Polish Prosecutor First Beneficiary Of Apple's 'You've Been Hacked By NSO Spyware' Notification Program

from the anything-that-screws-with-NSO-and-its-customers-is-fine-with-me dept

Concurrent with Apple's announcement that it was suing Israeli tech company NSO Group over its iPhone exploits was its announcement that it would be notifying customers of suspected hacking attempts utilizing NSO's extremely powerful Pegasus malware.

Apple is notifying the small number of users that it discovered may have been targeted by FORCEDENTRY. Any time Apple discovers activity consistent with a state-sponsored spyware attack, Apple will notify the affected users in accordance with industry best practices.

Unlike Apple's lawsuit -- which might nudge the CFAA towards a more expansive interpretation of "unauthorized access" that could adversely affect security research -- this notification practice is undeniably good. It undercuts the abusive acts of state actors by giving their targets a heads up about phone hacking attempts.

This won't pose much of a problem for Apple, as it's out of the legal reach of most of NSO's customers. Even if foreign surveillance agencies did obtain the equivalent of a warrant to hack phones and intercept communications, any accompanying gag orders would be useless. We'll see how this disclosure process works out if a US-based government agency utilizes NSO malware -- something that seems even less likely now that the Commerce Department has blacklisted NSO.

The notification program has already paid off for one Polish government employee, who was recently informed by Apple she was targeted by NSO spyware. (h/t 9to5Mac)

Ewa Wrzosek is a prosecutor, a member of the Association of Prosecutors "Lex Super Omnia". She exposed herself to the authorities on April 23, 2020, when she initiated an investigation into the so-called "Envelope elections". On the same day, however, the investigation was taken from her and discontinued, and disciplinary proceedings were initiated against Wrzoski. Since then, the prosecutor has repeatedly criticized the changes in the Polish judiciary after 2015.

Yesterday evening, Ewa Wrzosek announced on Twitter that she had received a notification from Apple about a possible attack by state services on her iPhone using Pegasus.

The "Envelope Elections" were a hasty and apparently unlawful attempt to hold an election during the first few months of the COVID pandemic. Last May, the failed presidential election managed to rack up a hefty tab to be settled by Poland residents, but didn't actually result in the election of anyone.

Poland’s abandoned presidential election, which was scheduled for 10 May but took place without any voting, still generated high costs. Private broadcaster TVN has revealed that invoices issued in connection with the preparations amounted to almost 70 million zloty of costs for the state postal service, Poczta Polska.

The run-up to the planned election was fraught with chaos and controversy, as the Polish government pushed ahead with preparations for a fully postal vote before relevant legislation had been passed. Many local authorities refused to cooperate, on the basis that doing so without the law in place would be illegal.

Following this logistic and political failure (there was some speculation this process was fast tracked to give the incumbent president the best chance to win), Wrzosek began an investigation. That appears to have proven unpopular with the party controlling the Polish government. Given this history, it's not much of a leap to presume she's being targeted by her own government.

The twist is that the Polish government has never officially confirmed it has ever acquired NSO malware. But governments rarely discuss surveillance programs, especially their most controversial ones. However, there is a paper trail that suggests at least one government agency is in possession of NSO's most powerful surveillance tool.

For nine months, the Ministry of Finance has not been able to decide whether the Justice Fund, which is in the hands of the Minister of Justice Zbigniew Ziobro, had the right to transfer PLN 25 million to the CBA for the purchase of a modern surveillance system, tvn24.pl learned.

The fact that the Central Anticorruption Bureau received money from this fund and allocated it to the purchase of the most modern surveillance system for telephones and computers was revealed on tvn24.pl almost exactly a year ago.

Now, reporters of the "Black on White" program suspect that the system bought by the anti-corruption service is probably the Israeli Pegasus. - This system was created to prevent terrorist attacks, kidnappings, human trafficking and drug smuggling - journalists from "Black and White" explained.

If so, there's a good chance the targeted phone is compromised. Wrzosek has asked for answers from the Minister of Justice, but she's unlikely to receive any acknowledgements or apologies. If it is what it looks like, the prosecutor is being targeted in retaliation for her attempted investigation by the same government she works for.

As Apple continues to notify users targeted by NSO malware, hopefully those targeted will continue to inform the rest of the world how the company's "for bad guys and terrorists ONLY" exploits are actually being used.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ewa wrzosek, malware, pegasus, poland, spyware
Companies: apple, nso group