“These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.”
New Delhi: Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….”
Here are the people confirmed to have been notified by Apple about the attempts to compromise their iPhones:
1. Mahua Moitra (Trinamool Congress MP)
2. Priyanka Chaturvedi (Shiv Sena UBT MP)
3. Raghav Chadha (AAP MP)
4. Shashi Tharoor (Congress MP)
5. Asaduddin Owaisi (AIMIM MP)
6. Sitaram Yechury (CPI(M) general secretary and former MP)
7. Pawan Khera (Congress spokesperson)
8. Akhilesh Yadav (Samajwadi Party president)
9. Siddharth Varadarajan (founding editor, The Wire)
10. Sriram Karri (resident editor, Deccan Chronicle)
11. Samir Saran (president, Observer Research Foundation)
12. Revathi (independent journalist)
13. K.C. Venugopal (Congress MP)
14. Supriya Shrinate (Congress spokesperson)
15. Multiple people who work in Congress MP Rahul Gandhi’s office
16. Revanth Reddy (Congress MP)
17. T.S. Singhdeo (Chhattisgarh deputy CM and Congress leader)
18. Ravi Nair (journalist, OCCRP)
19. K.T. Rama Rao (Telangana minister and BRS leader)
20. Anand Mangnale (regional editor, South Asia, OCCRP)
The email titled “ALERT: State-sponsored attackers may be targeting your iPhone” goes on to say, “These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.”
It urges the recipients, “While it’s possible this is a false alarm, please take this warning seriously.”
While the language of Apple’s warning is identical to what the phone manufacturer has used in the past to alert victims of spyware around the world, the fact that at least five persons in India received the same alert at the same time (11:45 pm on October 30, 2023) suggests those being targeted are part of an India-specific cluster.
In a statement on Tuesday, Apple said, “Apple does not attribute the threat notifications to any specific state-sponsored attacker.”
These threat notifications were enabled by the company in 2021, and since then such notifications have reportedly been sent to individuals in nearly 150 countries.
Shiv Sena MP Priyanka Chaturvedi has tweeted the mail.
Moitra also took to Twitter to highlight the alert:
Received text & email from Apple warning me Govt trying to hack into my phone & email.
@HMOIndia
– get a life. Adani & PMO bullies – your fear makes me pity you.
Khera too shared the message he got from Apple on X and asked, “Dear Modi Sarkar, why are you doing this?”
“Glad to keep underemployed officials busy at the expenses of taxpayers like me! Nothing more important to do?” Congress MP Shashi Tharoor said while posting about the attack.
Congress leader Rahul Gandhi held a press conference on the matter, in which he accused the Narendra Modi government of doing everything possible to hide that they had “sold the government to Adani”. “Hack us all you want,” he said, “but we will not stop questioning you.” He also said that the government is going out of its way to distract from demands from a caste census. “Who is Adani really stealing from?” he asked, and responded that it was the common people, the marginalised, who were paying the price.
The others whom The Wire can confirm have received the warning from Apple are well-known people who are open critics of the Narendra Modi government.
“The reports of threat notifications from Apple need to be taken very seriously and require investigation to determine the source and the extent of the malware attack. Given Indians – specially journalists, parliamentarians and constitutional functionaries – have also reportedly been targeted with Pegasus in the past it is a matter of deep concern for our democracy,” Prateek Waghre, policy director of the Internet Freedom Foundation (IFF) told The Wire.
IFF’s founding director Apar Gupta posted on X to explain why these cannot be called “false alarms”.
“Firstly, reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October, 2019, state attackers targeted activists, and in July, 2021 they extended their reach to public officials and journalists. The Union Government has not clearly denied these activities in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile. Secondly, Access Now and Citizen Lab last month have confirmed the validity of Apple’s threat notifications sent to Russian journalists, including Meduza’s publisher. These confirmations lend high credibility to such notifications. Thirdly, Financial Times disclosed in March that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years. These contracts involve companies like the Intellexa Alliance, recently featured in a report called ‘The Predator Files’,” he said.
IT minister and BJP leader Ashwini Vaishnaw claimed that Apple’s notifications were “vague and non-specific”, and questioned whether Apple devices are really secure.
“The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications,” Vaishnaw said. “In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks.”
Varadarajan is among half a dozen journalists in India, including The Wire‘s founding editor M.K. Venu, on whose phones Amnesty International’s Tech Lab found traces of Pegasus.
The Wire has written to Apple for comments on any further information it can share and this story will be updated when it does.
In 2021, the Pegasus Project had confirmed that more than a dozen phones in India – of politicians, journalists, human rights defenders and others – had been infected with the Israeli spyware which hundreds more had likely been targeted, including phones connected with the then Congress president Rahul Gandhi, lawyers, a sitting judge, an election commissioner, the ousted CBI director and family members of such persons also, just before and after the previous general elections in 2019.
The final report of a Supreme Court committee set up to investigate cases of the use of the military grade spyware has yet to be made public. While the Modi government stonewalled demands from the court on whether it had used Pegasus, it has never denied buying and deploying the spyware. The Wire partnered with several global news outlets to unveil the cyber attacks by state-sponsored entities, as the spyware company NSO Group has always maintained it only sold Pegasus to governments. You can read about Project Pegasus here.
The Financial Times ran a report in March this year on alternatives to Pegasus being mulled over for purchase. The Indian government is scouring the globe for spyware it could use which has a “lower profile” than Pegasus.
FT wrote that the Modi government is willing to spend anywhere up to $120 million to obtain the spyware, citing people familiar with the matter. India’s defence ministry declined to comment on the report, the newspaper said.
In one significant case – the Elgar Parishad case in which 16 rights activists, lawyers and academics were arrested – independent cybersecurity companies have found that the activists’ devices were compromised with spyware and this technology was used to plant incriminating ‘evidence’ on the devices.
This is a developing story and will be updated.
If you have received such an email from Apple, please get in touch with us at editorial@thewire.in.
https://thewire.in/rights/apple-india-state-sponsored-spyware
Apple has previously recommended users receiving this alert to activate the Lockdown mode, a security measure unveiled in 2022, aimed at safeguarding individuals like journalists, politicians, attorneys, and human rights advocates from state-sponsored spyware intrusions.
This mode curtails link previews in messages, minimizes Safari functionality by turning off features like just-in-time (JIT) compilers to halt malicious JavaScript execution, restricts users from opening attachments, and disables receipt of FaceTime calls from unfamiliar contacts.
https://techcrunch.com/2023/10/30/i...arned-them-of-state-sponsored-iphone-attacks/
For digital spying technology, it's a doozy of a case. Security researchers have revealed evidence of attempted or successful installations of Pegasus, software made by Israel-based cybersecurity company NSO Group, on phones belonging to activists, rights workers, journalists and businesspeople. They appear to have been targets of secret surveillance by software that's intended to help governments pursue criminals and terrorists, and as the months go by, more and more Pegasus infections are emerging.
The most recent revelation is that Pegasus infected the phones of at least 30 Thai activists, according to a July report from Citizen Lab, a Canadian security organization at the University of Toronto. Apple warned those with infected phones in November.
To try to thwart such attacks, Apple has built a new Lockdown Mode into iOS 16, its iPhone software update due to arrive later in 2022, and into its upcoming MacOS Ventura.
The US government is one of the most powerful forces unleashed against Pegasus — even though the CIA and FBI were Pegasus customers, as reported by The New York Times in January. The US Justice Department has launched a criminal investigation, The Guardian said in February, after a whistleblower said NSO Group offered "bags of cash" for sensitive mobile phone data from a US tech firm, Mobileum. The spyware was found on the phones of at least nine State Department officials who were either based in Uganda or involved in matters associated with the African country, Reuters and The New York Times reported in December.
Pegasus is the latest example of how vulnerable we all are to digital prying. Our phones store our most personal information, including photos, text messages and emails. Spyware can reveal directly what's going on in our lives, bypassing the encryption that protects data sent over the internet.
Pegasus has been a politically explosive issue that's put Israel under pressure from activists and from governments worried about misuse of the software. In November, the US federal government took much stronger action, blocking sale of US technology to NSO by putting the company on the government's Entity List. NSO has suspended some countries' Pegasus privileges but has sought to defend its software and the controls it tries to place on its use. NSO Group didn't respond to a request for comment, and the Justice Department declined to comment.
Here's what you need to know about Pegasus.
Hulio co-founded the company in 2010. NSO also offers other tools that locate where a phone is being used, defend against drones and mine law enforcement data to spot patterns.
NSO has been implicated by previous reports and lawsuits in other hacks, including a reported hack of Amazon founder Jeff Bezos in 2018. A Saudi dissident sued the company in 2018 for its alleged role in hacking a device belonging to journalist Jamal Khashoggi, who had been murdered inside the Saudi embassy in Turkey that year.
New Yorker coverage details some of NSO Group's inner workings, including its argument that Pegasus is similar to military equipment that countries routinely sell to other countries, the company's tight ties to the Israeli government and its recent financial difficulties. It also revealed that NSO employees posted on the wall a detailed Google analysis of one Pegasus attack mechanism that concludes its NSO's abilities "rival those previously thought to be accessible to only a handful of nation states."
In the case of the Thai activists, NSO Group didn't comment specifically but told the Washington Post, "Politically motivated organizations continue to make unverifiable claims against NSO."
General security practices like updating your software and using two-factor authentication can help keep mainstream hackers at bay, but protection is really hard when expert, well-funded attackers concentrate their resources on an individual. And Pegasus installations have employed "zero click" attacks that take advantage of vulnerabilities in software like Apple Messages or Meta's WhatsApp to silently install software.
Pegasus isn't supposed to be used to go after activists, journalists and politicians. "NSO Group licenses its products only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime," the company says on its website. "Our vetting process goes beyond legal and regulatory requirements to ensure the lawful use of our technology as designed."
Human rights group Amnesty International, however, documents in detail how it traced compromised smartphones to NSO Group. Citizen Lab said it independently validated Amnesty International's conclusions after examining phone backup data and since 2021 has expanded its Pegasus investigations.
In September, though, Apple fixed a security hole that Pegasus exploited for installation on iPhones. Malware often uses collections of such vulnerabilities to gain a foothold on a device and then expand privileges to become more powerful. NSO Group's software also runs on Android phones.
The news sites confirmed the identities of many of the individuals on the list and infections on their phones. Of data from 67 phones on the list, 37 exhibited signs of Pegasus installation or attempted installation, according to The Washington Post. Of those 37 phones, 34 were Apple iPhones.
The list of 50,000 phone numbers included 10 prime ministers, three presidents and a king, according to an international investigation released in mid-July by The Washington Post and other media outlets, though there's no proof that being on the list means an NSO attack was attempted or successful.
The episode hasn't helped Apple's reputation when it comes to device security. "We take any attack on our users very seriously," Federighi said. The company said it'll donate $10 million and any damages from the lawsuit to organizations that are advocating for privacy and are pursuing research on online surveillance. That's a drop in the bucket for Apple, which reported a profit of $20.5 billion for its most recent quarter, but it can be significant for much smaller organizations, like Citizen Lab.
In addition to Mangin, two journalists at Hungarian investigative outlet Direkt36 had infected phones, The Guardian reported.
A Pegasus attack was launched on the phone of Hanan Elatr, wife of murdered Saudi columnist Jamal Khashoggi, The Washington Post said, though it wasn't clear if the attack succeeded. But the spyware did make it onto the phone of Khashoggi's fiancee, Hatice Cengiz, shortly after his death.
Seven people in India were found with infected phones, including five journalists and one adviser to the opposition party critical of Prime Minister Narendra Modi, The Washington Post said.
And six people working for Palestinian human rights groups had Pegasus-infected phones, Citizen Lab reported in November.
Apple sued NSO Group in November, seeking to bar the company's software from being used on Apple devices, require NSO to locate and delete any private data its app collected, and disclose the profits from the operations. "Private companies developing state-sponsored spyware have become even more dangerous," said Apple software chief Craig Federighi. That suit came after Meta's WhatsApp sued NSO Group in 2019.
French President Emmanuel Macron changed one of his mobile phone numbers and requested new security checks after his number appeared on the list of 50,000 numbers, Politico reported. He convened a national security meeting to discuss the issue. Macron also raised Pegasus concerns with Israeli Prime Minister Naftali Bennett, calling for the country to investigate NSO and Pegasus, The Guardian reported. The Israeli government must approve export licenses for Pegasus.
Israel created a review commission to look into the Pegasus situation. And on July 28, Israeli defense authorities inspected NSO offices in person.
European Commission chief Ursula von der Leyen said if the allegations are verified, that Pegasus use is "completely unacceptable." She added, "Freedom of media, free press is one of the core values of the EU."
The Nationalist Congress Party in India demanded an investigation of Pegasus use.
Edward Snowden, who in 2013 leaked information about US National Security Agency surveillance practices, called for a ban on spyware sales in an interview with The Guardian. He argued that such tools otherwise will soon be used to spy on millions of people. "When we're talking about something like an iPhone, they're all running the same software around the world. So if they find a way to hack one iPhone, they've found a way to hack all of them," Snowden said.
However, NSO strongly challenges any link to the list of phone numbers. "There is no link between the 50,000 numbers to NSO Group or Pegasus," the company said in a statement.
"Every allegation about misuse of the system is concerning me," Hulio told the Post. "It violates the trust that we give customers. We are investigating every allegation."
In a statement, NSO denied "false claims" about Pegasus that it said were "based on misleading interpretation of leaked data." Pegasus "cannot be used to conduct cybersurveillance within the United States," the company added.
Regarding the alleged infection of State Department phones, NSO Group didn't immediately respond to a request for comment. But it told Reuters it canceled relevant accounts, is investigating, and will take legal action if it finds misuse.
NSO will try to reverse the US government's sanction. "We look forward to presenting the full information regarding how we have the world's most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products," an NSO spokesperson said.
In the past, NSO had also blocked Saudi Arabia, Dubai in the United Arab Emirates and some Mexican government agencies from using the software, The Washington Post reported.
https://www.cnet.com/tech/mobile/pegasus-spyware-and-citizen-surveillance-what-you-need-to-know/
New Delhi: Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….”
Here are the people confirmed to have been notified by Apple about the attempts to compromise their iPhones:
1. Mahua Moitra (Trinamool Congress MP)
2. Priyanka Chaturvedi (Shiv Sena UBT MP)
3. Raghav Chadha (AAP MP)
4. Shashi Tharoor (Congress MP)
5. Asaduddin Owaisi (AIMIM MP)
6. Sitaram Yechury (CPI(M) general secretary and former MP)
7. Pawan Khera (Congress spokesperson)
8. Akhilesh Yadav (Samajwadi Party president)
9. Siddharth Varadarajan (founding editor, The Wire)
10. Sriram Karri (resident editor, Deccan Chronicle)
11. Samir Saran (president, Observer Research Foundation)
12. Revathi (independent journalist)
13. K.C. Venugopal (Congress MP)
14. Supriya Shrinate (Congress spokesperson)
15. Multiple people who work in Congress MP Rahul Gandhi’s office
16. Revanth Reddy (Congress MP)
17. T.S. Singhdeo (Chhattisgarh deputy CM and Congress leader)
18. Ravi Nair (journalist, OCCRP)
19. K.T. Rama Rao (Telangana minister and BRS leader)
20. Anand Mangnale (regional editor, South Asia, OCCRP)
The email titled “ALERT: State-sponsored attackers may be targeting your iPhone” goes on to say, “These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.”
It urges the recipients, “While it’s possible this is a false alarm, please take this warning seriously.”
While the language of Apple’s warning is identical to what the phone manufacturer has used in the past to alert victims of spyware around the world, the fact that at least five persons in India received the same alert at the same time (11:45 pm on October 30, 2023) suggests those being targeted are part of an India-specific cluster.
In a statement on Tuesday, Apple said, “Apple does not attribute the threat notifications to any specific state-sponsored attacker.”
These threat notifications were enabled by the company in 2021, and since then such notifications have reportedly been sent to individuals in nearly 150 countries.
Shiv Sena MP Priyanka Chaturvedi has tweeted the mail.
Moitra also took to Twitter to highlight the alert:
Received text & email from Apple warning me Govt trying to hack into my phone & email.
@HMOIndia
– get a life. Adani & PMO bullies – your fear makes me pity you.
Khera too shared the message he got from Apple on X and asked, “Dear Modi Sarkar, why are you doing this?”
“Glad to keep underemployed officials busy at the expenses of taxpayers like me! Nothing more important to do?” Congress MP Shashi Tharoor said while posting about the attack.
Congress leader Rahul Gandhi held a press conference on the matter, in which he accused the Narendra Modi government of doing everything possible to hide that they had “sold the government to Adani”. “Hack us all you want,” he said, “but we will not stop questioning you.” He also said that the government is going out of its way to distract from demands from a caste census. “Who is Adani really stealing from?” he asked, and responded that it was the common people, the marginalised, who were paying the price.
The others whom The Wire can confirm have received the warning from Apple are well-known people who are open critics of the Narendra Modi government.
“The reports of threat notifications from Apple need to be taken very seriously and require investigation to determine the source and the extent of the malware attack. Given Indians – specially journalists, parliamentarians and constitutional functionaries – have also reportedly been targeted with Pegasus in the past it is a matter of deep concern for our democracy,” Prateek Waghre, policy director of the Internet Freedom Foundation (IFF) told The Wire.
IFF’s founding director Apar Gupta posted on X to explain why these cannot be called “false alarms”.
“Firstly, reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October, 2019, state attackers targeted activists, and in July, 2021 they extended their reach to public officials and journalists. The Union Government has not clearly denied these activities in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile. Secondly, Access Now and Citizen Lab last month have confirmed the validity of Apple’s threat notifications sent to Russian journalists, including Meduza’s publisher. These confirmations lend high credibility to such notifications. Thirdly, Financial Times disclosed in March that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years. These contracts involve companies like the Intellexa Alliance, recently featured in a report called ‘The Predator Files’,” he said.
IT minister and BJP leader Ashwini Vaishnaw claimed that Apple’s notifications were “vague and non-specific”, and questioned whether Apple devices are really secure.
“The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications,” Vaishnaw said. “In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks.”
Varadarajan is among half a dozen journalists in India, including The Wire‘s founding editor M.K. Venu, on whose phones Amnesty International’s Tech Lab found traces of Pegasus.
The Wire has written to Apple for comments on any further information it can share and this story will be updated when it does.
In 2021, the Pegasus Project had confirmed that more than a dozen phones in India – of politicians, journalists, human rights defenders and others – had been infected with the Israeli spyware which hundreds more had likely been targeted, including phones connected with the then Congress president Rahul Gandhi, lawyers, a sitting judge, an election commissioner, the ousted CBI director and family members of such persons also, just before and after the previous general elections in 2019.
The final report of a Supreme Court committee set up to investigate cases of the use of the military grade spyware has yet to be made public. While the Modi government stonewalled demands from the court on whether it had used Pegasus, it has never denied buying and deploying the spyware. The Wire partnered with several global news outlets to unveil the cyber attacks by state-sponsored entities, as the spyware company NSO Group has always maintained it only sold Pegasus to governments. You can read about Project Pegasus here.
The Financial Times ran a report in March this year on alternatives to Pegasus being mulled over for purchase. The Indian government is scouring the globe for spyware it could use which has a “lower profile” than Pegasus.
FT wrote that the Modi government is willing to spend anywhere up to $120 million to obtain the spyware, citing people familiar with the matter. India’s defence ministry declined to comment on the report, the newspaper said.
In one significant case – the Elgar Parishad case in which 16 rights activists, lawyers and academics were arrested – independent cybersecurity companies have found that the activists’ devices were compromised with spyware and this technology was used to plant incriminating ‘evidence’ on the devices.
This is a developing story and will be updated.
If you have received such an email from Apple, please get in touch with us at editorial@thewire.in.
https://thewire.in/rights/apple-india-state-sponsored-spyware
Apple has previously recommended users receiving this alert to activate the Lockdown mode, a security measure unveiled in 2022, aimed at safeguarding individuals like journalists, politicians, attorneys, and human rights advocates from state-sponsored spyware intrusions.
This mode curtails link previews in messages, minimizes Safari functionality by turning off features like just-in-time (JIT) compilers to halt malicious JavaScript execution, restricts users from opening attachments, and disables receipt of FaceTime calls from unfamiliar contacts.
https://techcrunch.com/2023/10/30/i...arned-them-of-state-sponsored-iphone-attacks/
Pegasus Spyware and Citizen Surveillance: Here's What You Should Know
NSO Group's software targeted activists, journalists, politicians and executives. Apple's new Lockdown Mode is designed to thwart it.For digital spying technology, it's a doozy of a case. Security researchers have revealed evidence of attempted or successful installations of Pegasus, software made by Israel-based cybersecurity company NSO Group, on phones belonging to activists, rights workers, journalists and businesspeople. They appear to have been targets of secret surveillance by software that's intended to help governments pursue criminals and terrorists, and as the months go by, more and more Pegasus infections are emerging.
The most recent revelation is that Pegasus infected the phones of at least 30 Thai activists, according to a July report from Citizen Lab, a Canadian security organization at the University of Toronto. Apple warned those with infected phones in November.
To try to thwart such attacks, Apple has built a new Lockdown Mode into iOS 16, its iPhone software update due to arrive later in 2022, and into its upcoming MacOS Ventura.
The US government is one of the most powerful forces unleashed against Pegasus — even though the CIA and FBI were Pegasus customers, as reported by The New York Times in January. The US Justice Department has launched a criminal investigation, The Guardian said in February, after a whistleblower said NSO Group offered "bags of cash" for sensitive mobile phone data from a US tech firm, Mobileum. The spyware was found on the phones of at least nine State Department officials who were either based in Uganda or involved in matters associated with the African country, Reuters and The New York Times reported in December.
Pegasus is the latest example of how vulnerable we all are to digital prying. Our phones store our most personal information, including photos, text messages and emails. Spyware can reveal directly what's going on in our lives, bypassing the encryption that protects data sent over the internet.
Pegasus has been a politically explosive issue that's put Israel under pressure from activists and from governments worried about misuse of the software. In November, the US federal government took much stronger action, blocking sale of US technology to NSO by putting the company on the government's Entity List. NSO has suspended some countries' Pegasus privileges but has sought to defend its software and the controls it tries to place on its use. NSO Group didn't respond to a request for comment, and the Justice Department declined to comment.
Here's what you need to know about Pegasus.
What is NSO Group?
It's an Israel-based company that licenses surveillance software to government agencies. The company says its Pegasus software provides a valuable service because encryption technology has allowed criminals and terrorists to go "dark." The software runs secretly on smartphones, shedding light on what their owners are doing. Other companies provide similar software.Hulio co-founded the company in 2010. NSO also offers other tools that locate where a phone is being used, defend against drones and mine law enforcement data to spot patterns.
NSO has been implicated by previous reports and lawsuits in other hacks, including a reported hack of Amazon founder Jeff Bezos in 2018. A Saudi dissident sued the company in 2018 for its alleged role in hacking a device belonging to journalist Jamal Khashoggi, who had been murdered inside the Saudi embassy in Turkey that year.
New Yorker coverage details some of NSO Group's inner workings, including its argument that Pegasus is similar to military equipment that countries routinely sell to other countries, the company's tight ties to the Israeli government and its recent financial difficulties. It also revealed that NSO employees posted on the wall a detailed Google analysis of one Pegasus attack mechanism that concludes its NSO's abilities "rival those previously thought to be accessible to only a handful of nation states."
In the case of the Thai activists, NSO Group didn't comment specifically but told the Washington Post, "Politically motivated organizations continue to make unverifiable claims against NSO."
What is Pegasus?
Pegasus is NSO's best-known product. It can be installed remotely without a surveillance target ever having to open a document or website link, according to The Washington Post. Pegasus reveals all to the NSO customers who control it — text messages, photos, emails, videos, contact lists — and can record phone calls. It can also secretly turn on a phone's microphone and cameras to create new recordings, The Washington Post said.General security practices like updating your software and using two-factor authentication can help keep mainstream hackers at bay, but protection is really hard when expert, well-funded attackers concentrate their resources on an individual. And Pegasus installations have employed "zero click" attacks that take advantage of vulnerabilities in software like Apple Messages or Meta's WhatsApp to silently install software.
Pegasus isn't supposed to be used to go after activists, journalists and politicians. "NSO Group licenses its products only to government intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and serious crime," the company says on its website. "Our vetting process goes beyond legal and regulatory requirements to ensure the lawful use of our technology as designed."
Human rights group Amnesty International, however, documents in detail how it traced compromised smartphones to NSO Group. Citizen Lab said it independently validated Amnesty International's conclusions after examining phone backup data and since 2021 has expanded its Pegasus investigations.
In September, though, Apple fixed a security hole that Pegasus exploited for installation on iPhones. Malware often uses collections of such vulnerabilities to gain a foothold on a device and then expand privileges to become more powerful. NSO Group's software also runs on Android phones.
Security checkup
- 7 things data privacy experts wish you knew about app security
- Browser privacy settings you need to change right away: Chrome, Firefox and more
- Top US Catholic church official resigns amid link to brokered cellphone data
- Venmo settings to change ASAP: Start by making your transactions private
Why is Pegasus in the news?
Forbidden Stories, a Paris journalism nonprofit, and Amnesty International, a human rights group, shared with 17 news organizations a list of more than 50,000 phone numbers for people believed to be of interest to NSO customers.The news sites confirmed the identities of many of the individuals on the list and infections on their phones. Of data from 67 phones on the list, 37 exhibited signs of Pegasus installation or attempted installation, according to The Washington Post. Of those 37 phones, 34 were Apple iPhones.
The list of 50,000 phone numbers included 10 prime ministers, three presidents and a king, according to an international investigation released in mid-July by The Washington Post and other media outlets, though there's no proof that being on the list means an NSO attack was attempted or successful.
The episode hasn't helped Apple's reputation when it comes to device security. "We take any attack on our users very seriously," Federighi said. The company said it'll donate $10 million and any damages from the lawsuit to organizations that are advocating for privacy and are pursuing research on online surveillance. That's a drop in the bucket for Apple, which reported a profit of $20.5 billion for its most recent quarter, but it can be significant for much smaller organizations, like Citizen Lab.
Whose phones did Pegasus infect?
In April, Citizen Lab also revealed that Pegasus infected the phones of at least 51 people in the Catalonia region of Spain. NSO Group Chief Executive Shalev Hulio told The New Yorker, which covered the hacks in depth, that Spain has procedures to ensure such use is legal, but Citizen Lab said Pegasus attacks targeted the phone of Jordi Solé, a pro-independence member of the European Parliament, digital security researcher Elies Campo and Campo's parents, according to the New Yorker. Catalonia is seeking political independence from Spain, but Spanish police have cracked down on the independence movement.In addition to Mangin, two journalists at Hungarian investigative outlet Direkt36 had infected phones, The Guardian reported.
A Pegasus attack was launched on the phone of Hanan Elatr, wife of murdered Saudi columnist Jamal Khashoggi, The Washington Post said, though it wasn't clear if the attack succeeded. But the spyware did make it onto the phone of Khashoggi's fiancee, Hatice Cengiz, shortly after his death.
Seven people in India were found with infected phones, including five journalists and one adviser to the opposition party critical of Prime Minister Narendra Modi, The Washington Post said.
And six people working for Palestinian human rights groups had Pegasus-infected phones, Citizen Lab reported in November.
What are the consequences of the Pegasus situation?
The US cut off NSO Group as a customer of US products, a serious move given that the company needs computer processors, phones and developer tools that often come from US companies. NSO "supplied spyware to foreign governments" that used it to maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers. These tools have also enabled foreign governments to conduct transnational repression," the Commerce Department said.Apple sued NSO Group in November, seeking to bar the company's software from being used on Apple devices, require NSO to locate and delete any private data its app collected, and disclose the profits from the operations. "Private companies developing state-sponsored spyware have become even more dangerous," said Apple software chief Craig Federighi. That suit came after Meta's WhatsApp sued NSO Group in 2019.
French President Emmanuel Macron changed one of his mobile phone numbers and requested new security checks after his number appeared on the list of 50,000 numbers, Politico reported. He convened a national security meeting to discuss the issue. Macron also raised Pegasus concerns with Israeli Prime Minister Naftali Bennett, calling for the country to investigate NSO and Pegasus, The Guardian reported. The Israeli government must approve export licenses for Pegasus.
Israel created a review commission to look into the Pegasus situation. And on July 28, Israeli defense authorities inspected NSO offices in person.
European Commission chief Ursula von der Leyen said if the allegations are verified, that Pegasus use is "completely unacceptable." She added, "Freedom of media, free press is one of the core values of the EU."
The Nationalist Congress Party in India demanded an investigation of Pegasus use.
Edward Snowden, who in 2013 leaked information about US National Security Agency surveillance practices, called for a ban on spyware sales in an interview with The Guardian. He argued that such tools otherwise will soon be used to spy on millions of people. "When we're talking about something like an iPhone, they're all running the same software around the world. So if they find a way to hack one iPhone, they've found a way to hack all of them," Snowden said.
What does NSO have to say about this?
NSO acknowledges its software can be misused. It cut off two customers in recent 12 months because of concerns about human rights abuses, according to The Washington Post. "To date, NSO has rejected over US $300 million in sales opportunities as a result of its human rights review processes," the company said in a June transparency report.However, NSO strongly challenges any link to the list of phone numbers. "There is no link between the 50,000 numbers to NSO Group or Pegasus," the company said in a statement.
"Every allegation about misuse of the system is concerning me," Hulio told the Post. "It violates the trust that we give customers. We are investigating every allegation."
In a statement, NSO denied "false claims" about Pegasus that it said were "based on misleading interpretation of leaked data." Pegasus "cannot be used to conduct cybersurveillance within the United States," the company added.
Regarding the alleged infection of State Department phones, NSO Group didn't immediately respond to a request for comment. But it told Reuters it canceled relevant accounts, is investigating, and will take legal action if it finds misuse.
NSO will try to reverse the US government's sanction. "We look forward to presenting the full information regarding how we have the world's most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products," an NSO spokesperson said.
In the past, NSO had also blocked Saudi Arabia, Dubai in the United Arab Emirates and some Mexican government agencies from using the software, The Washington Post reported.
How can I tell if my phone has been infected?
Amnesty International released an open-source utility called MVT (Mobile Verification Toolkit) that's designed to detect traces of Pegasus. The software runs on a personal computer and analyzes data including backup files exported from an iPhone or Android phone.https://www.cnet.com/tech/mobile/pegasus-spyware-and-citizen-surveillance-what-you-need-to-know/
