And Now EU Commissioners Are Reporting Their Phones Were Infected With NSO Group Malware

(Mis)Uses of Technology

from the it's-all-fun-and-games-until-you're-universally-reviled dept

NSO Group has gone from being an under-the-radar spyware darling selling powerful phone hackery to some of the absolutely worst governments in the world to being an extremely exposed malware pariah which has sold powerful phone hackery to some of the absolute worst governments in the world.

A data dump last summer served as a wake-up call to pretty much everyone who wasn’t currently abusing NSO’s exploits. Journalists, activists, government critics, opposition party members, ex-wives of emirates… all were targeted by abusive NSO customers. The floodgates opened.

In the following months, more abusive uses were revealed. NSO Group was sued by Apple, hit with sanctions by the US Commerce Department, saw its investors flee, and its list of customers drastically trimmed by the Israeli government.

That NSO malware has been deployed in Europe to target politicians is no longer up for discussion. It’s a fact. EU Parliament members reported malware infections, as did certain Polish politicians and members of the Catalan independence movement the government of Spain would desperately love to see silenced in perpetuity.

There’s more to add to the list, detailed in this exclusive report by Raphael Satter for Reuters.

The European Union found evidence that smartphones used by some of its staff were compromised by an Israeli company’s spy software, the bloc’s top justice official said in a letter seen by Reuters.

In a July 25 letter sent to European lawmaker Sophie in ‘t Veld, EU Justice Commissioner Didier Reynders said iPhone maker Apple had told him in 2021 that his iPhone had possibly been hacked using Pegasus, a tool developed and sold to government clients by Israeli surveillance firm NSO Group.

The warning from Apple triggered the inspection of Reynders’ personal and professional devices as well as other phones used by European Commission employees, the letter said.

While researchers were unable to find conclusive proof Reynders’ phone or those of his staff had been compromised by NSO spyware, they did find evidence of malicious intrusion. Further investigation may provide more confirmation, but for now, Reynders is acting on information provided by Apple, which now notifies users it suspects may have been hit with NSO malware.

NSO offered this statement in response to Reuters’ reporting:

An NSO spokeswoman said the firm would willingly cooperate with an EU investigation.

“Our assistance is even more crucial, as there is no concrete proof so far that a breach occurred,” the spokeswoman said in a statement to Reuters. “Any illegal use by a customer targeting activists, journalists, etc., is considered a serious misuse.”

I’m inclined to believe this statement is sincere. First off, NSO really has no option at this point other than cooperating fully with investigations. It has zero credibility left and is facing investigations from multiple world governments while watching its funding dry up and its plans for the future disintegrate.

Second, this sort of assistance is incredibly self-serving. The NSO seems most willing to pitch in when it thinks the end result will be exoneration or, at least, plausible deniability.

But this early report may just be the tip of another of NSO’s many icebergs. The EU Commission is still investigating the spread and use of NSO malware to target European politicians. Reynders just happens to be one of the first to respond to the EU Commission’s inquiries. If this Commissioner’s phone was infected, there’s little reason to believe his case is an anomaly.

Filed Under: didier reynders, eu, eu commission, pegasus, spyware, surveillance
Companies: apple, nso group