India's Supreme Court Opens Investigation Into Targeting Of Indian Citizens' Phones By NSO Malware

from the is-it-too-late-to-rebrand-as-'International-Pariah' dept

NSO Group’s terrible 2021 is flowing seamlessly into an equally terrible 2022. The leak of a list of alleged targets for its malware — a list that included journalists, activists, government critics, political officials, and religious leaders — led to an outpouring of discoveries linking the company to abusive deployments of malware by a number of questionable governments.

NSO is currently being sued by two US companies over its malware. Facebook and WhatsApp claim NSO committed terms of service violations by sending malware via the messaging service. Apple claimed the same thing, pointing to the targeting of iPhones owned by users infected with NSO spyware.

Both companies are notifying users who appear to have been targeted by this malware. All over the world, people are reporting they’ve been targeted, often due to investigations performed by Canada’s Citizen Lab and Amnesty International.

Governments are getting into the act as well. The Israeli government — which once helped NSO broker deals with nearby authoritarians — is investigating the company. It has also drastically slashed the number of foreign governments it can sell to. Other governments around the world are engaging in their own investigations following reports of residents (or their elected representatives) having been hit with malware payloads created by NSO.

NSO-related phone infections are now part of a federal case in India. The nation’s top court has created a committee to look into allegations Indian citizens have been targeted by NSO’s Pegasus spyware.

The Supreme Court-appointed Technical Committee looking into the usage of Pegasus against Indian citizens has issued a public notice asking those who believe they have been targeted using the spyware to come forward and say whether they would be willing to let their device be examined by the committee.

The public notice, published in newspapers across the country on 2 January, requests “any citizen of India who has reasonable cause to suspect that her/his mobile has been compromised due to specific usage of NSO grow Israel’s Pegasus software (sic)” to contact the committee.

Those who suspect they’ve been targeted will turn their phones over to the technical committee for examination. They’ll receive an image file of the contents of their phone after relinquishing their phones and receive their device back after it has been forensically examined.

This response was prompted by a lawsuit brought against the Indian government for spying on its own citizens using NSO malware. The court also wants the government to answer a few questions as it moves this litigation forward. It wants to know how the malware was used (interception, eavesdropping, etc.), which government entities have access to Pegasus, and whether or not it has been used to target Indian citizens.

Some of those answers will likely be answered by the examination of submitted phones. The others may never receive direct answers — not if the government chooses to invoke national security mantras rather than discuss its purchase and use of NSO spyware in open court.

So far, the government has chosen to say nothing about alleged targeting of its own constituents, which hasn’t made the Supreme Court very happy.

The bench headed by Chief Justice of India NV Ramana criticised the Union government for its refusal to clarify whether it had purchased and used the spyware, and said it had to accept the prima facie case of the petitioners, including victims of Pegasus hacking, and examine their allegations.

The government will be forced to respond. Forensic examinations will uncover malware infections and perhaps even the source of those infections. Refusing to respond to questions now just means answering harder questions later. And it’s just more of the same for NSO Group, which is now primarily known for being the enabler of government corruption and oppression.

Filed Under: , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “India's Supreme Court Opens Investigation Into Targeting Of Indian Citizens' Phones By NSO Malware”

Subscribe: RSS Leave a comment
ECA (profile) says:

And the odds?

That the company will go underground? Hide and sell where no one can find them.
As to the program.
Just cause you are smart dont mean others ARNT. That some person/group/country will have the program Dissected, and remove parts that are nto needed to report to the company, and Still use the program.
Even augment and make things harder to discover the bug sent. Its the same with most of the Virus out there. 1 lead to a new version and another and another. Or even make it so they can have remote access To the phone insted of Just transferring data automatically.
Then there is remote access with remote installation. We had a virus that would only work under bootup and then disappear. WHICH is a real PAIN to find. As it would leave a copy to be found and make you think you killed it, but it had installed itself into the System Dump files, Which almost no one erases. Then you have a background file that only does 1 thing. It checks to see if the file is still there(its not the virus) and if its gone it reinstalls it.
The world of antivirus can explain so much about how they were/are created.

Anonymous Coward says:

Re: A few extra notes

Realistically, hacking Pegasus is not going to be a lot more difficult than hacking, say, Call of Duty, for pretty much the same reasons. But mind, you still have to build the "game server" for Pegasus, since you are redirecting the malware output to go direct to your system than to NSO’s.

Adding stuff to Pegasus is an entirely different ball game. In most cases, once you’ve identified what it is actually doing (which exploits it uses), you’ll probably toss the rest aside and simply build your own to use the same ones. It’s faster.

Re the virus you describe, there are worse. For instance, malware that only stays resident in memory – no file footprint at all. ROP attacks, which don’t even have a separate process … they just hijack a target vulnerable process and use it. Boot sector viruses and BIOS viruses, which install themselves in the respective locations, recovering from which are exceptionally difficult or impossible. (A boot virus could well do what you described.)

NSO was technically not a criminal company. "Going Underground", as you put it, changes that dynamic completely. While the programmers working for NSO may not be eager to continue in the actual criminal economy, I can’t imagine that they’d want "worked for NSO Group" on their resume, either.

Arijirija says:

NSO like the taste of their own toes

They’ve really put their foot in their mouth, haven’t they? And according to the Guardian, HaAretz, and others, they’ve gone after Israeli citizens as well:

I wonder how many of the "criminals" targeted by the Israeli police just happen to be anti-corruption activists trying to bring Bibi Netanyahu to book for his rampant career in corruption? (His career in politics may have played second fiddle to his career in corruption; we’ll leave it to the courts to decide.)

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...