What We Know About Alleged Nso Group Malware

The 50,000 people, revealed in a list of phone numbers leaked to major news outlets by Amnesty International, were allegedly pinpointed as people of interest by clients of the company.

It was not immediately clear how many of the allegedly targeted phones were successfully installed with the software, known as Pegasus, BBC reported.

NSO Group, which has denied the allegations, claims on its website that only military, law enforcement and intelligence agencies are permitted to use its software to keep tabs on criminal and terrorist activity. However, an investigation by Amnesty International and the media nonprofit Forbidden Stories found “irrefutable evidence” that NSO spyware had successfully infiltrated iPhone 11 and 12 models, potentially infecting thousands of the phones.

“These attacks have exposed activists, journalists and politicians all over the world to the risk of having their whereabouts monitored, and their personal information used against them,” Danna Ingleton, deputy director of Amnesty Tech, said in an organization report.

NSO Group said it is considering a defamation lawsuit in response to the allegations, calling them “outrageous and far from reality.” The company’s statement also questioned Amnesty International’s investigative methods, despite an independent review of the forensic investigation methods by Citizen Lab that found them to be sound.

NSO Group’s chief executive and co-founder, Shalev Hulio, disputed the accusations during an interview with the Washington Post, yet called them “disturbing” and pledged to investigate.

“Every allegation about misuse of the system is concerning me,” he told the Post. “It violates the trust that we give our customers. We are investigating every allegation…and if we find that it is true, we will take strong action.”

Media groups investigating the list said they had identified more than 180 journalists from organizations like CNN, the New York Times and Al Jazeera, BBC reported. Overall, they have pinpointed over 1,000 people across 50 countries as potential targets of the spyware.

Roula Khalaf, editor of the Financial Times, was identified as one of the candidates chosen for surveillance throughout 2018, the Guardian reported. At least 50 people close to Mexican President Andrés Manuel López Obrador, including family, aides and his doctor, were also included on the list.

The Amnesty International investigation also detected spyware on the phones of the wife and fiancée of dissident Saudi journalist Jamal Khashoggi, who was murdered in 2018. Claude Mangin, the wife of jailed political activist Naama Asfari, was another NSO Group target whose phone was successfully infiltrated with private spyware, according to a Post report.

“NSO Group can no longer hide behind the claim that its spyware is only used to fight crime. There is overwhelming evidence that NSO spyware is being systematically used for repression and other human rights violations,” Ingleton said.

The Amnesty International report said that thousands of Google Android phones were also identified as targets, but “their operating systems do not keep accessible logs useful for detecting Pegasus spyware infection.” The iPhone models that they successfully identified the spyware in were thought to have “high levels of security.”

“Apple prides itself on its security and privacy features, but NSO Group has ripped these apart,” Ingleton said.

“This is a global concern – anyone and everyone is at risk, and even technology giants like Apple are ill-equipped to deal with the massive scale of surveillance at hand,” she added.

Edward Snowden, the former CIA employee who leaked classified NSA information to the public in 2013, condemned NSO Group in light of the allegations.

“The Israeli company behind this – the NSO group – should bear direct, criminal liability for the deaths and detentions of those targeted by the digital infection vectors it sells, which have no legitimate use,” he tweeted Sunday.

The live updates for this event have ended.

“We independently validated that Amnesty International’s forensic methodology correctly identified infections with NSO’s Pegasus spyware within four iTunes backups. In addition, the Citizen Lab’s own research has independently arrived at a number of the same key findings as Amnesty International’s analysis,” a report published on the Citizen Lab website said.

The findings contradict claims by NSO Group that the Forbidden Stories report was built on “misleading interpretation of data from accessible and overt basic information,” like HLR lookup services.

“Such services are openly available to anyone, anywhere, and anytime, and are commonly used by governmental agencies for numerous purposes, as well as by private companies worldwide,” an NSO statement said.

Hulio disputed the claims, yet called them disturbing and pledged to respond if they were validated.

“Every allegation about misuse of the system is concerning me,” he told the Post. “It violates the trust that we give our customers. We are investigating every allegation…and if we find that it is true, we will take strong action.”

The investigation detected spyware on Khashoggi’s fiancée’s phone days after the murder and on his wife’s phone between September of 2017 and April of 2018, BBC reported.

NSO Group denied that its software had any connection to the murder in a statement released in response to the media reports.

“We can confirm that our technology was not used to listen, monitor, track, or collect information regarding him or his family members mentioned in the inquiry. We previously investigated this claim, which again, is being made without validation,” the statement said.

On Twitter, Snowden called for the Israeli company to face “direct, criminal liability” for the death or jailing of anyone who was targeted by the software. He also warned that the number of people targeted could grow drastically if the sale of the technology isn’t stopped.

“It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect,” he tweeted.

A forensic investigation by Amnesty International found that Mangin’s phone was hacked multiple times between October and June while she was in France. One of the hacks came during June as a text message with no sound, image or need for Mangin to interact with it before the software entered the device, the Post reported.

The spyware, Pegasus, can obtain emails, call records, browsing histories, locations and many other kinds of sensitive information. Amnesty International was unable to discover exactly what the spyware obtained from Mangin’s phone.

The company called the accusations “outrageous and far from reality,” while “firmly” denying them in a statement posted on its website.

“NSO Group has a good reason to believe the claims that are made by the unnamed sources to Forbidden Stories, are based on misleading interpretation of data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers targets of Pegasus or any other NSO products,” the statement said.

“We would like to emphasize that NSO sells it technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts,” it added.