Apple Notifies More Victims Of NSO Malware Hacking Attempts

from the [extremely-1960s-Batman-splash]-THWART!!! dept

Apple's announcement that it was suing Israeli malware purveyor NSO Group for targeting iPhone users was coupled with another, equally dismaying (I mean, for NSO…) announcement: it would be informing targets of malware anytime it detected a suspected intrusion.

Actually, this may be more of a concern for NSO's customers. After all, they're still paying the same licensing fees even if their targets are being warned of hacking attempts. It can't make them happy and -- since it appears many of NSO's customers like to target non-terrorists and non-criminals -- there's really nothing they can do about it. Local entities may be sworn to secrecy with court orders (if those are even obtained) but there's nothing preventing Apple from alerting users that malware might be present on their phones.

Given the long list of seemingly inappropriate targets for NSO's Pegasus spyware -- which includes journalists, activists, dissidents, government critics, political figures, religious leaders, lawyers, ex-wives, etc. -- Apple's policy is the Right Thing To Do. NSO's customers agree to use the spyware to target terrorists and dangerous criminals. They clearly don't do that. If NSO won't stop them (and it won't [until very recently]), this is one way to mitigate the damage.

And so the disclosures have flowed. A Polish prosecutor who dared to offend the ruling party in that country was one of the first notified by Apple's new program. Since then, the floodgates have opened, potentially ruining the surveillance plans of several governments. Here's Carly Page for TechCrunch, rolling out the details on Apple's unwelcome mat.

Apple has sent threat notification alerts to victims of state-sponsored hackers in Thailand, El Salvador and Uganda, just hours after filing a lawsuit against Israeli spyware maker NSO Group.

At least six Thai activists and researchers who have been critical of the government have received the notification, according to Reuters, including Prajak Kongkirati, a political scientist at Bangkok’s Thammasat University, researcher Sarinee Achananuntakul and Thai activist Yingcheep Atchanont of the legal monitoring group iLaw. Citizen Lab, which tracks illegal hacking and surveillance, identified in 2018 a Pegasus spyware operator active within Thailand.

Also on the list: the president of the Democratic party in Uganda (the same nation where US State Dept. employees were targeted) and a dozen employees of El Salvador newspaper, El Faro, which has long been a critic of that country's government.

None of the people listed are legitimate targets for this powerful spyware. NSO has claimed for years its exploits only target the worst of the worst. And for roughly the same number of years, investigations and leaks have shown governments are using the spyware to target critics and political opponents who only pose a threat to their power, rather than public safety or national security.

Fortunately, there's another entity watching these people's backs. Prior to Apple's notification program, it took in-depth research by entities like Canada's Citizen Lab to discover the source of hacking and properly attribute it to NSO malware. Apple presumably can make these determinations much faster, heading off future interception and eavesdropping.

If NSO doesn't like it, it can suck it. It chose to sell to governments with long histories of targeting critics and violating human rights. Its customers can likewise suck it. They've given themselves an infinite amount of leash and NSO's exploits have let them take full advantage of this. Even a minimal amount of thwarting of nefarious doings is welcome in a world where the powerful go unpunished and unchecked far too often.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hacking, malware, pegasus, surveillance
Companies: apple, nso group


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 8 Dec 2021 @ 1:20pm

    I'm about to actually praise Apple for the first time in a long while.

    Kudos for taking a stand.

    I wonder if we'll see Americans targeted by some US govt body.

    link to this | view in thread ]

  2. icon
    katsai (profile), 8 Dec 2021 @ 1:25pm

    Re:

    Oh come on. A part of the US government targeting citizens? I can think of No Such Agency.

    link to this | view in thread ]

  3. icon
    BugMN (profile), 8 Dec 2021 @ 4:45pm

    Israel is the only terrorist state in the Middle East

    And they are living off our tax dollars.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 8 Dec 2021 @ 5:53pm

    The question is, how is Apple notifying affected users? If the notification is via the iOS/iPadOS ecosystem, you can bet that NSO and other miscreants will look for, and possibly find, ways to negate that notification.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 8 Dec 2021 @ 7:46pm

    Jesus fucking Christ. NSO is starting to remind me of A. Q. Khan, especially the "got money, have a bomb" sales attitude.

    link to this | view in thread ]

  6. icon
    migi (profile), 9 Dec 2021 @ 5:55am

    Re: Re:

    That raises an interesting question, is there any chance the NSA's hacking could get detected by this? I suppose it depends on how Apple detects the intrusion and whether they loop in the NSA before sending the notification.
    On the other hand if they stop sending notifications we'll know the NSA told Apple to stop.

    link to this | view in thread ]

  7. icon
    Tanner Andrews (profile), 12 Dec 2021 @ 9:58pm

    Re: Israel is the only terrorist state in the Middle East

    Not entirely sure that Israel is the problem there. If memory serves, it was a different middle-eastern country which

    • funded 9/11 and furnished most of the crews
    • lured and did in Jamal Khashoggi
    • led the war in Yemen

    You may want to use updated information.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.