NSO Pegasus Malware Deployed To Spy On Palestinian Human Rights Activists

from the now-who-would-want-to-do-a-thing-like-that? dept

Another day, another revelation about the abuse of NSO malware by its customers. The latest report shows NSO Group's powerful Pegasus malware was used to target Palestinian human rights activists. Citizen Lab is again on the case, providing the forensic examination of the detected malware and coming to this conclusion:

In October 2021, the human rights non-governmental organization (NGO) Front Line Defenders (FLD) began collecting data on the suspected hacking of the devices of several Palestinians working for civil society organizations based in the West Bank. FLD shared the data they collected with the Citizen Lab and Amnesty International’s Security Lab for separate independent peer review of their initial findings. FLD’s analysis indicated that six devices belonging to six Palestinian human rights defenders were hacked with Pegasus, a spyware developed by the cyber-surveillance company NSO Group. Both the Citizen Lab and Amnesty International’s Security Lab independently confirmed these findings.

Given the targets of the hacking, one would suspect the Israeli government was involved in this targeting of Palestinian activists. Citizen Lab and Amnesty International have made no allegations as to the source of these attacks, but there are some details that suggest Israel's government is involved.

One of those details comes from the Citizen Lab report:

Of interest is the fact that four hacked phones exclusively used SIMs issued by Israeli telecoms companies with Israeli (+972) phone numbers. NSO Group has said that exported versions of Pegasus cannot be used to hack Israeli phone numbers.

If exportation is key to this restriction on targeting Israeli phones numbers, deploying it from home presumably bypasses this protection.

Adding to the perception that the Israeli government might be behind these hacks is the timeline of the attacks and the publication of these findings. The attacks were apparently carried out in July 2020. The three entities investigating the hackings published their findings November 8, 2021. Shortly before these publications, the Israeli government declared the organizations these targets worked for as "terrorist organizations."

Israel on Friday effectively outlawed six prominent Palestinian human rights groups by declaring them terrorist organizations, a major escalation of its decades-long crackdown on political activism in the occupied territories.

The declaration appeared to pave the way for Israel to raid their offices, seize assets, arrest staff and criminalize any public expressions of support for the groups. Most of the targeted organizations document alleged human rights violations by Israel as well as the Palestinian Authority, both of which routinely detain Palestinian activists.

That happened on October 22. On November 6, the dossier that supposedly justified the designation was leaked. And it didn't appear to have much in it to support Israel's unilateral declaration that these rights groups were actually terrorist groups.

A confidential Israeli dossier detailing alleged links between Palestinian human rights groups and an internationally designated terrorist organization contains little concrete evidence and failed to convince European countries to stop funding the groups.

The 74-page document appears to have been prepared by Israel’s Shin Bet internal security service and shared with European governments in May. The Associated Press obtained the document from the online +972 Magazine, which was the first to report on it, along with the Hebrew-language Local Call.

Here's why this matters: it turns the targets from activists to terrorists, which gives the Israeli government permission (albeit in arrears) to engage in malicious hacking of devices. Protections and rights tend to evaporate pretty quickly once a government -- any government -- decides you're a terrorist. Given the lack of solid intel in the dossier, this almost looks like the laundering of previously illegal surveillance activities. It also gives the government permission to do more of the same in the future.

No one's made any accusations (other than noting NSO customers love targeting opposition leaders and activists), but the defensive statements have been delivered anyway. At best, this is some really lazy deflection by the Israeli government and more of the same "hey, we just sell the stuff" excuses from NSO Group.

The Israeli prime minister’s office and the Defense Ministry denied that Pegasus had been used to hack the Palestinians’ phones. An NSO spokeswoman said that the company would not say who used the software and that it did not have access to information about whom the program was used against.

Well, the Citizen Lab report says otherwise. And this non-denial doesn't say the government didn't hack the phones. All it says is that these two government reps are on record denying something that can't actually be denied while refusing to confirm anything about the activists' targeting by the Israeli government.

This all looks pretty shady. And it's unlikely to persuade the US government to drop NSO from its export regulation blacklist, despite NSO's protestations that its largely-unregulated sales to human rights violators contributes to the overall security and well-being of the entire planet.

And there's this postscript, which suggests NSO is now so toxic even one of its principals wants nothing more to do with it. (Google Translated from the original Hebrew.)

Itzik Benvenisti leaves NSO less than two weeks after being appointed CEO. In August, Benvenisti was appointed co-president of the company.

Calcalist has learned that Benvenisti informed the chairman of the NSO board of directors, Asher Levy, on Tuesday that in light of the special circumstances created in the company, he decided that he would not be able to enter the position of CEO.

The "special circumstances?" Apparently it's the ongoing PR nightmare NSO is battling along with its blacklisting by the US government. According to the Calcalist article, Benvenisti said it was not possible to carry out his plans for the company while being blacklisted. One presumes Benvenisti is well aware that remaining with the company would make his name just as toxic as NSO's since there's no reason to believe this is the last negative press the company will generate.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: activists, human rights, israel, malware, palestinian, spyware, surveillance