Posts Tagged ‘NSO’

No end to NSO’s Pegasus trouble

April 5, 2022

TechCrunch of 5 April 2022 reports that Investigators say they have found evidence that a Jordanian journalist and human rights defender’s iPhone was hacked with the Pegasus spyware just weeks after Apple sued the spyware’s maker NSO Group to stop it from targeting Apple’s customers.

Award-winning journalist Suhair Jaradat’s phone was hacked with the notorious spyware as recently as December 5, 2021, according to an analysis of her phone by Front Line Defenders and Citizen Lab that was shared with TechCrunch ahead of its publication. Jaradat was sent a WhatsApp message from someone impersonating a popular anti-government critic with links to the Pegasus spyware, compromising her phone. According to the forensic analysis, Jaradat’s iPhone was hacked several times in the preceding months and as far back as February 2021.

Apple had filed a lawsuit against Israeli spyware maker NSO Group in November 2021, seeking a court-issued injunction aimed at banning NSO from using Apple’s products and services to develop and deploy hacks against its customers. See also: https://humanrightsdefenders.blog/2021/07/21/nsos-pegasus-spyware-now-really-in-the-firing-line/…But so far the case has gotten off to a slow start after the first judge assigned to the case recused herself, with no decision on the case likely to be made any time before June.

Jaradat is one of several Jordanians, including human rights defenders, lawyers and fellow journalists whose phones were compromised likely by agencies of the Jordanian government, according to Front Line Defenders and Citizen Lab’s findings out Tuesday.

Among the others targeted include Malik Abu Orabi, a human rights lawyer whose work has included defending the teachers’ union, which in 2019 led the longest public sector strike in the country’s history. Abu Orabi’s phone was targeted as early as August 2019 until June 2021. Also, the phone of Ahmed Al-Neimat, a human rights defender and anti-corruption activist, was targeted by the ForcedEntry exploit in February 2021. The researchers said the hacking of Al-Neimat’s phone is believed to be the earliest suspected use of ForcedEntry.

Another Jordanian journalist and human rights defender’s phone was targeted, according to the researchers, but who asked for her identity not to be disclosed.

Meanwhile, on 5 April 2022, AFP reported that Palestinian lawyer Salah Hamouri, who is in Israeli detention, filed a complaint in France Tuesday against surveillance firm NSO Group for having “illegally infiltrated” his mobile phone with the spyware Pegasus.

Hamouri, who also holds French citizenship, is serving a four-month term of administrative detention ordered by an Israeli military court in March on the claim he is a “threat to security”.

He is one of several Palestinian activists whose phones were hacked using the Pegasus malware made by the Israeli company NSO, according to a report in November by human rights groups. See: https://humanrightsdefenders.blog/2021/11/10/palestinian-ngos-dubbed-terrorist-were-hacked-with-pegasus-spyware/

On Tuesday, the International Federation for Human Rights (FIDH), the Human Rights League (LDH) and Hamouri filed a complaint with the Paris prosecutor.  It accused NSO of “having illegally infiltrated the telephone of rights defender Salah Hamouri,” they said in a statement sent to the AFP bureau in Jerusalem. 

Obviously, this is an operation that is part of a largely political framework given the harassment Hamouri has been subjected to for years and the attacks on human rights defenders in Israel,” attorney Patrick Baudouin, honorary president of the FIDH, told AFP.

https://www.securityweek.com/palestinian-lawyer-sues-pegasus-spyware-maker-france

https://citizenlab.ca/2022/04/peace-through-pegasus-jordanian-human-rights-defenders-and-journalists-hacked-with-pegasus-spyware/

It is not just NSO – Loujain Al-Hathloul sues Spyware Maker DarkMatter

December 17, 2021
Laptop with broken screen

As announced on 9 December 2021, the Electronic Frontier Foundation (EFF) has filed a lawsuit to on behalf of Saudi human rights defender Loujain Al Hathloul against spying software maker DarkMatter and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts.

AlHathloul is among the victims of an illegal spying program created and run by former U.S. intelligence operatives, including the three defendants named in the lawsuit, who worked for a U.S. company hired by United Arab Emirates (UAE) in the wake of the Arab Spring protests to identify and monitor activists, journalists, rival foreign leaders, and perceived political enemies.

Reuters broke the news about the hacking program called Project Raven in 2019, reporting that when UAE transferred the surveillance work to Emirati firm DarkMatter, the U.S. operatives, who learned spycraft working for the National Security Agency and other U.S. intelligence agencies, went along and ran DarkMatter’s hacking program, which targeted human rights activists like AlHathloul, political dissenters, and even Americans residing in the U.S.

DarkMatter executives Marc Baier, Ryan Adams, and Daniel Gericke, working for their client UAE—which was acting on behalf of the Kingdom of Saudi Arabia (KSA)—oversaw the hacking project, which exploited a vulnerability in the iMessage app to locate and monitor targets. Baier, Adams, Gericke, all former members of U.S. intelligence or military agencies, designed and operated the UAE cybersurveillance program, also known as Project DREAD (Development Research Exploitation and Analysis Department), using malicious code purchased from a U.S. company.

Baier, who resides in UAE, Adams, a resident of Oregon, and Gericke, who lives in Singapore, admitted in September to violating the Computer Fraud and Abuse Act (CFAA) and prohibitions on selling sensitive military technology under a non-prosecution agreement with the U.S. Justice Department.

Companies that peddle their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” said EFF Civil Liberties Director David Greene. “The harm to Loujain AlHathloul can never be undone. But this lawsuit is a step toward accountability.

AlHathloul is a leader in the movement to advance the rights of women in Saudi Arabia [see also: https://www.trueheroesfilms.org/thedigest/laureates/1a6d84c0-b494-11ea-b00d-9db077762c6c].


DarkMatter intentionally directed the code to Apple servers in the U.S. to reach and place malicious software on AlHathloul’s iPhone, a violation of the CFAA, EFF says in a complaint filed in federal court in Oregon. The phone was initially hacked in 2017, gaining access to her texts, email messages, and real-time location data. Later, AlHathloul was driving on the highway in Abu Dhabi when she was arrested by UAE security services, and forcibly taken by plane to the KSA, where she was imprisoned twice, including at a secret prison where she was subject to electric shocks, flogging, and threats of rape and death.

“Project Raven went beyond even the behavior that we have seen from NSO Group, which has been caught repeatedly having sold software to authoritarian governments who use their tools to spy on journalists, activists, and dissidents,” said EFF Cybersecurity Director Eva Galperin. “Dark Matter didn’t merely provide the tools; they oversaw the surveillance program themselves.

While EFF has long pressed for the need to reform the CFAA, this case represents a straightforward application of the CFAA to the sort of egregious violation of users’ security that everyone agrees the law was intended to address.

“This is a clear-cut case of device hacking, where DarkMatter operatives broke into AlHathloul’s iPhone without her knowledge to insert malware, with horrific consequences,” said Mukund Rathi, EFF attorney and Stanton Fellow. “This kind of crime is what the CFAA was meant to punish.” In addition to CFAA violations, the complaint alleges that Baier, Adams, and Gericke aided and abetted in crimes against humanity because the hacking of AlHathloul’s phone was part of the UAE’s widespread and systematic attack against human rights defenders, activists, and other perceived critics of the UAE and KSA.

The law firms of Foley Hoag LLP and Boise Matthews LLP are co-counsel with EFF in this matter.

EFF also welcomed the Ninth Circuit Court of Appeals’ recent ruling that spyware vendor NSO Group, as a private company, did not have foreign sovereign immunity from WhatsApp’s lawsuit alleging hacking of the app’s users. Courts should similarly deny immunity to DarkMatter and other surveillance and hacking companies who directly harm Internet users around the world.

For the complaint:
https://www.eff.org/document/alhathloul-v-darkmatter

For more on state-sponsored malware:
https://www.eff.org/issues/state-sponsored-malware Contact: Karen Gullo

https://www.eff.org/press/releases/saudi-human-rights-activist-represented-eff-sues-spyware-maker-darkmatter-violating

https://www.eff.org/deeplinks/2021/12/eff-court-deny-foreign-sovereign-immunity-darkmatter-hacking-journalist

The Ups and downs in sueing the NSO Group

July 20, 2020

Written By Shubham Bose

facebook

While AI stranded in its effort in Israel [https://humanrightsdefenders.blog/2020/07/15/amnesty-internationals-bid-to-block-spyware-company-nso-fails-in-israeli-court/ ] a federal US court has passed an order allowing WhatsApp to move forward with its case against the Israeli company for allegedly targeting 1,400 users with malware in 2019. According to reports, it is believed that spyware produced by the Israeli firm NSO Group was used to target various groups of people around the world, such as journalists, human rights defenders, and even politicians. [see: https://humanrightsdefenders.blog/2019/10/30/nso-accused-of-largest-attack-on-civil-society-through-its-spyware/

Judge Phyllis Hamilton, in her ruling on the cases, stated that she was not convinced by NSO Group’s claims and arguments that it had no hand in targeting WhatsApp users. Moving forward in the trial, the NSO Group might be forced to reveal its clients and make the list public.

The judge also added that even if NSO was operating at the direction of its customer, it still appeared to have a hand in targeting WhatsApp users. As per reports, a WhatsApp spokesperson said the Facebook-owned venture was pleasd with the court’s decision and will now be able to uncover the practices of NSO Group.

Even in the face of criticism from privacy advocates, the company has claimed that law enforcement agencies are facing difficulties due to the proliferation of encrypted messaging apps like WhatsApp.

The law firm King & Spalding has reportedly been hired by the NSO group to represent them. Among the company’s legal team is Rod Rosenstein, Trump administration’s former attorney general. The NSO Group has reportedly had multiple government clients like Saudi Arabia, Mexico, and the United Arab Emirates who have used spyware to target political opponents and human rights, campaigners.

https://www.republicworld.com/world-news/us-news/whatsapp-lawsuit-against-israeli-firm-nso-group-given-green-light-by-u.html

NSO accused of largest attack on civil society through its spyware

October 30, 2019
I blogged about the spyware firm NSO before [see e.g. https://humanrightsdefenders.blog/2019/09/17/has-nso-really-changed-its-attitude-with-regard-to-spyware/], but now WhatsApp has joined the critics with a lawsuit.

On May 13th, WhatsApp announced that it had discovered the vulnerability. In a statement, the company said that the spyware appeared to be the work of a commercial entity, but it did not identify the perpetrator by name. WhatsApp patched the vulnerability and, as part of its investigation, identified more than fourteen hundred phone numbers that the malware had targeted. In most cases, WhatsApp had no idea whom the numbers belonged to, because of the company’s privacy and data-retention rules. So WhatsApp gave the list of phone numbers to the Citizen Lab, a research laboratory at the University of Toronto’s Munk School of Global Affairs, where a team of cyber experts tried to determine whether any of the numbers belonged to civil-society members.

On Tuesday 29 October 2019, WhatsApp took the extraordinary step of announcing that it had traced the malware back to NSO Group, a spyware-maker based in Israel, and filed a lawsuit against the company—and also its parent, Q Cyber Technologies—in a Northern California court, accusing it of “unlawful access and use” of WhatsApp computers. According to the lawsuit, NSO Group developed the malware in order to access messages and other communications after they were decrypted on targeted devices, allowing intruders to bypass WhatsApp’s encryption.

NSO Group said in a statement in response to the lawsuit, “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime. Our technology is not designed or licensed for use against human rights activists and journalists.” In September, NSO Group announced the appointment of new, high-profile advisers, including Tom Ridge, the first U.S. Secretary of Homeland Security, in an effort to improve its global image.

In a statement to its users on Tuesday, WhatsApp said, “There must be strong legal oversight of cyber weapons like the one used in this attack to ensure they are not used to violate individual rights and freedoms people deserve wherever they are in the world. Human rights groups have documented a disturbing trend that such tools have been used to attack journalists and human rights defenders.”

John Scott-Railton, a senior researcher at the Citizen Lab, said, “It is the largest attack on civil society that we know of using this kind of vulnerability.”

https://www.newyorker.com/news/news-desk/whatsapp-sues-an-israeli-tech-firm-whose-spyware-targeted-human-rights-activists-and-journalists

https://uk.finance.yahoo.com/news/whatsapp-blames-sues-mobile-spyware-192135400.html

Has NSO really changed its attitude with regard to spyware?

September 17, 2019

Cyber-intelligence firm NSO Group has introduced a new Human Rights Policy and a supporting governance framework in an apparent attempt to boost its reputation and comply with the United Nations’ Guiding Principles for Business and Human Rights. This follows recent criticism that its technology was being used to violate the rights of journalist and human rights defenders. A recent investigation found the company’s Pegasus spyware was used against a member of non-profit Amnesty International. [see: https://humanrightsdefenders.blog/2019/02/19/novalpina-urged-to-come-clean-about-targeting-human-rights-defenders/]

The NSO’s new human rights policy aims to identify, prevent and mitigate the risks of adverse human rights impact. It also includes a thorough evaluation of the company’s sales process for the potential of adverse human rights impacts coming from the misuse of NSO products. As well as this, it introduces contractual agreements for NSO customers that will require them to limit the use of the company’s products to the prevention and investigation of serious crimes. There will be specific attention to protect individuals or groups that could be at risk of arbitrary digital surveillance and communication interceptions due to race, colour, sex, language, religion, political or other opinions, national or social origin, property, birth or other status, or their exercise or defence of human rights. Rules have been set out to protect whistle-blowers who wish to report concerns about misuse of NSO technology.

Amnesty International is supporting current legal actions being taken against the Israeli Ministry of Defence, demanding that it revoke NSO Group’s export licence. In January 2020 an Israeli court ordered a  closed door hearing.

Danna Ingleton, Deputy Program Director for Amnesty Tech, said: “While on the surface it appears a step forward, NSO has a track record of refusing to take responsibility. The firm has sold invasive digital surveillance to governments who have used these products to track, intimidate and silence activists, journalists and critics.”

CEO and co-founder Shalev Hulio, counters: “NSO has always taken governance and its ethical responsibilities seriously as demonstrated by our existing best-in-class customer vetting and business decision process. With this new Human Rights Policy and governance framework, we are proud to further enhance our compliance system to such a degree that we will become the first company in the cyber industry to be aligned with the Guiding Principles.

https://www.verdict.co.uk/nso-group-new-human-rights-policy/

https://www.ynetnews.com/article/HJSNKJAeU

Controversial spyware company promises to respect human rights…in the future

June 19, 2019

This photo from August 25, 2016, shows the logo of the Israeli NSO Group company on a building in Herzliya, Israel. (AP Photo/Daniella Cheslow)

This photo from August 25, 2016, shows the logo of the Israeli NSO Group company on a building in Herzliya, Israel. (AP Photo/Daniella Cheslow)

Newspapers report that controversial Israeli spyware developer NSO Group will in the coming months move towards greater transparency and align itself fully with the UN Guiding Principles on Business and Human Rights, the company’s owners said over the weekend. [see also: https://humanrightsdefenders.blog/2019/02/19/novalpina-urged-to-come-clean-about-targeting-human-rights-defenders/]

Private equity firm Novalpina, which acquired a majority stake in NSO Group in February, said that within 90 days it would “establish at NSO a new benchmark for transparency and respect for human rights.” It said it sought “a significant enhancement of respect for human rights to be built into NSO’s governance policies and operating procedures and into the products sold under licence to intelligence and law enforcement agencies.

The company has always stated that it provides its software to governments for the sole purpose of fighting terrorism and crime, but human rights defenders and NGOs have claimed the company’s technology has been used by repressive governments to spy on them. Most notably, the spyware was allegedly used in connection with the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found.

Last month London-based Amnesty International, together with other human rights activists, filed a petition to the District Court in Tel Aviv to compel Israel’s Defense Ministry to revoke the export license it granted to the company that Amnesty said has been used “in chilling attacks on human rights defenders around the world.”

On Friday the Guardian reported that Yana Peel, a well-known campaigner for human rights and a prominent figure in London’s art scene, is a co-owner of NSO, as she has a stake in Novalpina, co-founded by her husband Stephen Peel. Peel told the Guardian she has no involvement in the operations or decisions of Novalpina, which is managed by my husband, Stephen Peel, and his partners and added that the Guardian’s view of NSO was “quite misinformed.”

And Citizen Lab is far from re-assured:  https://citizenlab.ca/2019/06/letter-to-novalpina-regarding-statement-on-un-guiding-principles/…

https://www.timesofisrael.com/controversial-nso-group-to-adopt-policy-of-closer-respect-for-human-rights/

https://www.theguardian.com/world/2019/jun/18/whatsapp-spyware-israel-cyber-weapons-company-novalpina-capital-statement

Beyond WhatsApp and NSO – how human rights defenders are targeted by cyberattacks

May 14, 2019
Several reports have shown Israeli technology being used by Gulf states against their own citizens (AFP/File photo)

NSO Group has been under increased scrutiny after a series of reports about the ways in which its spyware programme has been used against prominent human rights activists. Last year, a report by CitizenLab, a group at the University of Toronto, showed that human rights defenders in Saudi Arabia, the United Arab Emirates and Bahrain were targeted with the software.

In October, US whistleblower Edward Snowden said Pegasus had been used by the Saudi authorities to surveil journalist Jamal Khashoggi before his death. “They are the worst of the worst,” Snowden said of the firm. Amnesty International said in August that a staffer’s phone was infected with the Pegasus software via a WhatsApp message.

——-

Friedhelm Weinberg‘s piece of 1 May is almost prescient and contains good, broader advice:

When activists open their inboxes, they find more than the standard spam messages telling them they’ve finally won the lottery. Instead, they receive highly sophisticated emails that look like they are real, purport to be from friends and invite them to meetings that are actually happening. The catch is: at one point the emails will attempt to trick them.

1. Phishing for accounts, not compliments

In 2017, the Citizen Lab at the University of Toronto and the Egyptian Initiative for Personal Rights, documented what they called the “Nile Phish” campaign, a set of emails luring activists into giving access to their most sensitive accounts – email and file-sharing tools in the cloud. The Seoul-based Transitional Justice Working Group recently warned on its Facebook page about a very similar campaign. As attacks like these have mounted in recent years, civil society activists have come together to defend themselves, support each other and document what is happening. The Rarenet is a global group of individuals and organizations that provides emergency support for activists – but together it also works to educate civil society actors to dodge attacks before damage is done. The Internet Freedom Festival is a gathering dedicated to supporting people at risk online, bringing together more than 1,000 people from across the globe. The emails from campaigns like Nile Phish may be cunning and carefully crafted to target individual activists.. – they are not cutting-edge technology. Protection is stunningly simple: do nothing. Simply don’t click the link and enter information – as hard as it is when you are promised something in return.

Often digital security is about being calm and controlled as much as it is about being savvy in the digital sphere. And that is precisely what makes it difficult for passionate and stressed activists!

2. The million-dollar virus

Unfortunately, calm is not always enough. Activists have also been targeted with sophisticated spyware that is incredibly expensive to procure and difficult to spot. Ahmed Mansoor, a human-rights defender from the United Arab Emirates, received messages with malware (commonly known as computer viruses) that cost one million dollars on the grey market, where unethical hackers and spyware firms meet. See also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Rights defender Ahmed Mansoor in Dubai in 2011, a day after he was pardoned following a conviction for insulting UAE leaders. He is now in prison once more.

Rights defender Ahmed Mansoor in Dubai in 2011. Image: Reuters/Nikhil Monteiro

3. Shutting down real news with fake readers

Both phishing and malware are attacks directed against the messengers, but there are also attacks against the message itself. This is typically achieved by directing hordes of fake readers to the real news – that is, by sending so many requests through bot visitors to websites that the servers break down under the load. Commonly referred to as “denial of service” attacks, these bot armies have also earned their own response from civil society. Specialised packages from Virtual Road or Deflect sort fake visitors from real ones to make sure the message stays up.

 

A chart showing how distributed denial of service (DDoS) attacks have grown over time.

How distributed denial of service (DDoS) attacks have grown. Image: Kinsta.com; data from EasyDNS

Recently, these companies also started investigating who is behind these attacks– a notoriously difficult task, because it is so easy to hide traces online. Interestingly, whenever Virtual Road were so confident in their findings that they publicly named attackers, the attacks stopped. Immediately. Online, as offline, one of the most effective ways to ensure that attacks end is to name the offenders, whether they are cocky kids or governments seeking to stiffle dissent. But more important than shaming attackers is supporting civil society’s resilience and capacity to weather the storms. For this, digital leadership, trusted networks and creative collaborations between technologists and governments will pave the way to an internet where the vulnerable are protected and spaces for activism are thriving.

——–