Polish Prosecutor First Beneficiary Of Apple's 'You've Been Hacked By NSO Spyware' Notification Program

from the anything-that-screws-with-NSO-and-its-customers-is-fine-with-me dept

Concurrent with Apple's announcement that it was suing Israeli tech company NSO Group over its iPhone exploits was its announcement that it would be notifying customers of suspected hacking attempts utilizing NSO's extremely powerful Pegasus malware.

Apple is notifying the small number of users that it discovered may have been targeted by FORCEDENTRY. Any time Apple discovers activity consistent with a state-sponsored spyware attack, Apple will notify the affected users in accordance with industry best practices.

Unlike Apple's lawsuit -- which might nudge the CFAA towards a more expansive interpretation of "unauthorized access" that could adversely affect security research -- this notification practice is undeniably good. It undercuts the abusive acts of state actors by giving their targets a heads up about phone hacking attempts.

This won't pose much of a problem for Apple, as it's out of the legal reach of most of NSO's customers. Even if foreign surveillance agencies did obtain the equivalent of a warrant to hack phones and intercept communications, any accompanying gag orders would be useless. We'll see how this disclosure process works out if a US-based government agency utilizes NSO malware -- something that seems even less likely now that the Commerce Department has blacklisted NSO.

The notification program has already paid off for one Polish government employee, who was recently informed by Apple she was targeted by NSO spyware. (h/t 9to5Mac)

Ewa Wrzosek is a prosecutor, a member of the Association of Prosecutors "Lex Super Omnia". She exposed herself to the authorities on April 23, 2020, when she initiated an investigation into the so-called "Envelope elections". On the same day, however, the investigation was taken from her and discontinued, and disciplinary proceedings were initiated against Wrzoski. Since then, the prosecutor has repeatedly criticized the changes in the Polish judiciary after 2015.

Yesterday evening, Ewa Wrzosek announced on Twitter that she had received a notification from Apple about a possible attack by state services on her iPhone using Pegasus.

The "Envelope Elections" were a hasty and apparently unlawful attempt to hold an election during the first few months of the COVID pandemic. Last May, the failed presidential election managed to rack up a hefty tab to be settled by Poland residents, but didn't actually result in the election of anyone.

Poland’s abandoned presidential election, which was scheduled for 10 May but took place without any voting, still generated high costs. Private broadcaster TVN has revealed that invoices issued in connection with the preparations amounted to almost 70 million zloty of costs for the state postal service, Poczta Polska.

The run-up to the planned election was fraught with chaos and controversy, as the Polish government pushed ahead with preparations for a fully postal vote before relevant legislation had been passed. Many local authorities refused to cooperate, on the basis that doing so without the law in place would be illegal.

Following this logistic and political failure (there was some speculation this process was fast tracked to give the incumbent president the best chance to win), Wrzosek began an investigation. That appears to have proven unpopular with the party controlling the Polish government. Given this history, it's not much of a leap to presume she's being targeted by her own government.

The twist is that the Polish government has never officially confirmed it has ever acquired NSO malware. But governments rarely discuss surveillance programs, especially their most controversial ones. However, there is a paper trail that suggests at least one government agency is in possession of NSO's most powerful surveillance tool.

For nine months, the Ministry of Finance has not been able to decide whether the Justice Fund, which is in the hands of the Minister of Justice Zbigniew Ziobro, had the right to transfer PLN 25 million to the CBA for the purchase of a modern surveillance system, tvn24.pl learned.

The fact that the Central Anticorruption Bureau received money from this fund and allocated it to the purchase of the most modern surveillance system for telephones and computers was revealed on tvn24.pl almost exactly a year ago.

Now, reporters of the "Black on White" program suspect that the system bought by the anti-corruption service is probably the Israeli Pegasus. - This system was created to prevent terrorist attacks, kidnappings, human trafficking and drug smuggling - journalists from "Black and White" explained.

If so, there's a good chance the targeted phone is compromised. Wrzosek has asked for answers from the Minister of Justice, but she's unlikely to receive any acknowledgements or apologies. If it is what it looks like, the prosecutor is being targeted in retaliation for her attempted investigation by the same government she works for.

As Apple continues to notify users targeted by NSO malware, hopefully those targeted will continue to inform the rest of the world how the company's "for bad guys and terrorists ONLY" exploits are actually being used.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ewa wrzosek, malware, pegasus, poland, spyware
Companies: apple, nso group


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 10 Dec 2021 @ 2:27pm

    This story does raise the question of just how is Apple detecting malware on phones without a physical examination? Presuming stealthy software, just how much data and what data is the phone sending to Apple to allow the spyware to show up in that data?

    link to this | view in thread ]

  2. icon
    That Anonymous Coward (profile), 10 Dec 2021 @ 3:18pm

    "something that seems even less likely now that the Commerce Department has blacklisted NSO."

    Have you met the rest of our government?
    They'll just claim they discovered things via some other way to hide that they are violating the law & rights and everyone will be fine with it.

    link to this | view in thread ]

  3. icon
    That One Guy (profile), 10 Dec 2021 @ 5:25pm

    Not a contradiction even though it really should be

    As Apple continues to notify users targeted by NSO malware, hopefully those targeted will continue to inform the rest of the world how the company's "for bad guys and terrorists ONLY" exploits are actually being used.

    When a government sees it's role not as serving the public but ruling over them then any that might challenge that are going to be seen and treated as 'bad guys', and if that's the country's citizens then going after them is going after the 'bad guys'.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 11 Dec 2021 @ 12:02am

    Re: Not a contradiction even though it really should be

    When you're a totalitarian, power-hungry government, the only one that isn't a "bad guy" is the bigger, more power-hungry totalitarian government.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 11 Dec 2021 @ 2:35am

    I do not think that this will be the last straw... but it would be nice to have a much harder line towards Poland from the EU. Either they fall in line, or EU should kick them and all their "reforms" out. They are weakening the union every day.

    link to this | view in thread ]

  6. icon
    PartTimeZombie (profile), 12 Dec 2021 @ 6:30pm

    Re:

    You beat me to the punch.
    I'm old enough to remember that time the US government sold weapons to Iran to pay death squads in Central America to murder people.
    Why wouldn't they? Its not like there are any consequences if they get caught.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.