Leaked NSO Group Presentation Details Malware’s Ability To Turn On Cameras, Mics To Surveil Targets

from the just-because-it's-illegal-domestically-doesn't-mean-you-can't-profit-from-it dept

Israel’s foremost purveyor of malware, NSO Group, has undergone nearly a yearlong reckoning. A leak last summer appeared to show NSO customers were routinely targeting journalists, activists, members of opposition parties, and, in one case, the ex-wife of a Dubai ruler.

That NSO Group was shady wasn’t a new fact. Its decision to sell malware to abusive governments had been criticized for nearly a half-decade. But the data leak made this a problem too big to ignore. The US government responded by blacklisting NSO. The Israeli government — which had been instrumental in helping NSO Group secure contracts with human rights abusers — finally decided it was time to limit who NSO could sell its products to.

But how much did the Israeli government know? A presentation obtained by Haaretz appears to show the government knew the malware could perform surveillance that was illegal under local laws but still chose to grease the wheels for NSO sales to governments far less concerned about the rights of their constituents.

NSO’s flagship product — Pegagus — was capable of delivering zero-click exploits. Once a phone was infected, NSO customers were free to do as they pleased. They could intercept text messages and listen in on phone calls. And they could commandeer devices to make them much more than passive interception points.

Details and screenshots of a prototype version of the Pegasus spyware designed for Israeli police back in 2014 reveal the tools and far-reaching capabilities of a system that was slated to be deployed in everyday police work.

The spyware’s suite of tools, which were supposed to be presented to the security cabinet headed by then-Prime Minister Benjamin Netanyahu, included various capabilities sought by police – ranging from listening to any phone call on an infected phone, reading text messages, to remotely opening the microphone and the camera without the phone owner’s knowledge.

Haaretz says the presentation was produced to be shown to the Police Brigadier General Yoav Hassan, the newly appointed head of “signals intelligence.” The signals intelligence group operated outside the bounds of domestic law, targeting foreigners as a compartmentalized, “extra-territorial” surveillance operation.

This information may have been presented to this secretive division of Israel’s national police force. It’s not clear whether NSO’s presentation was ever given to government officials overseeing this program. If so, government officials chose to ignore the dangers posed by Pegasus deployment, which included giving NSO customers access to capabilities that were illegal under Israeli law.

Israeli law may not apply elsewhere in the world, but these not-so-legal features of NSO’s Pegasus malware were apparently presented to Israel’s federal police, who utilized a version of Pegasus called “Seifan” to engage in surveillance. Whether or not the police ever used these features, the features were presented as options by NSO as it pitched its goods to Israeli law enforcement.

Another capability of Seifan mentioned in the presentation is the interception of incoming and outgoing phone calls. Besides this ability, which seems to be relatively routine in the world of intelligence surveillance, there is another one known in the professional parlance as “volume listening” and is considered much more intrusive.

In simple terms it means real time wiretapping to a device’s surrounding through the remote activation of the device’s microphone. This type of wiretapping requires an order from a district court president or their deputy.

Placing a microphone in private areas to intercept all conversations in range isn’t normal investigative behavior. Intercepting communications between suspects is one thing. Becoming an unseen and uninvited guest in someone’s home or place of business is quite another — the sort of thing courts are often extremely hesitant to approve.

But if you can achieve the same thing with a targeted phone, the ends become a justification for the means. And the means become impossible to trace, buried beneath technical jargon, redacted filings, and parallel construction.

Whether or not this feature was enabled for Israeli police post-purchase is unknown. But, according to information obtained by Haaretz, these features were part of the demo version delivered to law enforcement by NSO.

Documents in Haaretz’s hands attest that throughout the relevant time, the police signals intelligence division and NSO personnel tested the product in conjunction with a number of “operational requirements.”

Overall, the product presented then incorporates many features that are reportedly part of the Pegasus system, as well as some that are absent from the versions that have recently been sold to other governments in recent years.

This is the version Israeli law enforcement may have deployed against Israeli citizens. While the government continues to claim any local abuses of NSO malware were minimal, the fact is that oversight of domestic surveillance in Israel is, at best, almost nonexistent.

According to a cyber-technology expert, Israel is the only nation in the world to which oversight does not apply. Or, to put it another way, “On a principle level, NSO is free to sell services and technology to Israel, with no restrictions whatsoever on the technology it can sell it.”

Israeli law enforcement officials continue to insist all use of Pegasus spyware was legal and court-approved. It also claims, according to Haaretz, it blocked features that allowed access to phone cameras and mics at will. But that claim remains little more than a self-serving deflection. The Israeli government allowed Israeli law enforcement a considerable amount of leeway to chase down criminals and national security threats. Just because something is illegal doesn’t mean cops won’t break the law to achieve their goals. And the Israeli police’s statements, which have become increasingly defensive over the past few months, suggest there’s a lot it isn’t telling us.

Most telling is the federal police’s insistence that critical reporting somehow harms officers’ ability to investigate criminal acts.

The grave damage caused by reports of this sort have harmed and are still harming severely the ability of the police to act against grave crimes, prevent violations of the law, thwart them and bring the transgressors to court. 

Words on a website are not new legislation, mandates, or any other curtailment of current police activities. This is nothing more than proactive whining meant to encourage readers to consider critical reporting a threat to public safety. It’s cowardly, disingenuous, and, above all, a distraction from questions the Israeli government (federal police and their overseers) have refused to answer directly.

Filed Under: , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Leaked NSO Group Presentation Details Malware’s Ability To Turn On Cameras, Mics To Surveil Targets”

Subscribe: RSS Leave a comment

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...