A fortnight ago I tipped Mr. Silverstein about this abuse when I read and briefly researched the topic:
○ Everything We Know About NSO Group: The Professional Spies Who Hacked iPhones With A Single Text | Forbes |
○ NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender | CitizenLab |
Richard Silverstein expanded the research and wrote an excellent article published at Mint Press this week …
Private Eyes: Internet Watchdog Exposes Israeli Tech Company’s `Government-Exclusive’ Spyware
After investigating some suspicious text messages sent to an Emirati human rights activist in early August, researchers at the University of Toronto’s internet watchdog Citizen Lab and Lookout Security announced on Aug. 24 that they’d detected the most sophisticated mobile hacking tool ever developed.
The spyware, known as Pegasus, was created by the secretive cyber warfare firm NSO Group, one of the many high-tech startups that has emerged from Israel’s advanced military technology sector. These firms, and the hoards of veteran hackers they employ, offer cutting edge products to the internet security industry. But they also offer their clients — which include a host of totalitarian regimes and nanny states — the opportunity to intrude on the digital privacy of private citizens and engage in industrial espionage or illicit surveillance.
Pegasus targets victims via a link sent in a text message, a process known as the “one-click” variant. The link opens to a site which automatically downloads the software onto the victim’s iPhone, allowing it to harvest the data from, and control, virtually every function of the device, from phone calls, location tracking and email, to the camera and apps, without the user or the phone realizing it.
Rather than clicking the links in the texts, however, Ahmed Mansoor, the human rights activist, sent them to Citizen Lab researchers, who eventually connected the dots between the “exploit infrastructure” contained in the text messages and NSO Group.
Although the FBI reportedly bought an exploit from an unknown company to break into the iPhone of one of the San Bernardino terrorists, Pegasus is the first known piece of software capable of “jailbreaking” the iPhone 6 remotely. The “beauty” of the product is that it circumvents the mobile provider and internet service provider, which traditionally must give permission to security services to snoop on their customers.
And, as Citizen Lab noted, Pegasus is “a government-exclusive `lawful intercept’ spyware product.” It’s not available to the general public or even savvy non-state clients willing to pay top dollar for the ultra-sophisticated spyware.
“The high cost of iPhone zero-days [software vulnerabilities unknown to the vendor], the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting,” Citizen Lab reported.
…
In 2013, the Financial Times’ John Reed sat down with Lavie and Yair Pecht, NSO’s chief executive, to discuss the company. Reed reported:“NSO emphasises that its business with foreign governments and government agencies is subject to approval from Israel’s defense ministry, which screens and monitors them before giving the green light. NSO will not say who its clients are, but its executives have visited about 35 countries over the past 18 months, they say.”
Not much has changed in the intervening years. In a statement released after Citizen Lab connected the dots between the spyware and NSO, the company stated that its mission was to provide “authorized governments with technology that helps them combat terror and crime,” according to Business Insider.
…
The IDF’s Unit 8200, which intercepts communications and penetrates the security systems of Israel’s Arab enemies, is the largest single unit in the Israeli army. It enjoys privileged status in terms of resources allocated to it, and its veterans exit the military with the brightest job prospects of anyone in the service.On 11 September 2013, The Guardian released a leaked document provided by Edward Snowden which reveals how Unit 8200, referred to as ISNU, receives raw, unfiltered data of U.S. citizens, as part of a secret agreement with the U.S. National Security Agency: link here. [Source EFF and Glenn Greenwald on security and liberty]
