Posts Tagged ‘NSO Group’

NSO’s Pegasus spyware now really in the firing line

July 21, 2021

Frank Andrews in the Middle East Eye of 20 July 2021 tracks the history of the unhealthy story to which also thsi blog has regularly paid attention: see https://humanrightsdefenders.blog/tag/nso-group/

Claims made this week that the Israeli company’s Pegasus spyware technology has been used to surveil 50,000 phones – belonging to heads of state, journalists, human rights defenders, political opponents and more – may be the highest-profile accusations against the firm, but they are not the first.

Pegasus, which infects phones with spyware through various means, has proven to be a boon to digital authoritarians wanting to track anyone perceived as critical of their rule. It has also been the subject of numerous lawsuits and legal complaints.

It begun in August 2016, when the United Arab Emirates was found to be tracking the iPhone of Emirati human rights activist Ahmed Mansoor using Pegasus spyware, according to a report by Citizen Lab and Lookout Security. [see also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Geneva experts on cybersecurity and digital governance tell Geneva Solutions what citizens must do to stem the erosion of our right to privacy.

U.N. High Commissioner for Human Rights Michelle Bachelet, in a statement, said that the revelations “are extremely alarming, and seem to confirm some of the worst fears about the potential misuse of surveillance technology to illegally undermine people’s human rights.” See statement by @UNHumanRights Chief @mbachelet: https://ohchr.org/EN/NewsEvents/

https://www.middleeasteye.net/news/israel-pegasus-spyware-nso-group-history-accusations-denials

https://www.rawstory.com/as-un-human-rights-chief-urges-stricter-rules-snowden-calls-for-end-to-spyware-trade/https://www.rawstory.com/as-un-human-rights-chief-urges-stricter-rules-snowden-calls-for-end-to-spyware-trade/

https://indianexpress.com/article/explained/the-making-of-pegasus-from-startup-to-spy-tech-leader-israel-invasive-spyware-7414370/

New investigation shows global reach of NSO Group’s spyware

July 5, 2021

On 3 July 2021, a new interactive online platform by Forensic Architecture, supported by Amnesty International and the Citizen Lab, maps for the first time the global spread of the notorious spyware Pegasus, made by cyber-surveillance company NSO Group.

‘Digital Violence: How the NSO Group Enables State Terror’ documents digital attacks against human rights defenders around the world, and shows the connections between the ‘digital violence’ of Pegasus spyware and the real-world harms lawyers, activists, and other civil society figures face.   NSO Group is the worst of the worst in selling digital burglary tools to players who they are fully aware actively and aggressively violate the human rights of dissidents, opposition figures, and journalists. Edward Snowden, President of Freedom of the Press Foundation.

NSO Group is a major player in the shadowy surveillance industry. The company’s Pegasus spyware has been used in some of the most insidious digital attacks on human rights defenders. When Pegasus is surreptitiously installed on a person’s phone, an attacker has complete access to a phone’s messages, emails, media, microphone, camera, calls and contacts. For my earlier posts on NSO see: https://humanrightsdefenders.blog/tag/nso-group/

“The investigation reveals the extent to which the digital domain we inhabit has become the new frontier of human rights violations, a site of state surveillance and intimidation that enables physical violations in real space,” said Shourideh C. Molavi, Forensic Architecture’s Researcher-in-Charge. 

Edward Snowden narrates an accompanying video series which tell the stories of human rights activists and journalists targeted by Pegasus. The interactive platform also includes sound design by composer Brian Eno. A film about the project by award-winning director Laura Poitras will premiere at the 2021 Cannes Film Festival later this month.

The online platform is one of the most comprehensive databases on NSO-related activities, with information about export licenses, alleged purchases, digital infections, and the physical targeting of activists after being targeted with spyware, including intimidation, harassment, and detention. The platform also sheds light on the complex corporate structure of NSO Group, based on new research by Amnesty International and partners.

For years, NSO Group has shrouded its operations in secrecy and profited from working in the shadows. This platform brings to light the important connections between the use of its spyware and the devastating human rights abuses inflicted upon activists and civil society,” said Danna Ingleton, Deputy Director of Amnesty Tech.

Amnesty International’s Security Lab and Citizen Lab have repeatedly exposed the use of NSO Group’s Pegasus spyware to target hundreds of human rights defenders across the globe. Amnesty International is calling on NSO Group to urgently take steps to ensure that it does not cause or contribute to human rights abuses, and to respond when they do occur. The cyber-surveillance must carry out adequate human rights due diligence and take steps to ensure that human rights defenders and journalists do not continue to become targets of unlawful surveillance.

In October 2019, Amnesty International revealed that Moroccan academic and activist, Maati Monjib’s phone had been infected with Pegasus spyware. He continues to face harassment by the Moroccan authorities for his human rights work. In December 2020, Maati Monjib was arbitrarily detained before being released on parole on 23 March 2021.

Maati Monjib, tells his story in one of the short films, and spoke of the personal toll following the surveillance, “The authorities knew everything I said. I was in danger. Surveillance is very harming for the psychological wellbeing of the victim. My life has changed a lot because of all these pressures.”

Amnesty International is calling for all charges against Maati to be dropped, and the harassment against him and his family by the Moroccan authorities to end.

To find out more visit digitalviolence.org

https://www.amnesty.org/en/latest/news/2021/07/investigation-maps-human-rights-harm-of-nso-group-spyware/

https://www.techradar.com/news/spyware-toolkit-used-by-governments-hackers-to-break-into-windows-machines

Tech giants join legal battle against NSO

December 22, 2020

Raphael Satter reports on 22 December 2020 for Reuters that tech giants Google, Cisco and Dell on Monday joined Facebook’s legal battle against hacking company NSO, filing an amicus brief in federal court that warned that the Israeli firm’s tools were “powerful, and dangerous.”

The brief, filed before the U.S. Court of Appeals for the Ninth Circuit, opens up a new front in Facebook’s lawsuit against NSO, which it filed last year after it was revealed that the cyber surveillance firm had exploited a bug in Facebook-owned instant messaging program WhatsApp to help surveil more than 1,400 people worldwide. See also: https://humanrightsdefenders.blog/2020/07/20/the-ups-and-downs-in-sueing-the-nso-group/

NSO has argued that, because it sells digital break-in tools to police and spy agencies, it should benefit from “sovereign immunity” – a legal doctrine that generally insulates foreign governments from lawsuits. NSO lost that argument in the Northern District of California in July and has since appealed to the Ninth Circuit to have the ruling overturned.

Microsoft, Alphabet-owned Google, Cisco, Dell Technologies-owned VMWare and the Washington-based Internet Association joined forces with Facebook to argue against that, saying that awarding soverign immunity to NSO would lead to a proliferation of hacking technology and “more foreign governments with powerful and dangerous cyber surveillance tools.”

That in turn “means dramatically more opportunities for those tools to fall into the wrong hands and be used nefariously,” the brief argues.

NSO – which did not immediately return a message seeking comment – argues that its products are used to fight crime. But human rights defenders and technologists at places such as Toronto-based Citizen Lab and London-based Amnesty International have documented cases in which NSO technology has been used to target reporters, lawyers and even nutrionists lobbying for soda taxes.

Citizen Lab published a report on Sunday alleging that NSO’s phone-hacking technology had been deployed to hack three dozen phones belonging to journalists, producers, anchors, and executives at Qatar-based broadcaster Al Jazeera as well as a device beloning to a reporter at London-based Al Araby TV.

NSO’s spyware was also been linked to the slaying of Washington Post journalist Jamal Khashoggi, who was murdered and dismembered in the Saudi consulate in Istanbul in 2018. Khashoggi’s friend, dissident video blogger Omar Abdulaziz, has long argued that it was the Saudi government’s ability to see their WhatsApp messages that led to his death.

NSO has denied hacking Khashoggi, but has so far declined to comment on whether its technology was used to spy on others in his circle.

https://www.reuters.com/article/us-facebook-nso-cyber/microsoft-google-cisco-dell-join-legal-battle-against-hacking-company-nso-idUSKBN28V2WX?il=0

The Ups and downs in sueing the NSO Group

July 20, 2020

Written By Shubham Bose

facebook

While AI stranded in its effort in Israel [https://humanrightsdefenders.blog/2020/07/15/amnesty-internationals-bid-to-block-spyware-company-nso-fails-in-israeli-court/ ] a federal US court has passed an order allowing WhatsApp to move forward with its case against the Israeli company for allegedly targeting 1,400 users with malware in 2019. According to reports, it is believed that spyware produced by the Israeli firm NSO Group was used to target various groups of people around the world, such as journalists, human rights defenders, and even politicians. [see: https://humanrightsdefenders.blog/2019/10/30/nso-accused-of-largest-attack-on-civil-society-through-its-spyware/

Judge Phyllis Hamilton, in her ruling on the cases, stated that she was not convinced by NSO Group’s claims and arguments that it had no hand in targeting WhatsApp users. Moving forward in the trial, the NSO Group might be forced to reveal its clients and make the list public.

The judge also added that even if NSO was operating at the direction of its customer, it still appeared to have a hand in targeting WhatsApp users. As per reports, a WhatsApp spokesperson said the Facebook-owned venture was pleasd with the court’s decision and will now be able to uncover the practices of NSO Group.

Even in the face of criticism from privacy advocates, the company has claimed that law enforcement agencies are facing difficulties due to the proliferation of encrypted messaging apps like WhatsApp.

The law firm King & Spalding has reportedly been hired by the NSO group to represent them. Among the company’s legal team is Rod Rosenstein, Trump administration’s former attorney general. The NSO Group has reportedly had multiple government clients like Saudi Arabia, Mexico, and the United Arab Emirates who have used spyware to target political opponents and human rights, campaigners.

https://www.republicworld.com/world-news/us-news/whatsapp-lawsuit-against-israeli-firm-nso-group-given-green-light-by-u.html

Amnesty International’s bid to block spyware company NSO fails in Israeli court

July 15, 2020

Amnesty International’s bid to block spyware company NSO Group’s international export licence has been shut down in a Tel Aviv court, apparently due to a lack of evidence, reported several media, here in the New Statesman of 14 July 2020. [see: https://humanrightsdefenders.blog/2019/09/17/has-nso-really-changed-its-attitude-with-regard-to-spyware/ ]

The case argued that the Israeli defence ministry should revoke the group’s export licence in light of numerous allegations that its phone-hacking Pegasus spyware has been used by governments (including Mexico, Saudi Arabia, Morocco and the UAE) to spy on civilians including an Amnesty International employee, human rights activists, lawyers and journalists..

The district court judge Rachel Barkai wrote in a statement that there was not enough evidence to “substantiate the claim that an attempt was made to monitor a human rights activist”. She wrote that in reviewing materials provided by the Ministry of Defence and Ministry of Foreign Affairs, she was persuaded that export licences were granted as part of a “sensitive and rigorous process”, and closely monitored and revoked if conditions were violated, “in particular in cases of human rights violations.”

Amnesty International decried the court’s decision. Danna Ingleton, acting co-director of Amnesty Tech, said in a statement: “Today’s disgraceful ruling is a cruel blow to people put at risk around the world by NSO Group selling its products to notorious human rights abusers. […] The ruling of the court flies in the face of the mountains of evidence of NSO Group’s spyware being used to target human rights defenders from Saudi Arabia to Mexico, including the basis of this case – the targeting of one of our own Amnesty employees.

NSO said: “Our detractors, who have made baseless accusations to fit their own agendas, have no answer to the security challenges of the 21st century. Now that the court’s decision has shown that our industry is sufficiently regulated, the focus should turn to what answer those who seek to criticise NSO have to the abuse of encryption by nefarious groups.”

The NSO Group is currently embroiled in another lawsuit brought by WhatsApp, which alleges that Pegasus spyware was used to hack more than a thousand of the messaging platform’s users. [see: https://humanrightsdefenders.blog/2019/10/30/nso-accused-of-largest-attack-on-civil-society-through-its-spyware/]

https://tech.newstatesman.com/security/amnesty-international-nso-group-export-licence

NSO versus Whatsapp continues in court

May 5, 2020

WhatsApp logo is seen displayed on a smart phone screen on 11 December 2019 [Ali Balıkçı/Anadolu Agency]

WhatsApp logo is seen displayed on a smart phone screen on 11 December 2019 [Ali Balıkçı/Anadolu Agency]

The NSO Group has always maintained its innocence insisting that its spyware is purchased by government clients for the purpose of tracking terrorists and criminals and that it had no independent knowledge of how those clients use its spyware. This claim is contradicted by court documents in WhatsApp’s lawsuit filed last year against the Israeli firm. While bringing the lawsuit, WhatsApp said in a statement that 100 civil society members had been targeted and called it “an unmistakable pattern of abuse”. New documents seen last week indicate that servers controlled by NSO Group and not its government clients, as alleged by the Israeli firm, were an integral part of how the hacks were executed. “NSO used a network of computers to monitor and update Pegasus after it was implanted on users’ devices,” said WhatsApp, “these NSO-controlled computers served as the nerve centre through which NSO controlled its customers’ operation and use of Pegasus [software used to hack computers and phones].”NSO Group is also accused by WhatsApp of gaining “unauthorised access” to its servers by evading the company’s security features.

n the ongoing legal battle between Facebook and software surveillance company NSO Group, the social media giant is trying to get NSO Group’s legal counsel dismissed because of an alleged conflict of interest. In a court filing made public this week, Facebook asked a federal judge to disqualify law firm King & Spalding from representing NSO Group because the firm previously represented Facebook-owned WhatsApp in a different, sealed case that is “substantially related” to the NSO Group one. King & Spalding, an Atlanta-based firm with a range of big corporate clients, has denied there is a conflict of interest, according to the filing.“Any attorney defending this suit would love to have insight into how WhatsApp’s platform and systems work,” the court filing states. “And King & Spalding has that insight—because it was once WhatsApp’s counsel.”The dispute with Facebook is one of multiple legal battles currently facing NSO Group. Amnesty International is trying to get an Israeli court to revoke NSO Group’s export license in Israel, citing Pegasus’s alleged role in humans rights abuses. [see: https://humanrightsdefenders.blog/2019/09/17/has-nso-really-changed-its-attitude-with-regard-to-spyware/]https://www.amnesty.org/en/latest/news/2020/06/nso-spyware-used-against-moroccan-journalist/

https://www.cyberscoop.com/nso-group-lawsuit-whatsapp-conflict-of-interest-king-spalding/

Israel’s NSO Group accused of ‘unmistakable pattern of abuse’ in hacking case

Novalpina urged to come clean about targeting human rights defenders

February 19, 2019

In an open letter released today, 18 February 2019, Amnesty International, Human Rights Watch and five other NGOs urged Novalpina to publicly commit to accountability for NSO Group’s past spyware abuses, including the targeting of an Amnesty International employee and the alleged targeting of Jamal Khashoggi. [see also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Danna Ingleton, Deputy Director of Amnesty Tech, said: “Novalpina’s executives have serious questions to answer about their involvement with a company which has become the go-to surveillance tool for abusive governments. This sale comes in the wake of reports that NSO paid private operatives to physically intimidate individuals trying to investigate its role in attacks on human rights defenders – further proof that NSO is an extremely dangerous entity.

We are calling on Novalpina to confirm an immediate end to the sale or further maintenance of NSO products to governments which have been accused of using surveillance to violate human rights. It must also be completely transparent about its plans to prevent further abuses.

This could be an opportunity to finally hold NSO Group to account. Novalpina must commit to fully engaging with investigations into past abuses of NSO’s spyware, and ensure that neither NSO Group nor its previous owners, Francisco Partners, are let off the hook.”

The signatories to the letter are:

  • Amnesty International
  • R3D: Red en Defensa de los Derechos Digitales
  • Privacy International
  • Access Now
  • Human Rights Watch
  • Reporters Without Borders
  • Robert L. Bernstein Institute for Human Rights, NYU School of Law and Global Justice Clinic, NYU School of Law

https://www.amnesty.org/en/latest/news/2019/02/spyware-firm-buyout-reaffirms-urgent-need-for-justice-for-targeted-activists/

https://www.amnesty.org/en/latest/research/2019/02/open-letter-to-novalpina-capital-nso-group-and-francisco-partners/

Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt

August 29, 2016

Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]


Ahmed MansoorImage copyrightAP – human rights defender Ahmed Mansoor

The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.

Text message
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB

For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/

Sources:

http://www.bbc.com/news/technology-37185544

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/  (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)

http://www.dailymail.co.uk/sciencetech/article-3758671/Apple-boosts-iPhone-security-Mideast-spyware-discovery.html