Apple Notifies More Victims Of NSO Malware Hacking Attempts

from the [extremely-1960s-Batman-splash]-THWART!!! dept

Apple's announcement that it was suing Israeli malware purveyor NSO Group for targeting iPhone users was coupled with another, equally dismaying (I mean, for NSO…) announcement: it would be informing targets of malware anytime it detected a suspected intrusion.

Actually, this may be more of a concern for NSO's customers. After all, they're still paying the same licensing fees even if their targets are being warned of hacking attempts. It can't make them happy and -- since it appears many of NSO's customers like to target non-terrorists and non-criminals -- there's really nothing they can do about it. Local entities may be sworn to secrecy with court orders (if those are even obtained) but there's nothing preventing Apple from alerting users that malware might be present on their phones.

Given the long list of seemingly inappropriate targets for NSO's Pegasus spyware -- which includes journalists, activists, dissidents, government critics, political figures, religious leaders, lawyers, ex-wives, etc. -- Apple's policy is the Right Thing To Do. NSO's customers agree to use the spyware to target terrorists and dangerous criminals. They clearly don't do that. If NSO won't stop them (and it won't [until very recently]), this is one way to mitigate the damage.

And so the disclosures have flowed. A Polish prosecutor who dared to offend the ruling party in that country was one of the first notified by Apple's new program. Since then, the floodgates have opened, potentially ruining the surveillance plans of several governments. Here's Carly Page for TechCrunch, rolling out the details on Apple's unwelcome mat.

Apple has sent threat notification alerts to victims of state-sponsored hackers in Thailand, El Salvador and Uganda, just hours after filing a lawsuit against Israeli spyware maker NSO Group.

At least six Thai activists and researchers who have been critical of the government have received the notification, according to Reuters, including Prajak Kongkirati, a political scientist at Bangkok’s Thammasat University, researcher Sarinee Achananuntakul and Thai activist Yingcheep Atchanont of the legal monitoring group iLaw. Citizen Lab, which tracks illegal hacking and surveillance, identified in 2018 a Pegasus spyware operator active within Thailand.

Also on the list: the president of the Democratic party in Uganda (the same nation where US State Dept. employees were targeted) and a dozen employees of El Salvador newspaper, El Faro, which has long been a critic of that country's government.

None of the people listed are legitimate targets for this powerful spyware. NSO has claimed for years its exploits only target the worst of the worst. And for roughly the same number of years, investigations and leaks have shown governments are using the spyware to target critics and political opponents who only pose a threat to their power, rather than public safety or national security.

Fortunately, there's another entity watching these people's backs. Prior to Apple's notification program, it took in-depth research by entities like Canada's Citizen Lab to discover the source of hacking and properly attribute it to NSO malware. Apple presumably can make these determinations much faster, heading off future interception and eavesdropping.

If NSO doesn't like it, it can suck it. It chose to sell to governments with long histories of targeting critics and violating human rights. Its customers can likewise suck it. They've given themselves an infinite amount of leash and NSO's exploits have let them take full advantage of this. Even a minimal amount of thwarting of nefarious doings is welcome in a world where the powerful go unpunished and unchecked far too often.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hacking, malware, pegasus, surveillance
Companies: apple, nso group