NSO Spyware Used To Snoop On US State Department Employees Stationed In Uganda

from the just-another-day-at-work-for-NSO-Group dept

Israeli exploit seller NSO Group has long past reached the limits of its non-denials and deflection attempts. There's only bad news on the horizon for the tech company, which would be a lot less disheartening for the company if it hadn't been preceded by months of bad news.

Already considered morally suspect due to its decision to sell powerful phone hacking tools to human rights violators, NSO has since proven to be pretty much amoral. Investigations uncovering abuse of its spyware to hack phones of journalists and activists began to surface three years ago before a leaked database of alleged spyware targets was given to investigators and journalists. Since then, NSO has waged a losing battle with a seemingly endless onslaught of revelations that put its hacking tools in the hands of bad actors and its powerful spyware (Pegasus) in the phones of journalists, activists, lawyers, diplomats, politicians, and religious leaders.

NSO was sued by WhatsApp and Facebook in 2019 for using the messaging app to send malware to targets. It was sued by Apple just a couple of weeks ago for targeting iPhone users. It is facing investigations in a handful of countries, including its home base. It has been blacklisted by the US Commerce Department and its list of governments it can sell to has been drastically trimmed by the Israeli government, from 102 to 37.

The question now is: does NSO Group even feel it when news breaks about additional misuse of its spyware? Or does it just prompt an exasperated "what now?!" from its execs as it tries to figure out how to remain viable in the future? Whatever the case is, this latest revelation isn't going to get its Commerce Department blacklisting lifted any time soon.

iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.

The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said.

The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology.

The Reuters report says the source of the hacking hasn't been identified. But one can assume it was entities opposed to whatever aims the US State Department hopes to achieve in Uganda, which apparently includes simply trying to meet with opposition leaders. People don't spy on people whose aims are allied with theirs. And attribution has limited worth. Entities willing to abuse spyware to hack the phones of political opponents -- especially those operating under diplomatic immunity -- aren't really going to care if their wrongdoing is exposed.

And NSO only has to care now because it has spent years claiming it does everything it can to prevent misuse of its powerful malware -- only to have that assertion exposed as a lie with six months of uninterrupted news releases showing its hacking tools have been misused multiple times by multiple entities. Accompanying this steady drip of news reports has been zero evidence of NSO's asserted oversight or willingness to terminate contracts with entities who've abused its malware.

NSO's response to this report is no different than its response to several others: it will do something about this now that it has made international headlines.

"If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place..."

That's meaningless. NSO claims it has no visibility into its customers' actions and, if this is true, it has no way of investigating these claims. It's all just noise, something almost less substantial than a "no comment." The State Department's response means more: it simply pointed to NSO's blacklisting by the federal government. And that's pretty much all that needs to be said by witnesses and victims of these hacking attempts. NSO is running out of bridges to burn. There will always be a market for easily abused malware. But it's becoming much more difficult to keep these abuses secret and that's what has harmed NSO the most.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: malware, pegasus, spyware, state department, surveillance
Companies: nso group