NSO Pegasus Malware Deployed To Spy On Palestinian Human Rights Activists

from the now-who-would-want-to-do-a-thing-like-that? dept

Another day, another revelation about the abuse of NSO malware by its customers. The latest report shows NSO Group’s powerful Pegasus malware was used to target Palestinian human rights activists. Citizen Lab is again on the case, providing the forensic examination of the detected malware and coming to this conclusion:

In October 2021, the human rights non-governmental organization (NGO) Front Line Defenders (FLD) began collecting data on the suspected hacking of the devices of several Palestinians working for civil society organizations based in the West Bank. FLD shared the data they collected with the Citizen Lab and Amnesty International’s Security Lab for separate independent peer review of their initial findings. FLD’s analysis indicated that six devices belonging to six Palestinian human rights defenders were hacked with Pegasus, a spyware developed by the cyber-surveillance company NSO Group. Both the Citizen Lab and Amnesty International’s Security Lab independently confirmed these findings.

Given the targets of the hacking, one would suspect the Israeli government was involved in this targeting of Palestinian activists. Citizen Lab and Amnesty International have made no allegations as to the source of these attacks, but there are some details that suggest Israel’s government is involved.

One of those details comes from the Citizen Lab report:

Of interest is the fact that four hacked phones exclusively used SIMs issued by Israeli telecoms companies with Israeli (+972) phone numbers. NSO Group has said that exported versions of Pegasus cannot be used to hack Israeli phone numbers.

If exportation is key to this restriction on targeting Israeli phones numbers, deploying it from home presumably bypasses this protection.

Adding to the perception that the Israeli government might be behind these hacks is the timeline of the attacks and the publication of these findings. The attacks were apparently carried out in July 2020. The three entities investigating the hackings published their findings November 8, 2021. Shortly before these publications, the Israeli government declared the organizations these targets worked for as “terrorist organizations.”

Israel on Friday effectively outlawed six prominent Palestinian human rights groups by declaring them terrorist organizations, a major escalation of its decades-long crackdown on political activism in the occupied territories.

The declaration appeared to pave the way for Israel to raid their offices, seize assets, arrest staff and criminalize any public expressions of support for the groups. Most of the targeted organizations document alleged human rights violations by Israel as well as the Palestinian Authority, both of which routinely detain Palestinian activists.

That happened on October 22. On November 6, the dossier that supposedly justified the designation was leaked. And it didn’t appear to have much in it to support Israel’s unilateral declaration that these rights groups were actually terrorist groups.

A confidential Israeli dossier detailing alleged links between Palestinian human rights groups and an internationally designated terrorist organization contains little concrete evidence and failed to convince European countries to stop funding the groups.

The 74-page document appears to have been prepared by Israel’s Shin Bet internal security service and shared with European governments in May. The Associated Press obtained the document from the online +972 Magazine, which was the first to report on it, along with the Hebrew-language Local Call.

Here’s why this matters: it turns the targets from activists to terrorists, which gives the Israeli government permission (albeit in arrears) to engage in malicious hacking of devices. Protections and rights tend to evaporate pretty quickly once a government — any government — decides you’re a terrorist. Given the lack of solid intel in the dossier, this almost looks like the laundering of previously illegal surveillance activities. It also gives the government permission to do more of the same in the future.

No one’s made any accusations (other than noting NSO customers love targeting opposition leaders and activists), but the defensive statements have been delivered anyway. At best, this is some really lazy deflection by the Israeli government and more of the same “hey, we just sell the stuff” excuses from NSO Group.

The Israeli prime minister’s office and the Defense Ministry denied that Pegasus had been used to hack the Palestinians’ phones. An NSO spokeswoman said that the company would not say who used the software and that it did not have access to information about whom the program was used against.

Well, the Citizen Lab report says otherwise. And this non-denial doesn’t say the government didn’t hack the phones. All it says is that these two government reps are on record denying something that can’t actually be denied while refusing to confirm anything about the activists’ targeting by the Israeli government.

This all looks pretty shady. And it’s unlikely to persuade the US government to drop NSO from its export regulation blacklist, despite NSO’s protestations that its largely-unregulated sales to human rights violators contributes to the overall security and well-being of the entire planet.

And there’s this postscript, which suggests NSO is now so toxic even one of its principals wants nothing more to do with it. (Google Translated from the original Hebrew.)

Itzik Benvenisti leaves NSO less than two weeks after being appointed CEO. In August, Benvenisti was appointed co-president of the company.

Calcalist has learned that Benvenisti informed the chairman of the NSO board of directors, Asher Levy, on Tuesday that in light of the special circumstances created in the company, he decided that he would not be able to enter the position of CEO.

The “special circumstances?” Apparently it’s the ongoing PR nightmare NSO is battling along with its blacklisting by the US government. According to the Calcalist article, Benvenisti said it was not possible to carry out his plans for the company while being blacklisted. One presumes Benvenisti is well aware that remaining with the company would make his name just as toxic as NSO’s since there’s no reason to believe this is the last negative press the company will generate.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSO Pegasus Malware Deployed To Spy On Palestinian Human Rights Activists”

Subscribe: RSS Leave a comment
ECA (profile) says:


As has been noted, in the past.
Even the USA gov. came to the conclusion that If its illegal in the USA, they only have to do it Outside the USA. Even if it is about hacking USA firms, doing it from Outside the USA may not be illegal.
So it dont matter WHO did it, its WHO got the data. Which they are not exposing.

Considering all the Crap in the past happening in Israel, and Palestinian history. Even after the UN. decided how it Should be, and now the UN. isnt doing anything to KEEP THESE 2 APART.
The USA really dont give a hoot, as we have sold weapons to both sides, as long as they had money. The problem is we keep sending the money BACK to Israel, as some kind of Support? Even private groups have been and still are, doing it.
Wonder what would happen if we got the UN. to blackball and restrict Israel, Palestine, and the Arabs, and FORCE them to FIX THINGS PERMANENTLY. It might be interesting.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...