NSO Pegasus Malware Deployed To Spy On Palestinian Human Rights Activists

from the now-who-would-want-to-do-a-thing-like-that? dept

Another day, another revelation about the abuse of NSO malware by its customers. The latest report shows NSO Group's powerful Pegasus malware was used to target Palestinian human rights activists. Citizen Lab is again on the case, providing the forensic examination of the detected malware and coming to this conclusion:

In October 2021, the human rights non-governmental organization (NGO) Front Line Defenders (FLD) began collecting data on the suspected hacking of the devices of several Palestinians working for civil society organizations based in the West Bank. FLD shared the data they collected with the Citizen Lab and Amnesty International’s Security Lab for separate independent peer review of their initial findings. FLD’s analysis indicated that six devices belonging to six Palestinian human rights defenders were hacked with Pegasus, a spyware developed by the cyber-surveillance company NSO Group. Both the Citizen Lab and Amnesty International’s Security Lab independently confirmed these findings.

Given the targets of the hacking, one would suspect the Israeli government was involved in this targeting of Palestinian activists. Citizen Lab and Amnesty International have made no allegations as to the source of these attacks, but there are some details that suggest Israel's government is involved.

One of those details comes from the Citizen Lab report:

Of interest is the fact that four hacked phones exclusively used SIMs issued by Israeli telecoms companies with Israeli (+972) phone numbers. NSO Group has said that exported versions of Pegasus cannot be used to hack Israeli phone numbers.

If exportation is key to this restriction on targeting Israeli phones numbers, deploying it from home presumably bypasses this protection.

Adding to the perception that the Israeli government might be behind these hacks is the timeline of the attacks and the publication of these findings. The attacks were apparently carried out in July 2020. The three entities investigating the hackings published their findings November 8, 2021. Shortly before these publications, the Israeli government declared the organizations these targets worked for as "terrorist organizations."

Israel on Friday effectively outlawed six prominent Palestinian human rights groups by declaring them terrorist organizations, a major escalation of its decades-long crackdown on political activism in the occupied territories.

The declaration appeared to pave the way for Israel to raid their offices, seize assets, arrest staff and criminalize any public expressions of support for the groups. Most of the targeted organizations document alleged human rights violations by Israel as well as the Palestinian Authority, both of which routinely detain Palestinian activists.

That happened on October 22. On November 6, the dossier that supposedly justified the designation was leaked. And it didn't appear to have much in it to support Israel's unilateral declaration that these rights groups were actually terrorist groups.

A confidential Israeli dossier detailing alleged links between Palestinian human rights groups and an internationally designated terrorist organization contains little concrete evidence and failed to convince European countries to stop funding the groups.

The 74-page document appears to have been prepared by Israel’s Shin Bet internal security service and shared with European governments in May. The Associated Press obtained the document from the online +972 Magazine, which was the first to report on it, along with the Hebrew-language Local Call.

Here's why this matters: it turns the targets from activists to terrorists, which gives the Israeli government permission (albeit in arrears) to engage in malicious hacking of devices. Protections and rights tend to evaporate pretty quickly once a government -- any government -- decides you're a terrorist. Given the lack of solid intel in the dossier, this almost looks like the laundering of previously illegal surveillance activities. It also gives the government permission to do more of the same in the future.

No one's made any accusations (other than noting NSO customers love targeting opposition leaders and activists), but the defensive statements have been delivered anyway. At best, this is some really lazy deflection by the Israeli government and more of the same "hey, we just sell the stuff" excuses from NSO Group.

The Israeli prime minister’s office and the Defense Ministry denied that Pegasus had been used to hack the Palestinians’ phones. An NSO spokeswoman said that the company would not say who used the software and that it did not have access to information about whom the program was used against.

Well, the Citizen Lab report says otherwise. And this non-denial doesn't say the government didn't hack the phones. All it says is that these two government reps are on record denying something that can't actually be denied while refusing to confirm anything about the activists' targeting by the Israeli government.

This all looks pretty shady. And it's unlikely to persuade the US government to drop NSO from its export regulation blacklist, despite NSO's protestations that its largely-unregulated sales to human rights violators contributes to the overall security and well-being of the entire planet.

And there's this postscript, which suggests NSO is now so toxic even one of its principals wants nothing more to do with it. (Google Translated from the original Hebrew.)

Itzik Benvenisti leaves NSO less than two weeks after being appointed CEO. In August, Benvenisti was appointed co-president of the company.

Calcalist has learned that Benvenisti informed the chairman of the NSO board of directors, Asher Levy, on Tuesday that in light of the special circumstances created in the company, he decided that he would not be able to enter the position of CEO.

The "special circumstances?" Apparently it's the ongoing PR nightmare NSO is battling along with its blacklisting by the US government. According to the Calcalist article, Benvenisti said it was not possible to carry out his plans for the company while being blacklisted. One presumes Benvenisti is well aware that remaining with the company would make his name just as toxic as NSO's since there's no reason to believe this is the last negative press the company will generate.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: activists, human rights, israel, malware, palestinian, spyware, surveillance


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 22 Nov 2021 @ 10:56am

    isn't that exactly what it was designed to do?

    reply to this | link to this | view in chronology ]

  • icon
    Nathan F (profile), 22 Nov 2021 @ 12:11pm

    There is a game I play that has a quote that fits perfectly.

    "When you build something like this, you make persecution a way of life." - Witch, Path of Exile.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Nov 2021 @ 12:24pm

    So, is Pegasus lying about their software controls, or are they lying about their sales practices?

    reply to this | link to this | view in chronology ]

    • identicon
      Glen, 22 Nov 2021 @ 12:40pm

      Re:

      Yes?

      reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 22 Nov 2021 @ 1:17pm

      Re:

      its the idea that 'Only Pegasus' can control the software.
      Thinking no one Else could hack Their program is being short sighted.
      But as mentioned, If someone cut service to the customer and suggested to change the Sim card(it was hacked), and hte consumer inserted it themselves, it would bypass the security.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 22 Nov 2021 @ 1:27pm

    So.

    As has been noted, in the past.
    Even the USA gov. came to the conclusion that If its illegal in the USA, they only have to do it Outside the USA. Even if it is about hacking USA firms, doing it from Outside the USA may not be illegal.
    So it dont matter WHO did it, its WHO got the data. Which they are not exposing.

    Considering all the Crap in the past happening in Israel, and Palestinian history. Even after the UN. decided how it Should be, and now the UN. isnt doing anything to KEEP THESE 2 APART.
    The USA really dont give a hoot, as we have sold weapons to both sides, as long as they had money. The problem is we keep sending the money BACK to Israel, as some kind of Support? Even private groups have been and still are, doing it.
    Wonder what would happen if we got the UN. to blackball and restrict Israel, Palestine, and the Arabs, and FORCE them to FIX THINGS PERMANENTLY. It might be interesting.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Nov 2021 @ 9:47am

    Just FYI, the “+972 Magazine” is a far-left website in Israel. Really far-far-left (even if something is considered Islamic terror, they will never call it as such) and they have their own bias and agenda. So… please take their reporting with a grain of salt.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Advertisment

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.