JERUSALEM (AP) – Security researchers revealed Monday that spyware from the infamous Israeli hacker-hiring company NSO Group was found on the cell phones of six Palestinian human rights defenders, half associated with groups that Israel’s Defense Minister, according to controversial allegations, are involved in terrorism …
The revelation marks the first known attack by Palestinian activists on military-grade Pegasus spyware. Its use against journalists, human rights defenders and political dissidents from Mexico to Saudi Arabia has been documented since 2015.
A successful Pegasus infection invisibly gives attackers access to everything that a person stores and does on their phone, including real-time communication.
It is unclear who placed the spyware on activists’ phones, said the researcher who first discovered it, Mohammed al-Maskati of the nonprofit Frontline Defenders. The hack began in July 2020, according to the researchers.
Shortly after identifying the first two incursions in mid-October, Israeli Defense Minister Benny Gantz declared six Palestinian civil society groups terrorist organizations. Irish Frontline Defenders and at least two victims say they see Israel as the prime suspect, and believe the appointment may have been timed to try to overshadow the hacker’s exposure, although they have not provided any evidence to support these claims.
Israel has publicly presented little evidence to support the designation of terrorism, which Palestinian groups say is intended to deprive them of funding and crush resistance to Israeli military rule. Three of the hacked Palestinians work for civil society groups. Others don’t and want to remain anonymous, Frontline Defenders said.
The forensic findings, independently verified by security researchers at Amnesty International and the University of Toronto’s Citizen Lab in a joint technical report, come amid growing condemnation of the NSO Group for its spyware abuse, and Israel is feverish over weak oversight of its digital surveillance industry. …
Last week, the Biden administration blacklisted the NSO Group and lesser-known Israeli rival Candiru, banning them from using American technology.
When asked about allegations that its software was used against Palestinian activists, NSO Group said in a statement that it does not identify its clients for contractual and national security reasons, does not know who they are hacking, and only sells to government agencies for use against “Serious crime and terror”.
An Israeli Defense Ministry spokesman said in a brief statement that the definition of the six organizations was based on strong evidence and that any claims related to the use of NSO software are unfounded. There were no other details in the statement, and officials declined requests for additional comment. The official spoke on condition of anonymity to discuss security issues.
The Israeli Defense Ministry approves the export of spyware produced by the NSO Group and other private Israeli companies, which are recruited from the country’s leading cyber-capable military units. Critics say the process is opaque.
Security researchers said it is not known exactly when and how the phones were hacked. But four of the six jailbroken iPhones used exclusively SIM cards issued by Israeli telecommunications companies with Israeli code numbers +972, researchers at Citizen Lab and Amnesty said. This made them question the NSO Group’s claims that exported versions of Pegasus could not be used to hack Israeli phone numbers. NSO Group also said it does not target US indices.
Among those hacked was Ubay Abudi, a 37-year-old economist and US citizen. He runs the seven-man Bisan Research and Development Center in Ramallah, in the Israeli-occupied West Bank, one of six groups that Gantz declared terrorists on October 22.
The two other hacked Palestinians who have agreed to give their names are researcher Ghassan Halaika of the human rights group Al-Haq and lawyer Salah Hammuri of Addamer, also a human rights organization. The other three groups are Palestinian Child Protection International, the Union of Palestinian Women’s Committees and the Union of Agricultural Workers’ Committees.
Abudi said he lost his “sense of security” due to the “inhuman” hacking of his phone, which sits next to him day and night and stores photographs of his three children. He said that for the first three nights after learning about the burglary, his wife “was awake at the thought of such a deep invasion of our privacy.”
He was especially concerned that interceptors were involved in his interactions with foreign diplomats. A study by researchers of Abudi’s phone showed that he was infected with Pegasus in February.
Abudi accused Israel of “sticking a terrorist logo” on groups after failing to convince European governments and others to cut off financial support.
Israel claims that these groups are affiliated with the Popular Front for the Liberation of Palestine, a left-wing political faction with an armed wing that kills Israelis. Israel and Western governments view the PFLP as a terrorist group. Abudi served a 12-month sentence last year on charges of PFLP involvement, but denies being a member of the group.
Tehillah Schwarz Altshuler, a legal expert at the Israel Institute for Democracy, called the findings “truly alarming,” especially if it can be proven that Israeli security services, largely outside the country’s privacy laws, used NSO Group’s commercial spyware.
“It actually complicates the government’s relationship with the NSO,” Altshuler said, “if the government is indeed both the client and the regulator in a relationship conducted under secrecy.
Abudi, along with representatives from Al-Haq and Addamir, held a press conference on Monday in the occupied West Bank, at which they condemned the burglaries as an attack on civil society. Addameer director Sugar Francis has called for an international investigation.
“Of course we are not going to shut down our organizations,” Francis said. “We will continue our work, we will continue to provide services.”
Frontline Defenders chief executive Andrew Anderson said the NSO Group cannot be trusted to ensure its spyware is not being misused by its customers and said Israel must face international rebuke if it does not force the company to obey.
“If the Israeli government refuses to take action, it must have implications for regulating trade with Israel,” he said via email.
Al-Maskati, the researcher who discovered the hacks, said he was first alerted on October 16 from Halaiki, whose phone was hacked in July 2020. Al-Haq, in particular, maintains confidential contacts with the International Criminal Court. related to alleged human rights violations.
“As human rights defenders living under occupation, we expect it to be (Israeli) occupation,” Halaik said when asked who he believed was behind the break-in.
According to researchers, the phone of Hammuri, the third victim of the hack, was hacked in April. As a dual French citizen residing in Jerusalem, Hammuri previously served a seven-year sentence for security breaches, and Israel considers him an PFLP operative, he denies the charges.
Hammuri declined to discuss who was behind the hack, saying that “we need to determine who had the ability and who had the motive.”
After Halaika warned him, Al-Maskati said he scanned 75 Palestinian activists’ phones and found six cases of infection. He said he could not determine how the phones were jailbroken, although the chronology of the evidence found points to a so-called “zero-click iMessage” exploit that the NSO Group used on iPhones. The exploit is very effective and does not require user intervention, as is usually the case with phishing attempts.
Facebook is suing NSO Group for using a similar exploit that allegedly invaded its world-wide encrypted messaging app WhatsApp. The US Federal Court of Appeals issued a ruling on Monday rejecting NSO Group’s attempt to dismiss the claim.
Since the consortium of international news organizations reported in July on the announcement by the consortium of international news organizations that the consortium of international news organizations announced in July of this year that the list of possible targets of NSO Group surveillance. The list was sourced from an unnamed source Amnesty International and Forbidden Stories, a Paris-based journalistic non-profit organization. Among those listed was an Associated Press journalist.
The Washington Post reported that from this list of 50,000 phone numbers, reporters from various news organizations were able to confirm at least 47 additional successful hacks.
Bajak reported from Lima, Peru. Associated Press author Alan Suderman of Richmond, Virginia contributed to this report.