used SIM cards issued by Israeli telecom companies with Israeli +972 area code numbers, said the Citizen Lab and Amnesty researchers. That led them to question claims by NSO Group that exported versions of Pegasus cannot be used to hack Israeli phone numbers. NSO Group has also said it doesn’t target U.S. numbers.

Among those hacked was Ubai Aboudi, a 37-year-old economist and U.S. citizen. He runs the seven-person Bisan Center for Research and Development in Ramallah, in the Israeli-occupied West Bank, one of the six groups Gantz slapped with terrorist designations on Oct. 22.

The other two hacked Palestinians who agreed to be named are researcher Ghassan Halaika of the Al-Haq rights group and attorney Salah Hammouri of Addameer, also a human rights organization. The other three designated groups are Defense for Children International-Palestine, the Union of Palestinian Women’s Committees and the Union of Agricultural Work Committees.

Aboudi said he lost “any sense of safety” through the “dehumanizing” hack of a phone that is at his side day and night and holds photos of his three children. He said his wife, the first three nights after learning of the hack, “didn’t sleep from the idea of having such deep intrusions into our privacy.”

He was especially concerned about eavesdroppers being privy to his communications with foreign diplomats. The researchers’ examination of Aboudi’s phone determined it was infected by Pegasus in February.

Aboudi accused Israel of “sticking the terrorist logo” on the groups after failing to persuade European governments and others to cut off financial support.

Israel says the groups are linked to the Popular Front for the Liberation of Palestine, a leftist political faction with an armed wing that has killed Israelis. Israel and Western governments consider the PFLP a terror group. Aboudi served a 12-month sentence last year after being convicted of charges of involvement in the PFLP but denies ever belonging to the group.

Tehilla Shwartz Altshuler, a legal expert at the Israel Democracy Institute, called the findings “really disturbing,” especially if it is proven that Israel’s security agencies, who are largely exempt from the country’s privacy laws, have been using NSO Group’s commercial spyware.

“This actually complicates the relationship of the government with NSO,” said Altshuler, if the government is indeed both a client and regulator in a relationship conducted under secrecy.

Aboudi, along with representatives from Al-Haq and Addameer, held a press conference in the occupied West Bank on Monday in which they condemned the hacks as an attack on civil society. Addameer director Sahar Francis called for an international investigation.

“Of course we are not going to close our organizations,” Francis said. “We will continue our work, continue providing services.”

The executive director of Frontline Defenders, Andrew Anderson, said the NSO Group cannot be trusted to ensure its spyware is not used illegally by its customers and says Israel should face international reproach if it does not bring the company to heel.

“If the Israeli government refuses to take action then this should have consequences in terms of the regulation of trade with Israel,” he said via email.

Al-Maskati, the researcher who discovered the hacks, said he was first alerted on Oct. 16 by Halaika, whose phone was determined to have been hacked in July 2020. Al-Haq engages in sensitive communications with the International Criminal Court, among others, involving alleged human rights abuses.

“As human rights defenders living under occupation, we expect it was the (Israeli) occupation,” Halaika said when asked who he believed was behind the hack.

The phone of the third named hacking victim, Hammouri, was apparently compromised in April, the researchers said. A dual French national living in Jerusalem, Hammouri previously served a seven-year sentence for security offenses, and Israel considers him a PFLP operative, allegations he denies.

Hammouri declined to speculate who was behind the hack, saying “we have to determine who had the ability and who had the motive.”

After Halaika alerted him, Al-Maskati said he scanned 75 phones of Palestinian activists, finding the six infections. He could not determine how the phones were hacked, he said, though the timeline of evidence encountered indicated the use of a so-called “iMessage zero-click” exploit NSO Group used on iPhones. The exploit is highly effective, requiring no user intervention, as phishing attempts typically do.

Facebook has sued NSO Group over the use of a somewhat similar exploit that allegedly intruded via its globally popular encrypted WhatsApp messaging app.

A snowballing of new revelations about the hacking of public figures — including Hungarian investigative journalists, the fiancĂ©e of slain Saudi journalist Jamal Khashoggi and an ex-wife of the ruler of Dubai — has occurred since a consortium of international news organizations reported in July on a list of possible NSO Group surveillance targets. The list was obtained from an unnamed source by Amnesty International and the Paris-based journalism nonprofit Forbidden Stories. Among those listed was an Associated Press journalist.

From that list of 50,000 phone numbers, reporters from various news organizations were able to confirm at least 47 additional successful hacks, the Washington Post has reported.NSO Group denied ever maintaining such a list.

Bajak reported from Lima, Peru.


Key events in hacking of Palestinian activists’ phones


FILE - Shawan Jabarin, right, director of the al-Haq human rights group, speaks during a rare meeting of solidarity between leaders from Israeli human rights organizations and representatives from six Palestinian human rights groups outlawed by Israel, in the West Bank city of Ramallah, Oct. 27, 2021. The cellphones of six Palestinian human rights activists were infected with spyware from the notorious Israeli hacker-for-hire company NSO Group as early as July 2020, a security researcher discovered just days before Israel’s defense minister branded some of their employers terrorist organizations, including al-Haq. It was the first time the military-grade Pegasus spyware was known to have been used against Palestinian civil society activists. 
(AP Photo/Majdi Mohammed, File)


JERUSALEM (AP) — Revelations on Monday that six Palestinian activists had their phones infected with software developed by the Israeli hacker-for-hire company NSO Group came as Israel has ramped up pressure on civil society organizations it says are linked to terrorism.

Three of the six activists worked for Palestinian human rights groups that Israel designated as terrorist organizations last month. Israel says the groups are linked to the Popular Front for the Liberation of Palestine, a leftist political faction with an armed wing that has killed Israelis.

The Palestinian rights groups say the terror designations are aimed at muzzling opposition to Israel’s 54-year occupation of territories the Palestinians want for a future state. They deny links to terror and have called for an international investigation into the hacking.

It’s not known who placed the spyware on the phones. Israel says there’s no connection between the terror designation of the six rights groups — which it says is based on solid evidence — and any alleged use of NSO spyware.

NSO Group says it provides tools to help security agencies fight crime and terrorism. It does not disclose its clients and says it is not privy to details about who they target. Its software has been implicated in the hacking of activists, journalists and other public figures across the globe.

Here is a timeline of recent events:


Oct. 16: The Al-Haq human rights group, one of the six organizations that would later be branded a terror organization, approaches nonprofit Frontline Defenders regarding phone hacking suspicions. A forensic investigation of a device reveals indications of the NSO Group’s Pegasus spyware.

Oct. 17: Frontline Defenders meets with other Palestinian organizations to inform them about the hacking and asks to investigate additional devices.

Oct. 22: Israel outlaws the six groups, saying they are a front for the PFLP. The groups are: Al-Haq, which was founded in 1979, as well as the Addameer rights group, Defense for Children International-Palestine, the Bisan Center for Research and Development, the Union of Palestinian Women’s Committees and the Union of Agricultural Work Committees.

Oct. 29: Frontline Defenders confirms six phones are infected with Pegasus software. The findings have been independently confirmed by Citizen Lab at the University of Toronto and by Amnesty International.

Nov. 3: The U.S. announces new restrictions on NSO Group that limit its access to American technology, saying the Israeli firm’s tools have been used to “conduct transnational repression.” The company says it will advocate for a reversal.

Nov. 4: Local media disclose a 74-page Israeli dossier on the Palestinian rights groups that was prepared in May and apparently aimed at persuading European donors to stop funding them. The dossier contains little concrete evidence and seems to have failed to convince donors.

Nov. 8: Frontline Defenders announces its findings. Palestinian rights groups condemn the phone hacking as an attack on civil society and call for an international investigation.



No comments:

Post a Comment