Cyberwarfare / Nation-State Attacks
Endpoint Protection Platforms (EPP)
Meeting Comes After World Leaders Appear on Alleged ‘Pegasus’ Targeting List
The Israeli government paid a visit on Wednesday to NSO Group, the controversial company whose spyware has been alleged to have been covertly installed on the mobile devices of journalists and activists.
Officials from Israel’s Ministry of Defense visited NSO Group, according to Calcalist.co.il. The visit was pre-arranged, the publication reported, and it did not include an audit or examination of computer systems or documents.
In a statement, NSO Group says that it can “confirm that representatives from the Israeli Ministry of Defense visited our offices. We welcome their inspection. The company is working in full transparency with the Israeli authorities.”
“We are confident that this inspection will prove the facts are as declared repeatedly by the company against the false allegations made against us in the recent media attacks,” NSO Group says.
The visit is a sign that the latest allegations against NSO Group are in turn causing pressure on Israel. Calls have grown stronger from around the world for the country to take a closer look into NSO Group’s sales of Pegasus, a powerful type of spyware that can silently infect mobile devices (see Pegasus Spyware: World Leaders Demand Israeli Probe).
France has pressed Israel to investigate. Also, four U.S. Democratic lawmakers called for the “hacker for hire” industry to be brought under control and sanction implemented for companies that sell spyware to authoritarian states.
A recent investigation unveiled by Amnesty International and Forbidden Stories, a French based nonprofit group, allege that Pegasus is sold to governments which then turn it on dissidents, journalists and activists. NSO Group maintains the software is only used for legitimate and authorized law enforcement activities, include combating crime and terrorism (see Leak of Alleged Pegasus Target List Restokes Spyware Debate).
The findings of Amnesty and Forbidden Stories were based on a leak of a list of 50,000 phone numbers. The groups say the list represents phone numbers of people who may have been targeted by Pegasus. The source of the list has not been revealed.
Forensic investigators with Amnesty’s Security Lab say 37 devices connected with numbers on the list showed signs of either being targeted or infected with Pegasus.
Those attacks appear to take place using network injection techniques or possible zero-day vulnerabilities in applications such as Apple’s iMessage, Photos and Music, the research contends. The attacks using iMessage appear to be so-called “zero click” attacks, which means no interaction from the user is needed to infect a device (see Spyware Exposé Highlights Suspected Apple Zero-Day Flaws).
Although it has been alleged that NSO Group’s software has been misused by its clients, what elevated the situation this time is the presence of phone numbers of high-profile leaders on the list.
The numbers include presidents such as France’s Emmanuel Macron, Iraq’s Barham Salih and South Africa’s Cyril Ramaphosa. There are also three current prime ministers: Pakistan’s Imran Khan, Egypt’s Mostafa Madbouly and Morocco’s Saad-Eddine El Othmani. Seven former prime ministers are on the list and one king, Morocco’s Mohammed VI.
NSO Group says the list does not come from the company and is not a targeting list. The company maintains that it complies with Israel’s export regulations, which controls how cyber weapons are sold. NSO has said it has around 45 government customers that target around 100 people per year.