Israel-based NSO Group is once again under the radar. This time, for facilitating hacking of iPhones of U.S. State Department officials through its Pegasus spyware. At least nine officials were targeted using the spyware, either based in Uganda or working on matters concerning the East African country, Reuters reported.
When Apple notified affected iPhone users, sources said the American officials were easily identifiable as U.S. government employees. Their email addresses ended in ‘state.gov’ with their Apple IDs.
NSO Group and Pegasus: The Story So Far
The NSO Group is a spyware company based in Israel. The company admits that government agencies use its technology for preventing, “terrorism, criminal operations, and other criminal activities.
Pegasus is a spyware that attempts to intrude into a target’s phone through a spear-phishing campaign. Once a user clicks on a link that he receives on his phone through a text message or WhatsApp, or email, the link secretly installs spyware on the phone. After a successful installation, it creates a connection to its handler and transmits the desired information including messages, photos, location, and email.
Earlier in July, a consortium of 17 international journalistic organizations published an investigative report. They detailed the attempted and successful hacking of 37 smartphones belonging to journalists, government officials, and human rights activists around the world.
In India, media reports suggested that the surveillance targeted more than 300 mobile numbers, including that of two serving Ministers, three Opposition leaders, one sitting judge, journalists, and activists among others. Media reports suggested that Former Supreme Court judge Arun Mishra, lawyers of Nirav Modi, Christian Michael, Anil Ambani, multiple journalists, were chosen for surveillance using Pegasus.
When the issue reached the Supreme Court, it constituted an expert committee to investigate the allegations. A week after the judgment, the U.S. sanctioned the NSO group along with 3 similar companies. Following the blacklisting, the Israeli government, which controls the export of Pegasus, distanced itself from the issue. Apple has even filed a lawsuit against NSO for surveillance and human rights abuse.
NSO earlier said that its software doesn’t work on smartphones based in the United States. However, the same guarantee is not available if the phones of American citizens are traveling overseas or using foreign cellphones. Simply put, the numbers starting with +1 are secure.
In the present report, sources said that the officials were using iPhones registered with foreign telephone numbers. However, it is not clear who targeted the officials.
In a statement, the NSO group said that it did not have any indication their tools were used. However, it said it ‘canceled access for the relevant customers and would investigate based on the Reuters inquiry’.
“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place.”
The group’s spokesperson further said that NSO will cooperate with any relevant government authority and present the full information they have.
The Israeli embassy in Washington (Israel controls the export of tools like Pegasus) said that the licensing provisions are very clear. Such cyber products are licensed only for purposes related t counter-terrorism and severe crimes. If the claims are true, it is a “severe violation of these provisions”.