India's Supreme Court Opens Investigation Into Targeting Of Indian Citizens' Phones By NSO Malware

from the is-it-too-late-to-rebrand-as-'International-Pariah' dept

NSO Group's terrible 2021 is flowing seamlessly into an equally terrible 2022. The leak of a list of alleged targets for its malware -- a list that included journalists, activists, government critics, political officials, and religious leaders -- led to an outpouring of discoveries linking the company to abusive deployments of malware by a number of questionable governments.

NSO is currently being sued by two US companies over its malware. Facebook and WhatsApp claim NSO committed terms of service violations by sending malware via the messaging service. Apple claimed the same thing, pointing to the targeting of iPhones owned by users infected with NSO spyware.

Both companies are notifying users who appear to have been targeted by this malware. All over the world, people are reporting they've been targeted, often due to investigations performed by Canada's Citizen Lab and Amnesty International.

Governments are getting into the act as well. The Israeli government -- which once helped NSO broker deals with nearby authoritarians -- is investigating the company. It has also drastically slashed the number of foreign governments it can sell to. Other governments around the world are engaging in their own investigations following reports of residents (or their elected representatives) having been hit with malware payloads created by NSO.

NSO-related phone infections are now part of a federal case in India. The nation's top court has created a committee to look into allegations Indian citizens have been targeted by NSO's Pegasus spyware.

The Supreme Court-appointed Technical Committee looking into the usage of Pegasus against Indian citizens has issued a public notice asking those who believe they have been targeted using the spyware to come forward and say whether they would be willing to let their device be examined by the committee.

The public notice, published in newspapers across the country on 2 January, requests "any citizen of India who has reasonable cause to suspect that her/his mobile has been compromised due to specific usage of NSO grow Israel's Pegasus software (sic)" to contact the committee.

Those who suspect they've been targeted will turn their phones over to the technical committee for examination. They'll receive an image file of the contents of their phone after relinquishing their phones and receive their device back after it has been forensically examined.

This response was prompted by a lawsuit brought against the Indian government for spying on its own citizens using NSO malware. The court also wants the government to answer a few questions as it moves this litigation forward. It wants to know how the malware was used (interception, eavesdropping, etc.), which government entities have access to Pegasus, and whether or not it has been used to target Indian citizens.

Some of those answers will likely be answered by the examination of submitted phones. The others may never receive direct answers -- not if the government chooses to invoke national security mantras rather than discuss its purchase and use of NSO spyware in open court.

So far, the government has chosen to say nothing about alleged targeting of its own constituents, which hasn't made the Supreme Court very happy.

The bench headed by Chief Justice of India NV Ramana criticised the Union government for its refusal to clarify whether it had purchased and used the spyware, and said it had to accept the prima facie case of the petitioners, including victims of Pegasus hacking, and examine their allegations.

The government will be forced to respond. Forensic examinations will uncover malware infections and perhaps even the source of those infections. Refusing to respond to questions now just means answering harder questions later. And it's just more of the same for NSO Group, which is now primarily known for being the enabler of government corruption and oppression.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: india, malware, pegasus, spyware, surveillance
Companies: nso group


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    ECA (profile), 18 Jan 2022 @ 2:17pm

    And the odds?

    That the company will go underground? Hide and sell where no one can find them.
    As to the program.
    Just cause you are smart dont mean others ARNT. That some person/group/country will have the program Dissected, and remove parts that are nto needed to report to the company, and Still use the program.
    Even augment and make things harder to discover the bug sent. Its the same with most of the Virus out there. 1 lead to a new version and another and another. Or even make it so they can have remote access To the phone insted of Just transferring data automatically.
    Then there is remote access with remote installation. We had a virus that would only work under bootup and then disappear. WHICH is a real PAIN to find. As it would leave a copy to be found and make you think you killed it, but it had installed itself into the System Dump files, Which almost no one erases. Then you have a background file that only does 1 thing. It checks to see if the file is still there(its not the virus) and if its gone it reinstalls it.
    The world of antivirus can explain so much about how they were/are created.

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 18 Jan 2022 @ 3:06pm

    A few extra notes

    Realistically, hacking Pegasus is not going to be a lot more difficult than hacking, say, Call of Duty, for pretty much the same reasons. But mind, you still have to build the "game server" for Pegasus, since you are redirecting the malware output to go direct to your system than to NSO's.

    Adding stuff to Pegasus is an entirely different ball game. In most cases, once you've identified what it is actually doing (which exploits it uses), you'll probably toss the rest aside and simply build your own to use the same ones. It's faster.

    Re the virus you describe, there are worse. For instance, malware that only stays resident in memory - no file footprint at all. ROP attacks, which don't even have a separate process ... they just hijack a target vulnerable process and use it. Boot sector viruses and BIOS viruses, which install themselves in the respective locations, recovering from which are exceptionally difficult or impossible. (A boot virus could well do what you described.)

    NSO was technically not a criminal company. "Going Underground", as you put it, changes that dynamic completely. While the programmers working for NSO may not be eager to continue in the actual criminal economy, I can't imagine that they'd want "worked for NSO Group" on their resume, either.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 18 Jan 2022 @ 3:08pm

    Hey, it's India. Wouldn't they be National Security Sutras instead?

    link to this | view in thread ]

  4. identicon
    Arijirija, 18 Jan 2022 @ 10:21pm

    NSO like the taste of their own toes

    They've really put their foot in their mouth, haven't they? And according to the Guardian, HaAretz, and others, they've gone after Israeli citizens as well:
    https://www.theguardian.com/news/2022/jan/18/israeli-citizens-targeted-by-police-using-pegasus -spyware-report-claims

    I wonder how many of the "criminals" targeted by the Israeli police just happen to be anti-corruption activists trying to bring Bibi Netanyahu to book for his rampant career in corruption? (His career in politics may have played second fiddle to his career in corruption; we'll leave it to the courts to decide.)

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.