Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday July 20 2021, @12:36AM   Printer-friendly
from the NSO:-No-Such-Operation dept.

Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses

Data leaked to a consortium of news organizations suggests that several countries use Pegasus, a powerful cyberespionage tool, to spy on rights activists, dissidents and journalists.

A major Israeli cyber-surveillance company, NSO Group, came under heightened scrutiny Sunday after an international alliance of news outlets reported that governments used its software to target journalists, dissidents and opposition politicians.

The Israeli government also faced renewed international pressure for allowing the company to do business with authoritarian regimes that use the spyware for purposes that go far afield of the company's stated aim: targeting terrorists and criminals.

[...] The allegations may escalate concerns that the Israeli government has abetted government abuses by granting NSO an export license to sell software to countries that use it to suppress dissent.

The accounts, published by The Washington Post and an alliance of 16 other international news outlets, follow recent reporting by The [New York] Times that Israel permitted NSO to do business with Saudi Arabia, and encouraged it to keep doing so even after the Saudi government was implicated in the 2018 assassination of a Saudi journalist and dissident, Jamal Khashoggi.

Pegasus: The new global weapon for silencing journalists

Also at Business Insider, The Hill, The Verge, and Al Jazeera.

Related: Israeli Firm NSO Linked to WhatsApp Hack, Faces Lawsuit Backed by Amnesty International
Saudi Crown Prince's WhatsApp Account Reportedly Used to Hack Jeff Bezos
The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit


Original Submission

Related Stories

Israeli Firm NSO Linked to WhatsApp Hack, Faces Lawsuit Backed by Amnesty International 11 comments

Israeli firm linked to WhatsApp spyware attack faces lawsuit

The Israeli firm linked to this week's WhatsApp hack is facing a lawsuit backed by Amnesty International, which says it fears its staff may be under surveillance from spyware installed via the messaging service.

The human rights group's concerns are detailed in a lawsuit filed in Israel by about 50 members and supporters of Amnesty International Israel and others from the human rights community. It has called on the country's ministry of defence to ban the export of NSO's Pegasus software, which can covertly take control of a mobile phone, copy its data and turn on the microphone for surveillance.

An affidavit from Amnesty is at the heart of the case, and concludes that "staff of Amnesty International have an ongoing and well-founded fear they may continue to be targeted and ultimately surveilled" after a hacking attempt last year.

NSO Group, founded in 2010, supplies industry-leading surveillance software to governments that it says is for tackling terrorism and serious crime, and has been licensed to dozens of countries including Saudi Arabia, Mexico, Bahrain and the UAE.

But there have been a string of complaints in the past few months, documented largely by the Toronto-based Citizen Lab, that the technology has been used to target human rights groups, activists and journalists by several countries – and that there has been no attempt to rein it in.

See also: After WhatsApp hack, NSO faces scrutiny from Facebook and UK public pension fund
WhatsApp's security breach: Made in Israel, implemented worldwide
WhatsApp Rushes to Fix Security Flaw Exposed in Hacking of Lawyer's Phone

Previously: A WhatsApp Call Can Hack a Phone: Zero-Day Exploit Infects Mobiles with Spyware

Related: Israeli Spy Tech Company Allegedly Cracks WhatsApp Encryption (2016)
Former NSO Employee Arrested After Attempting to Sell Spyware for $50 Million
Agents Target Researchers who Reported Software that Spied on Jamal Khashoggi before his Death


Original Submission

Saudi Crown Prince's WhatsApp Account Reportedly Used to Hack Jeff Bezos 29 comments

Amazon boss Jeff Bezos's phone 'hacked by Saudi crown prince'

Exclusive: investigation suggests Washington Post owner was targeted five months before murder of Jamal Khashoggi

The Amazon billionaire Jeff Bezos had his mobile phone "hacked" in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian.

The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated the phone of the world's richest man, according to the results of a digital forensic analysis.

This analysis found it "highly probable" that the intrusion into the phone was triggered by an infected video file sent from the account of the Saudi heir to Bezos, the owner of the Washington Post.

The two men had been having a seemingly friendly WhatsApp exchange when, on 1 May of that year, the unsolicited file was sent, according to sources who spoke to the Guardian on the condition of anonymity.

Large amounts of data were exfiltrated from Bezos's phone within hours, according to a person familiar with the matter. The Guardian has no knowledge of what was taken from the phone or how it was used.

The extraordinary revelation that the future king of Saudi Arabia may have had a personal involvement in the targeting of the American founder of Amazon will send shockwaves from Wall Street to Silicon Valley.

Previously: Saudi Arabia's Government Allegedly Hacked Into Jeff Bezos's Phone


Original Submission

The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit 8 comments

The Citizen Lab found that the iPhones of dozens of journalists were hacked using an invisible zero-day zero-click exploit in iMessage.

The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit:

Summary & Key Findings

  • In July and August 2020, government operatives used NSO Group's Pegasus spyware to hack 36 phones belonging to journalists and employees at Al Jazeera. The phone of a journalist at London-based Al Araby TV was also hacked.
  • The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple's then-latest iPhone 11.
  • Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.
  • The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.
  • We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system.
  • Given the global reach of NSO Group's customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a miniscule fraction of the total attacks leveraging this exploit.

There are other findings which are then followed by an in-depth analysis of a few infections. The story concludes with an admonition to "Update your iOS Device Immediately":

U.S. Places Sanctions on NSO Group, Peddler of Pegasus Spyware 33 comments

The U.S. Blacklists Makers of Cops' Favorite iPhone Hacking Tool:

NSO Group, an Israeli surveillance firm whose spyware has been peddled to authoritarian governments around the world, has been sanctioned by the U.S. Commerce Department. The new restrictions, which the agency announced in a press release Wednesday, will limit the degree to which American companies can provide parts or services to NSO—a decision that could seriously hobble the vendor's business.

NSO is best known for its commercial malware "Pegasus," a product that can infiltrate smartphones and silently pilfer their contents—from text messages to voice calls to photos. The company also sells a creepy "zero-click" exploit, the likes of which apparently requires no phishing and is said to take advantage of security flaws inherent in iPhones and Android devices to compromise them. In September, it was reported that some 1.65 billion Apple devices had been vulnerable to NSO's malware for a period of several months.

See also: US Cuts Off Pegasus Developer: What You Need To Know About This Spyware

Previously: Israeli Firm NSO Linked to WhatsApp Hack, Faces Lawsuit Backed by Amnesty International
Saudi Crown Prince's WhatsApp Account Reportedly Used to Hack Jeff Bezos
The Great iPwn -- Journalists Hacked with Suspected NSO Group iMessage 'Zero-Click' Exploit
Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses


Original Submission #1Original Submission #2

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Flamebait) by HammeredGlass on Tuesday July 20 2021, @12:40AM (5 children)

    by HammeredGlass (12241) on Tuesday July 20 2021, @12:40AM (#1158115)

    Nothing to see here.

    • (Score: 2) by Azuma Hazuki on Tuesday July 20 2021, @01:28AM (3 children)

      by Azuma Hazuki (5086) on Tuesday July 20 2021, @01:28AM (#1158123) Journal

      Care to explain that subject line? I come from NYC and there's only one hand gesture in common use there, which looks a little something a-like-a-this: t("t)

      --
      I am "that girl" your mother warned you about...
      • (Score: 0) by Anonymous Coward on Tuesday July 20 2021, @02:27AM

        by Anonymous Coward on Tuesday July 20 2021, @02:27AM (#1158134)

        Around here, we haven't quite got the hang of it, and it looks to me kinda like a "::!:,"

      • (Score: 1) by HammeredGlass on Tuesday July 20 2021, @01:31PM (1 child)

        by HammeredGlass (12241) on Tuesday July 20 2021, @01:31PM (#1158243)

        Handwaves = a la Ben Kenobi

        The rest = various "chosen" power centers, whom you are mistaken for ever having done anything wrong

        • (Score: 2) by Azuma Hazuki on Tuesday July 20 2021, @04:58PM

          by Azuma Hazuki (5086) on Tuesday July 20 2021, @04:58PM (#1158321) Journal

          Sorry, I'm not getting this. "Chosen" in what regard, by whom, and what does that last malformed clause in there even mean? Smaller, more direct words, for the people in the back.

          --
          I am "that girl" your mother warned you about...
    • (Score: 0) by Anonymous Coward on Tuesday July 20 2021, @01:29AM

      by Anonymous Coward on Tuesday July 20 2021, @01:29AM (#1158124)

      The Gestapo would be proud.

  • (Score: 5, Insightful) by Runaway1956 on Tuesday July 20 2021, @12:53AM (6 children)

    by Runaway1956 (2926) Subscriber Badge on Tuesday July 20 2021, @12:53AM (#1158118) Journal

    "Just because we make the tools criminals need, doesn't make us criminal. Nope, it doesn't even make us complicit in the criminal's crimes! If we don't provide the criminals with their tools, somebody else will!"

    And, it's not even that simple, really. To make things worse, they will only sell to criminals. If an honest researcher wants to buy their products and services? "Nope, you can't have this stuff! Only bona fide human rights violators need apply!"

    • (Score: -1, Troll) by Anonymous Coward on Tuesday July 20 2021, @03:19AM (5 children)

      by Anonymous Coward on Tuesday July 20 2021, @03:19AM (#1158145)

      "Just because we make the tools guns criminals need, doesn't make us criminal. Nope, it doesn't even make us complicit in the criminal's crimes! If we don't provide the criminals with their tools guns, somebody else will!"

      FTFY.
      Now, let me watch you rushing to explain how gun makers are different.

      • (Score: 2, Informative) by khallow on Tuesday July 20 2021, @11:00AM

        by khallow (3766) Subscriber Badge on Tuesday July 20 2021, @11:00AM (#1158216) Journal
        For starters, the vast majority of the gun makers' customers are law abiding and peaceful. Runaway is claiming that isn't so for this company.
      • (Score: 2) by Runaway1956 on Tuesday July 20 2021, @03:22PM (3 children)

        by Runaway1956 (2926) Subscriber Badge on Tuesday July 20 2021, @03:22PM (#1158280) Journal

        Ahhhhh, but guns have thousands of legitimate uses, none of which involves killing people. Informal anecdotal evidence says that Suzy Q. Homemaker bought a lot of guns in the last 2 years.

        Lockpicks, on the other hand, are most commonly used by criminals, or locksmiths. I just don't see lockpicks being picked up in Walmart, Dick's Sporting goods, or Home Depot by Suzy Q. Homemaker.

        • (Score: 0) by Anonymous Coward on Tuesday July 20 2021, @05:40PM (2 children)

          by Anonymous Coward on Tuesday July 20 2021, @05:40PM (#1158335)

          https://covertinstruments.com/ [covertinstruments.com]

          Lockpicking tools help you get good.

          • (Score: 2) by Runaway1956 on Tuesday July 20 2021, @06:32PM (1 child)

            by Runaway1956 (2926) Subscriber Badge on Tuesday July 20 2021, @06:32PM (#1158366) Journal

            FWIW, I don't like those all-in-one kits that all fit into the same handle. I want a pack of individual picks easily separated, same as I want my allen wrenches, Torx wrenches, etc.

            Among the more amusing reactions of managers and supervisors, is when you're asked to "cut a lock" somewhere, but you just whip out a set of picks. Eyes bug out, and the dumber ones ask, "Are those legal?"

            • (Score: 0) by Anonymous Coward on Wednesday July 21 2021, @04:52AM

              by Anonymous Coward on Wednesday July 21 2021, @04:52AM (#1158643)

              when you're asked to "cut a lock"

              Do you donate it to Wigs For Kids [wigsforkids.org] or Locks of Love? [locksoflove.org]

  • (Score: 3, Insightful) by looorg on Tuesday July 20 2021, @01:42AM (3 children)

    by looorg (578) on Tuesday July 20 2021, @01:42AM (#1158129)

    to spy on rights activists, dissidents and journalists ... to target journalists, dissidents and opposition politicians ... authoritarian regimes ... targeting terrorists and criminals.

    One can only assume that in the eyes of an authoritarian regime said people/groups are criminals. Problem, if there even was one, solved as far as they and NOS are concerned.

    Will be interesting to see if they can whip up a shit-storm about it or if it will fall flat.

    • (Score: -1, Flamebait) by Anonymous Coward on Tuesday July 20 2021, @04:27AM (2 children)

      by Anonymous Coward on Tuesday July 20 2021, @04:27AM (#1158156)

      What if the authoritarian regimes are criminal? A Mexican journalist was just assassinated as a result of Pegasus, and the people who gunned him down conveniently took his phone right before they split.

      Everybody and their fucking mom knows that the cartels run the Mexican Government. Those who doubt it can look up the Culiacan incident in which the Government had El Chapo's son, but had to release him because the cartels were too strong and violent militarily. Political theory is full of examples of what happens when the state loses their monopoly on violence. Israeli companies who enable this shit, in Mexico, cannot possibly hide behind the, "B-b-but we vet all of our customers" bullshit.

      Now I'll explain where the Jews fit into this. El Chapo's wife is publicly Jewish, [nypost.com] and the greater symbolism here is that Mexican Cartels, like the state of Israel, are international crime syndicates...perhaps even cooperating and operating under the same umbrella. Mexican commandos, who work for the government, a government run by cartels, are trained by Israelis. [mintpressnews.com] One might suggest that the CIA is the primary driver of cartel training and violence, but the CIA might as well be considered Mossad just as the Mexican government might as well be considered the cartels. It is estimated that 25% of Mexicans are Jewish, [timesofisrael.com] converso Jews who fled Europe during the inquisition. By my estimate, the rate of Jewish ancestry in Mexico is a much higher figure, as evidenced by their "gimme gimme" attitudes and lack of foresight in how they piss off everybody around them just to get their gimmies.

      • (Score: 3, Insightful) by Opportunist on Tuesday July 20 2021, @06:40AM

        by Opportunist (5545) on Tuesday July 20 2021, @06:40AM (#1158179)

        No government in the history of mankind labeled itself criminal. And since they're the ones making the laws...

      • (Score: 1) by khallow on Tuesday July 20 2021, @11:06AM

        by khallow (3766) Subscriber Badge on Tuesday July 20 2021, @11:06AM (#1158217) Journal

        but the CIA might as well be considered Mossad just as the Mexican government might as well be considered the cartels.

        How about in a world where we don't conflate different organizations like you just did?

        It is estimated that 25% of Mexicans are Jewish, converso Jews who fled Europe during the inquisition. By my estimate, the rate of Jewish ancestry in Mexico is a much higher figure, as evidenced by their "gimme gimme" attitudes and lack of foresight in how they piss off everybody around them just to get their gimmies.

        You do realize that every human has problems with that? Your post is an example of the absurdity of shoehorning human dysfunctionality into one frivolous metric.

  • (Score: -1, Spam) by Anonymous Coward on Tuesday July 20 2021, @02:40AM (1 child)

    by Anonymous Coward on Tuesday July 20 2021, @02:40AM (#1158137)

    Schlomo and Chaim get jobs in Apple, Broadcom, or Qualcomm through nepotism. Schlomo and Chaim also have cousins in Israel who are current security entrepreneurs and former intelligence operatives. All mentioned so far have connections to unit 8200. Schlomo and Chaim discover existing zero-days or insert them in solidarity of global Jewry. Schlomo and Chaim's entrepreneurial cousins in Israel somehow "discover" said zero-days. Schlomo's cousin's startup makes money from exploring said zero-days (e.g. PEGASUS), Chaim's cousin's startup makes money from "discovering" the zero-days after a set period of time and certain conditions met, then uses the discovery to sell his security business. Schlomo's cousin and Chaim's cousin are both good buddies, by the way.

    One would assume that business is lucrative, but not lucrative enough for Jews. Which is why Schlomo and Chaim also have side-hustles exfiltrating their employers' drawings, schematics, and specifications; then selling them to China.

    I know, I know, it's kind of confusing, it makes my poor little head spin! But after you grok it a few times, you too will want in on the action!

    • (Score: -1, Troll) by Anonymous Coward on Tuesday July 20 2021, @03:41AM

      by Anonymous Coward on Tuesday July 20 2021, @03:41AM (#1158146)

      And then when Shoa 2.0 comes, 'they' will all scream and complain. But now 'they' are sowing seeds and watering them copiously. Harvest day will be a mess.

  • (Score: -1, Flamebait) by Anonymous Coward on Tuesday July 20 2021, @05:58AM

    by Anonymous Coward on Tuesday July 20 2021, @05:58AM (#1158174)

    It's hard to be a Jew, eh? No better than the "good ol' days," eh?

    I would rather be an impoverished Somalian fisherman.

    Well, almost, but not quite, but almost.

  • (Score: 2) by rigrig on Tuesday July 20 2021, @08:16AM

    by rigrig (5129) Subscriber Badge <soylentnews@tubul.net> on Tuesday July 20 2021, @08:16AM (#1158192) Homepage

    At best we will get a bit of obligatory outrage from governments (because you're not supposed to get caught).
    Whoever leaked this list should have added a few "important" people, I bet you'd get an actual reaction if it looked like OPEC countries were spying on Big Oil CEOs.

    --
    No one remembers the singer.
(1)