Wednesday, January 19, 2022

 NSO pegasus spywarePegasus Spyware Scandal Escalates, Raising Pressure On Polish Government – Analysis

By 

New evidence emerged at a Senate hearing and in media reports about the Polish government’s alleged use of the Pegasus spyware against both the opposition and the ruling Law and Justice party’s own former allies.

By Claudia Ciobanu

The Polish Central Anti-Corruption Bureau, CBA purchased the controversial Pegasus spyware in 2017 with money from a Ministry of Justice special fund, which is illegal in Poland, according to evidence presented on Tuesday during a Senate hearing into the use of the surveillance technology in the country.

Senator Krzysztof Kwiatkowski, the former head of Poland’s Supreme Audit Office presented a series of documents during the hearing which indicated that the Ministry of Justice paid 25 million zloty (about 5.5 million euros) from a victims’ support fund to the Central Anti-Corruption Bureau back in 2017, with the express purpose of purchasing technical equipment for combatting crime. Kwiatkowski said that the technology that was purchased as a result was the Pegasus software.

Kwiatkowski said that the Audit Office had already pointed out in 2018 that the expenditure was illegal according to Polish law, because such purchases by the CBA should come from the state budget and face proper parliamentary scrutiny.

Marcin Bosacki, the opposition senator heading Tuesday’s hearing, said the way the purchase was carried out indicates the governing Law and Justice, PiS party’s intention to keep the spyware secret.

“The CBA at the time functioned as the private secret services of PiS,” Bosacki said.

The evidence presented during the hearing indicated that high-level figures in the PiS government were coordinating the purchase of the spyware back in 2017.

Clients who buy the Pegasus software can use it to infect targets’ phones, access any information on the devices and even other devices linked to it, and turn the phone into a spying tool by controlling its camera and microphone.

What has been revealed so far about the identity of the targets in Poland has seemed to back up the allegation that the governing party used the spyware to serve its political goals.

In December 2021, Citizen Lab, a cybersecurity unit at the University of Toronto, Canada, named some of the targets of the Pegasus spyware in Poland. The names included prosecutor Ewa Wrzosek and high-profile lawyer Roman Giertych, both of whom have been critical of the PiS government, and opposition parliamentarian Krzysztof Brejza.

In the first part of the Senate hearing on Monday, Citizen Lab senior researcher John Scott-Railton said that the spyware targeting of Brejza, which took place in 2019, was “very complex” and “one of the most aggressive forms of attack” that Citizen Lab, which studies the use of Pegasus across the world, had seen.

Scott-Railton compared the use of Pegasus in Poland to surveillance methods deployed by the Russian state.

According to experts, Brejza’s phone was attacked 33 times in 2019, during a period when the politician was coordinating the electoral campaign of the biggest opposition force in Poland, the Civic Coalition.

Bosacki, the head of the Senate commission, said that one of the goals of the hearings was to determine whether the hacking of Brejza’s phone had an impact on the outcome of the 2019 parliamentary vote, adding that a country was no longer a democracy if secret services could determine the results of elections.

The Polish Senate, the upper house of parliament which is narrowly controlled by the opposition, established the commission after the PiS-controlled lower house, the Sejm, refused to investigate the matter earlier this month. A Sejm commission would have had more power, being able to force witnesses to appear and demand prosecutions.

Targets ‘include ruling party’s ex-spokesperson’

On Tuesday morning, Gazeta Wyborcza newspaper quoted an unnamed source involved in the purchase of Pegasus, who claimed that the first contract signed by the Polish authorities in 2017 for the purchase of spyware included 40 licences, which would allow 40 different people to be put under surveillance.

Gazeta Wyborcza’s source was formerly an employee of Matic Sp., the Polish firm which acted as an intermediary in the purchase of Pegasus by the CBA from the software’s Israeli producer, NSO Group.

According to Gazeta Wyborcza’s sources, the list of Pegasus targets includes several former PiS allies. The first to come under attack chronologically, said the sources, was Adam Hoffman, a former PiS parliamentarian and spokesman for the party, who later quit PiS, went into business and secured some contracts with state companies.

Other targets named by the newspaper are former influential PiS allies whose relationships with the governing party went sour over time.

In early January, following the Citizen Lab revelations and some initial ambiguity from PiS, party leader Jaroslaw Kaczynski admitted that the Polish government owned the spyware but denied using it to target the opposition.

“It would be unfortunate if Poland’s secret services were not equipped with such a surveillance tool,” Kaczynski told right-wing magazine Sieci.

“But I can only emphasise that the opposition’s stories that Pegasus was used for political purposes are nonsense,” he added.

“These findings are shocking but not surprising,” human rights groups Amnesty International, which confirmed the spying of Brejza using its own resources, said in a public statement January 7. “They raise serious concerns not only for politicians, but for the whole of Poland’s civil society in general, particularly given the context of the government’s record of persistently subverting human rights and the rule of law.”

“These revelations demonstrate yet again why there is an urgent need for a commitment from governments to stop any forms of surveillance that breaches human rights and the need for a global moratorium on the export, sale, transfer and use of surveillance equipment, until a robust human rights-compliant regulatory framework is in place,” Amnesty International urged.

Further hearings on the Pegasus issue are planned at the Senate, and a commission is expected to issue a report and recommendations, which could involve proposals for new legislative controls over the security services.




Balkan Insight
The Balkan Insight (fornerkt the Balkin Investigative Reporting Network, BIRN) is a close group of editors and trainers that enables journalists in the region to produce in-depth analytical and investigative journalism on complex political, economic and social themes. BIRN emerged from the Balkan programme of the Institute for War & Peace Reporting, IWPR, in 2005. The original IWPR Balkans team was mandated to localise that programme and make it sustainable, in light of changing realities in the region and the maturity of the IWPR intervention. Since then, its work in publishing, media training and public debate activities has become synonymous with quality, reliability and impartiality. A fully-independent and local network, it is now developing as an efficient and self-sustainable regional institution to enhance the capacity for journalism that pushes for public debate on European-oriented political and economic reform.

British Gas pension money used for buying Israeli spyware NSO Group


January 18, 2022

A British Gas sign on January 02, 2022 in Leicester, England [Nathan Stirk/Getty Images]

January 18, 2022 

Pension money for staff at the energy company, British Gas, was used for buying shares in the Israeli spyware developer, NSO Group, which was responsible for the hacking of tens of thousands of people's devices over the years, a report has revealed.

According to the Financial Times newspaper, the retirement investment fund and parent company of British Gas – Centrica – was one of the largest contributors to an investment stake in the NSO Group in 2019.


That contribution amounted to a staggering 1 billion euros, with Centrica's fund also having allocated the pension wealth to a private equity fund raised by another firm named Novalpina Capital, which owns a 70 per cent stake in NSO Group.

The paper cited two people with knowledge on the matter as saying that Centrica's Combined Common Investment Fund has a seat on a committee of Novalpina's biggest investors, each of whom contributes tens of millions of euros, at the very least.

The NSO Group has been made infamous over the past few years due to its hacking scandals, particularly in July last year when the University of Toronto's internet watchdog, Citizen Lab, exposed its client governments' misuse of the Pegasus spyware through the hacking of around 50,000 phones and devices belonging to journalists, human rights activists and political critics worldwide.

British Gas's staff pensions going towards a company implicated in such scandals – especially in a company blacklisted by the United States – is seen as being directly linked to human rights abuse and the misuse of spyware by various governments.

This is not the first time pension money has been used to buy shares in such companies, with Amnesty International in October addressing a number of other retirement funds for contributing to Novalpina's fund. Those firms included two American ones, Oregon's public employee retirement system and Alaska's $81bn permanent funds, and two English local government ones, East Riding Pension Fund and the South Yorkshire Pensions Authority.


Israel's State Comptroller to probe use of Pegasus to spy on citizens

January 18, 2022 

Israeli demonstrators, dressed in black and wearing protective face masks, take part in a "Black Flag" demonstration outside the Israeli parliament (Knesset) in Jerusalem on April 30, 2020 [AHMAD GHARABLI/AFP via Getty Images]

January 18, 2022

Israel's State Comptroller, Matanyahu Englman, and Privacy Authority said, on Tuesday, that they would probe Israeli police over claims of using NSO Group's Pegasus hacking technology against citizens and protesters in Israel.

Israeli business news outlet, the Calcalist, reported on Tuesday morning that Israeli police have, for years, been making widespread use of the spyware against Israeli civilians.


Israel's Pegasus spyware global weapon to silence critics?
 – Cartoon [Sabaaneh/MiddleEastMonitor]

The Calcalist also said that the police spied on people not suspected of crimes, exploited a legal loophole and kept the surveillance under tight secrecy without oversight by a court or a judge.

Englman said that the use of such espionage devices "raises questions of balance between their usefulness and the violation of the right to privacy and other freedoms."

Israel Police Chief, Kobi Shabtai, admitted using the notorious spyware against Israeli citizens, but promised that everything was done with the appropriate warrants and oversight.

Meanwhile, he denied using the spyware against anti-Netanyahu activists, anti-government protesters, or other activists.

"These kinds of tools were not used against Black Flag [anti-Netanyahu] demonstrators, the phones of heads of municipalities or to track anti-pride parade activists," Shabtai was quoted by the Times of Israel saying.

He claimed that such a tool is "one of the most controlled and supervised areas by all legal entities both inside and outside the police."

However, Israeli Channel 12, according to The Jerusalem Post, reported the police saying it used the technology of the company, Cellebrite, to hack a Black Flag protester's cell phone.


Israeli Police Under Fire Over Reported Use of Pegasus to Hack Israelis

by Reuters and Algemeiner Staff
JANUARY 18, 2022 

An aerial view shows the logo of Israeli cyber firm NSO Group at one of its branches in the Arava Desert, southern Israel July 22, 2021. Picture taken with a drone. REUTERS/Amir Cohen

Israel’s parliament will seek an explanation from police over the force’s reported use of a controversial hacking tool against citizens of the country, a senior legislator said on Tuesday.

Without citing sources, the Calcalist financial daily said police have possessed the Pegasus spyware made by Israel’s NSO Group — which is now on a US government blacklist — since 2013.

Calcalist said the police used it against targets including anti-government protest leaders, sometimes without the required court warrants.

The report added a new domestic angle to global pressure on Israel following allegations that Pegasus has been abused by some foreign client governments to spy on human rights activists, journalists and politicians.

Israeli and American missile defense agencies completed a “successful” flight test on Tuesday of the Arrow-3 weapon system, which was...

Responding to the Calcalist report, Police Commissioner Kobi Shabtai said the force had acquired third-party cyber technology, but he stopped short of confirming or denying any usage of Pegasus.

All such monitoring activity, he said in a statement, “is carried out according to law … (and) for example, in the case of covert listening, a request is filed with a court, which examines the matter”.

He denied the newspaper’s report that police had used spyware against, among others, leaders of so-called “Black Flag” protests last year that demanded the resignation of then-Prime Minister Benjamin Netanyahu, who is on trial on corruption charges he denies.

On Israel’s Channel 12 TV news, legislator Meirav Ben Ari said the parliamentary public security committee she chairs would convene as early as next week to question police about the Calcalist report.

“Many members of parliament have approached me today. This is a very disturbing incident, raising concerns about violation of privacy and democracy as a whole,” Ben Ari said. “The police, as they do whenever they come to my hearings, will explain.”

SPYWARE CUSTOMERS


NSO said it could not confirm or deny any existing or potential customers. It said it does not operate the system once sold to its governmental customers nor is it involved in any way in the system’s operation.

“NSO sells its products under license and regulation to intelligence and law enforcement agencies to prevent terror and crime under court orders and the local laws of their countries,” it said.

Last month, a group of US lawmakers asked the Treasury Department and State Department to sanction NSO and three other foreign surveillance companies they say helped authoritarian governments commit human rights abuses.

In November, Apple sued NSO, saying that it violated US laws by breaking into the software installed on iPhones.

NSO has also faced either legal action or criticism from Microsoft Corp, Facebook parent Meta Platforms Inc, Google parent Alphabet Inc and Cisco Systems Inc.

No comments: