NSO Spyware Used To Snoop On US State Department Employees Stationed In Uganda

from the just-another-day-at-work-for-NSO-Group dept

Israeli exploit seller NSO Group has long past reached the limits of its non-denials and deflection attempts. There's only bad news on the horizon for the tech company, which would be a lot less disheartening for the company if it hadn't been preceded by months of bad news.

Already considered morally suspect due to its decision to sell powerful phone hacking tools to human rights violators, NSO has since proven to be pretty much amoral. Investigations uncovering abuse of its spyware to hack phones of journalists and activists began to surface three years ago before a leaked database of alleged spyware targets was given to investigators and journalists. Since then, NSO has waged a losing battle with a seemingly endless onslaught of revelations that put its hacking tools in the hands of bad actors and its powerful spyware (Pegasus) in the phones of journalists, activists, lawyers, diplomats, politicians, and religious leaders.

NSO was sued by WhatsApp and Facebook in 2019 for using the messaging app to send malware to targets. It was sued by Apple just a couple of weeks ago for targeting iPhone users. It is facing investigations in a handful of countries, including its home base. It has been blacklisted by the US Commerce Department and its list of governments it can sell to has been drastically trimmed by the Israeli government, from 102 to 37.

The question now is: does NSO Group even feel it when news breaks about additional misuse of its spyware? Or does it just prompt an exasperated "what now?!" from its execs as it tries to figure out how to remain viable in the future? Whatever the case is, this latest revelation isn't going to get its Commerce Department blacklisting lifted any time soon.

iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.

The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said.

The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology.

The Reuters report says the source of the hacking hasn't been identified. But one can assume it was entities opposed to whatever aims the US State Department hopes to achieve in Uganda, which apparently includes simply trying to meet with opposition leaders. People don't spy on people whose aims are allied with theirs. And attribution has limited worth. Entities willing to abuse spyware to hack the phones of political opponents -- especially those operating under diplomatic immunity -- aren't really going to care if their wrongdoing is exposed.

And NSO only has to care now because it has spent years claiming it does everything it can to prevent misuse of its powerful malware -- only to have that assertion exposed as a lie with six months of uninterrupted news releases showing its hacking tools have been misused multiple times by multiple entities. Accompanying this steady drip of news reports has been zero evidence of NSO's asserted oversight or willingness to terminate contracts with entities who've abused its malware.

NSO's response to this report is no different than its response to several others: it will do something about this now that it has made international headlines.

"If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place..."

That's meaningless. NSO claims it has no visibility into its customers' actions and, if this is true, it has no way of investigating these claims. It's all just noise, something almost less substantial than a "no comment." The State Department's response means more: it simply pointed to NSO's blacklisting by the federal government. And that's pretty much all that needs to be said by witnesses and victims of these hacking attempts. NSO is running out of bridges to burn. There will always be a market for easily abused malware. But it's becoming much more difficult to keep these abuses secret and that's what has harmed NSO the most.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: malware, pegasus, spyware, state department, surveillance
Companies: nso group


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 6 Dec 2021 @ 12:35pm

    If it was the US hacking phones of Ugandan diplomats using NSO technology, would it even make the news? The US spies on everyone, so why are they complaining when they are spied upon?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Dec 2021 @ 12:48pm

    well maybe not so much

    Sorry Tim, this is just untrue.....
    "People don't spy on people whose aims are allied with theirs."

    But thanks for all your hard work in keeping us up to speed on the bad-doers and shenanigans being pulled across the globe! Love TD!

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Dec 2021 @ 1:40pm

      Re: well maybe not so much

      Agreed. I read that statement and did a double take.

      The NSA has been spying on European leaders for years according to this and more recently this.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Dec 2021 @ 4:10pm

        Re: Re: well maybe not so much

        A good part of the Five Eyes agreement is explicitly spying on your allies and then sharing that information with said allies ... again, specifically to get around laws and regulations against spying on your own citizens.

        link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 6 Dec 2021 @ 1:42pm

    "People don't spy on people whose aims are allied with theirs."

    Ms. Merkel would disagree.

    link to this | view in chronology ]

  • identicon
    Rocky, 6 Dec 2021 @ 3:03pm

    Sorry Tim, this is just untrue.....
    "People don't spy on people whose aims are allied with theirs."

    Well, he isn't really wrong but the reality is that even though allies publicly seem to have the same aims what the reality is may differ substantially.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.