On Monday, security experts revealed that spyware from the infamous Israeli hacker-for-hire firm NSO Group was discovered on the cellphones of six Palestinian human rights activists, half of whom were linked with organisations that Israel’s defence minister alleged were involved in terrorism.
The disclosure is the first time that the military-grade Pegasus malware has been used to target Palestinian activists. Since 2015, it has been used against journalists, human rights campaigners, and political dissidents from Mexico to Saudi Arabia.
Intruders gain access to everything a person keeps and does on their phone, including real-time communications, if a Pegasus infection is effective.
According to Mohammed al-Maskati of the NGO Frontline Defenders, the researcher who initially discovered the NSO malware on the activists’ phones, it’s unclear who installed it.
Israeli Defense Minister Benny Gantz declared six Palestinian civil society organisations terrorist organisations shortly after the first two incursions were discovered in mid-October. Frontline Defenders, located in Ireland, and at least two of the victims believe Israel is the major suspect, and that the designation was made to obscure the hacks’ detection, albeit they have presented no evidence to back up their claims.
Israel has given little public evidence to substantiate the terrorism designation, which Palestinian groups claim is intended to deprive them of funds and silence their opposition to Israeli military authority. Three of the Palestinians who were hacked work for civil society organisations. Frontline Defenders claims that the others do not and desire to remain nameless.
The forensic findings, which were independently confirmed by security researchers from Amnesty International and the University of Toronto’s Citizen Lab in a joint technical report, come as NSO Group faces mounting criticism for the misuse of its spyware and Israel faces criticism for its lax oversight of its digital surveillance industry.
NSO Group and Candiru blacklisted by the Biden Administration
The NSO Group and a lesser-known Israeli competitor, Candiru, were blacklisted by the Biden administration last week, preventing them from accessing US technology.
When asked about the allegations that its software was used against Palestinian activists, NSO Group responded in a statement that it does not identify its customers for contractual and national security reasons, does not know who they hack, and only sells to government agencies for use against “serious crime and terror.”
In a brief statement, an Israeli defence official said the identification of the six organisations was based on strong evidence and that any accusation that it is linked to the deployment of NSO software is false. There were no other details in the statement, and officials denied demands for additional information. To discuss security concerns, the official spoke on the condition of anonymity.
The Israeli Defense Ministry has approved the export of spyware developed by NSO Group and other private Israeli firms that recruit from Israel’s top cyber-capable military units. The procedure, according to critics, is unclear.
According to the security researchers, it’s unclear when or how the phones were hacked. According to Citizen Lab and Amnesty International researchers, four of the six hacked iPhones used SIM cards issued by Israeli telecom carriers with Israeli +972 area code numbers. As a result, they questioned NSO Group’s claims that exported Pegasus versions can’t be used to steal Israeli phone numbers. NSO Group has also stated that it does not target numbers in the United States.
Ubai Aboudi, a 37-year-old economist and US citizen, was one of those hacked. He is the director of the Bisan Center for Research and Development in Ramallah, in the Israeli-occupied West Bank, which is one of the six organisations Gantz designated as terrorists on Oct. 22.
Ghassan Halaika of the Al-Haq rights group and attorney Salah Hammouri of Addameer, another human rights organisation, are the other two hacked Palestinians who agreed to be named. Defense for Children International-Palestine, the Union of Palestinian Women’s Committees, and the Union of Agricultural Work Committees are the other three authorised organisations.
Aboudi claims he has lost “any sense of safety”…
Aboudi claims he has lost “any sense of safety” as a result of the “dehumanising” hack of his phone, which is always by his side and has images of his three children. He stated his wife “didn’t sleep from the prospect of having such deep intrusions into our private” for the first three nights after learning of the breach.
He was particularly concerned that eavesdroppers might be listening in on his conversations with foreign ambassadors. The researchers discovered that Aboudi’s phone had been infected by Pegasus in February.
After failing to persuade European governments and others to cut off financial support, Aboudi accused Israel of “sticking the terrorist emblem” on the organisations.
The gangs are said to be tied to the Popular Front for the Liberation of Palestine (PFLP), a leftist political organisation with an armed branch that has killed Israelis. The PFLP is considered a terrorist organisation by Israel and Western governments. Aboudi was detained years ago on suspicion of being a member of the PFLP, but he denies ever being a member of the party.
The discoveries are “very worrisome,” according to Tehilla Shwartz Altshuler of the Israel Democracy Institute, especially if it is shown that Israel’s security agencies, who are generally immune from the country’s privacy regulations, have been employing NSO Group’s commercial spyware.
“This truly complicates the government’s relationship with NSO,” said Altshuler, if the government is both a client and a regulator in a secret connection.
Andrew Anderson, the executive director of Frontline Defenders, claims that the NSO Group can’t be trusted to keep its spyware from being used illegally by its customers, and that Israel should suffer international repercussions if it doesn’t bring the corporation to heel.
This should have ramifications in terms of trade regulation with Israel
“If the Israeli government refuses to act, this should have ramifications in terms of trade regulation with Israel,” he wrote in an email.
The researcher who found the intrusions, Al-Maskati, claimed he was initially notified on Oct. 16 by Halaika, whose phone had been hijacked in July 2020. Al-Haq communicates with the International Criminal Court, among other parties, on suspected human rights violations.
When asked who he thought was behind the hack, Halaika stated, “As human rights defenders living under occupation, we presume it was the (Israeli) occupation.”
According to the experts, the phone of the third named hacking victim, Hammouri, was apparently infiltrated in April. Hammouri, a dual French national living in Jerusalem, was told by Israel on Oct. 18 that he will be deported, according to Frontline Defenders.
“We have to identify who had the ability and who had the purpose,” Hammouri said, declining to speculate on who was behind the breach.
He checked 75 Palestinian activist’s phone and found 6 infected
Following Halaika’s tip, Al-Maskati said he checked 75 Palestinian activists phones and discovered the six infections. He was unable to ascertain how the phones were hacked, despite the timeline of evidence indicating the usage of a so-called “iMessage zero-click” attack employed on iPhones by NSO Group. The attack is quite effective, and unlike most phishing attempts, it does not require user interaction.
Facebook has sued NSO Group for allegedly intruding into its globally famous encrypted WhatsApp messaging programme using a similar hack.
Since a group of international news organisations reported in July on a list of possible NSO Group surveillance targets, a cascade of new revelations about the hacking of public figures has occurred, including Hungarian investigative journalists, the fiancée of slain Saudi journalist Jamal Khashoggi, and an ex-wife of Dubai’s ruler. Amnesty International and the Paris-based journalistic charity Forbidden Stories got the list from an anonymous source. An Associated Press correspondent was among those named.
According to the Washington Post, reporters from other news organisations were able to corroborate at least 47 additional successful breaches from that list of 50,000 phone numbers. The NSO Group has denied ever keeping such a list.
