Report: 6 Palestinian human rights activists hacked by NSO spyware

0

JERUSALEM – Security researchers announced Monday that six Palestinian human rights activists had discovered spyware from infamous Israeli hacker-for-hire company NSO Group, half of which are affiliated with groups that Israel’s Defense Minister controversially claimed are in Terrorism involved.

The reveal marks the first known case of Palestinian activists attacked by the Pegasus military spyware. Their use against journalists, human rights activists and political dissidents from Mexico to Saudi Arabia has been documented since 2015.

Successful Pegasus infection secretly gives intruders access to everything a person stores and does on their phone, including real-time communication.

It’s not clear who brought the NSO spyware onto activists’ phones, said the researcher who first discovered it, Mohammed al-Maskati of the nonprofit Frontline Defenders.

Shortly after the first two intruders were identified in mid-October, Israeli Defense Minister Benny Gantz declared six Palestinian civil society groups to be terrorist organizations. Ireland-based Frontline Defenders and at least two of the victims say they view Israel as the prime suspect and believe the designation may have been timed to try to overshadow the discovery of the hacks, even though they have provided no evidence to back them up To substantiate claims.

Israel has presented little evidence publicly in support of the terrorist label, which Palestinian groups say is aimed at drying up their funding and silencing opposition to Israeli military rule. Three of the hacked Palestinians work for civil society groups. The others don’t and want to remain anonymous, says Frontline Defenders.

The forensic findings, independently confirmed in a joint technical report by security researchers at Amnesty International and the University of Toronto Citizen Lab, stem from the NSO Group’s mounting condemnation for the misuse of its spyware, and Israel advocates lax oversight of its digital surveillance industry.

Last week the Biden government blacklisted the NSO group and a lesser-known Israeli competitor, Candiru, and banned them from US technology.

When raised on the allegations that its software was used against Palestinian activists, the NSO Group said in a statement that it does not identify its customers for contractual and national security reasons, is not privy to whom they are hacking and is only sent to government agencies for use against “serious threats.” Crime and Terror. “

An Israeli defense official said in a brief statement that the naming of the six organizations was based on solid evidence and that any claim relating to the use of NSO software was unfounded. The statement did not provide any further details and officials declined requests for further comments. The officer spoke on condition of anonymity to discuss security issues.

The Israel Defense Ministry clears the export of spyware produced by the NSO Group and other private Israeli companies recruiting from the country’s top cyber-enabled military units. Critics consider the process to be intransparent.

It is not known exactly when and how the phones were breached, security researchers said. But four of the six hacked iPhones used only SIM cards issued by Israeli telecommunications companies with Israeli +972 area codes, Citizen Lab and Amnesty researchers said. This led them to question claims by the NSO Group that exported versions of Pegasus cannot be used to hack Israeli phone numbers. The NSO Group has also said it is not targeting US numbers.

Among the hacked was Ubai Aboudi, a 37-year-old economist and US citizen. He heads the seven-person Bisan Research and Development Center in Ramallah in the Israeli-occupied West Bank, one of the six groups that Gantz cursed terrorist allegations on October 22nd.

The other two hacked Palestinians who agreed to be named are researcher Ghassan Halaika of the Al-Haq rights group and lawyer Salah Hammouri of Addameer, also a human rights organization. The other three named groups are Defense for Children International-Palestine, the Union of Palestinian Women’s Committees, and the Union of Agricultural Working Committees.

Aboudi said he had lost “any sense of security” to the “dehumanizing” hack of a phone by his side day and night with photos of his three children. He said his wife “didn’t sleep at the thought of breaking so deep into our privacy” for the first three nights after learning of the hack.

He was particularly concerned that eavesdroppers were privy to his communications with foreign diplomats. The researchers’ examination of Aboudi’s phone revealed that it was infected with Pegasus in February.

Aboudi accused Israel of “sticking the terrorist logo” on the groups after failing to persuade European governments and others to stop funding.

Israel says the groups are affiliated with the Popular Front for the Liberation of Palestine, a left-wing political faction with an armed wing that has killed Israelis. Israeli and Western governments view the PFLP as a terrorist group. Aboudi served a 12-month sentence last year after being convicted of involvement in the PFLP, but denies ever being part of the group.

Tehilla Shwartz Altshuler, a legal expert at the Israel Democracy Institute, described the results as “really worrying,” especially when it is proven that Israel’s security agencies, which are largely exempt from the country’s data protection laws, have used commercial spyware from the NSO Group.

“This actually complicates the government’s relationship with the NSO,” Altshuler said, when the government is indeed both a customer and a regulator in a secret relationship.

Frontline Defenders executive director Andrew Anderson said the NSO group could not be trusted to ensure that their spyware is not being used illegally by its customers, and says Israel should face international allegations if it does the company does not calm down.

“If the Israeli government refuses to take action, it should have ramifications for regulating trade with Israel,” he said via email.

Al-Maskati, the researcher who discovered the hacks, said he was first alerted on October 16 by Halaika, whose phone was hacked in July 2020. Al-Haq maintains, among other things, sensitive communication with the International Criminal Court regarding alleged human rights violations.

“As human rights defenders living under occupation, we assume that it was the (Israeli) occupation,” said Halaika when asked who he thought was behind the hack.

The phone of the third named hacker victim, Hammouri, was apparently compromised in April, the researchers said. Hammouri, a French dual citizen who lives in Jerusalem, previously served a seven-year prison sentence for security violations and Israel regards him as a PFLP agent, allegations he denies.

Declined to speculate who was behind the hack, Hammouri said, “We need to find out who had the ability and who had the motive.”

After Halaika alerted him, Al-Maskati said he scanned 75 phones belonging to Palestinian activists and found the six infections. He was unable to determine how the phones were hacked, he said, despite the evidence found suggesting the use of an NSO Group exploit called an “iMessage zero-click” used on iPhones. The exploit is very effective and does not require user intervention, as is usually the case with phishing attempts.

Facebook has sued the NSO Group for using a similar exploit allegedly infiltrated through its globally popular encrypted WhatsApp messaging app.

A spate of new revelations about the hacking of public figures – including Hungarian investigative journalists, the fiancée of murdered Saudi journalist Jamal Khashoggi, and an ex-wife of the ruler of Dubai – has come since a consortium of international news organizations on a list in July possible monitoring objectives of the NSO group. The list was taken from an unnamed source by Amnesty International and Paris-based nonprofit journalism Forbidden Stories. Among those listed was an Associated Press journalist.

From this list of 50,000 phone numbers, reporters from various news organizations were able to confirm at least 47 other successful hacks, reported the Washington Post. The NSO Group denied having ever kept such a list.

——

Bajak reported from Lima, Peru.

Share.

About Author

Leave A Reply