from the NSO:-No-Such-Operation dept.
Data leaked to a consortium of news organizations suggests that several countries use Pegasus, a powerful cyberespionage tool, to spy on rights activists, dissidents and journalists.
A major Israeli cyber-surveillance company, NSO Group, came under heightened scrutiny Sunday after an international alliance of news outlets reported that governments used its software to target journalists, dissidents and opposition politicians.
The Israeli government also faced renewed international pressure for allowing the company to do business with authoritarian regimes that use the spyware for purposes that go far afield of the company's stated aim: targeting terrorists and criminals.
[...] The allegations may escalate concerns that the Israeli government has abetted government abuses by granting NSO an export license to sell software to countries that use it to suppress dissent.
The accounts, published by The Washington Post and an alliance of 16 other international news outlets, follow recent reporting by The [New York] Times that Israel permitted NSO to do business with Saudi Arabia, and encouraged it to keep doing so even after the Saudi government was implicated in the 2018 assassination of a Saudi journalist and dissident, Jamal Khashoggi.
Related: Israeli Firm NSO Linked to WhatsApp Hack, Faces Lawsuit Backed by Amnesty International
Saudi Crown Prince's WhatsApp Account Reportedly Used to Hack Jeff Bezos
The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit
« Google Redesigns its Emoji to be More Universal and Authentic | Ukraine Warehouse Packed with Thousands of PS4s was Actually a FIFA Ultimate Team Bot Farm »
The Israeli firm linked to this week's WhatsApp hack is facing a lawsuit backed by Amnesty International, which says it fears its staff may be under surveillance from spyware installed via the messaging service.
The human rights group's concerns are detailed in a lawsuit filed in Israel by about 50 members and supporters of Amnesty International Israel and others from the human rights community. It has called on the country's ministry of defence to ban the export of NSO's Pegasus software, which can covertly take control of a mobile phone, copy its data and turn on the microphone for surveillance.
An affidavit from Amnesty is at the heart of the case, and concludes that "staff of Amnesty International have an ongoing and well-founded fear they may continue to be targeted and ultimately surveilled" after a hacking attempt last year.
NSO Group, founded in 2010, supplies industry-leading surveillance software to governments that it says is for tackling terrorism and serious crime, and has been licensed to dozens of countries including Saudi Arabia, Mexico, Bahrain and the UAE.
But there have been a string of complaints in the past few months, documented largely by the Toronto-based Citizen Lab, that the technology has been used to target human rights groups, activists and journalists by several countries – and that there has been no attempt to rein it in.
See also: After WhatsApp hack, NSO faces scrutiny from Facebook and UK public pension fund
WhatsApp's security breach: Made in Israel, implemented worldwide
WhatsApp Rushes to Fix Security Flaw Exposed in Hacking of Lawyer's Phone
Related: Israeli Spy Tech Company Allegedly Cracks WhatsApp Encryption (2016)
Former NSO Employee Arrested After Attempting to Sell Spyware for $50 Million
Agents Target Researchers who Reported Software that Spied on Jamal Khashoggi before his Death
Exclusive: investigation suggests Washington Post owner was targeted five months before murder of Jamal Khashoggi
The Amazon billionaire Jeff Bezos had his mobile phone "hacked" in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian.
The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world's richest man, according to the results of a digital forensic analysis.
This analysis found it "highly probable" that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.
The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.
Large amounts of data were exfiltrated from Bezos's phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used.
The extraordinary revelation that the future king of Saudi Arabia may have had a personal involvement in the targeting of the American founder of Amazon will send shockwaves from Wall Street to Silicon Valley.
The Citizen Lab found that the iPhones of dozens of journalists were hacked using an invisible zero-day zero-click exploit in iMessage.
Summary & Key Findings
- In July and August 2020, government operatives used NSO Group's Pegasus spyware to hack 36 phones belonging to journalists and employees at Al Jazeera. The phone of a journalist at London-based Al Araby TV was also hacked.
- The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple's then-latest iPhone 11.
- Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.
- The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
- We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system.
- Given the global reach of NSO Group's customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a miniscule fraction of the total attacks leveraging this exploit.
There are other findings which are then followed by an in-depth analysis of a few infections. The story concludes with an admonition to "Update your iOS Device Immediately":