JERUSALEM – Security researchers revealed on Monday that spyware from the notorious Israeli hacker company NSO Group was detected on the cellphones of six Palestinian human rights activists, half affiliated with groups the Israeli minister of the Defense controversially claimed involved in terrorism.
The revelation marks the first known case of Palestinian activists being targeted by military-grade spyware Pegasus. Its use against journalists, rights activists and political dissidents from Mexico to Saudi Arabia has been documented since 2015.
A successful Pegasus infection surreptitiously gives intruders access to everything a person stores and does on their phone, including real-time communications.
It is not known who placed the NSO spyware on the activists’ phones, said the researcher who first detected it, Mohammed al-Maskati of the nonprofit Frontline Defenders.
Shortly after identifying the first two intrusions in mid-October, Israeli Defense Minister Benny Gantz said six Palestinian civil society groups were terrorist organizations. Ireland-based Frontline Defenders and at least two of the victims say they see Israel as the prime suspect and believe the designation may have been programmed to try to overshadow the discovery of the hacks, although they did not provide no evidence to support these claims.
Israel has publicly provided little evidence to support the designation of terrorism, which Palestinian groups say is aimed at drying up their funding and silencing opposition to the Israeli military regime. Three of the hacked Palestinians work for civil society groups. The others do not and wish to remain anonymous, says Frontline Defenders.
Forensic findings, independently confirmed by security researchers at Amnesty International and the University of Toronto’s Citizen Lab in a joint technical report, come as NSO Group faces growing condemnation for the abuse of its spyware and that Israel ignite for lax surveillance of its digital surveillance industry. .
Last week, the Biden administration blacklisted the NSO Group and a lesser-known Israeli competitor, Candiru, excluding them from US tech.
When asked about allegations that its software was used against Palestinian militants, NSO Group said in a statement that it does not identify its customers for contractual and national security reasons, is not aware of who they are. hack and sell only to government agencies for use against “serious crime and terror.”
An Israeli defense official said in a brief statement that the naming of the six organizations was based on solid evidence and that any claim that it relates to the use of the NSO software is unfounded. The statement contained no further details and officials declined requests for further comment. The official spoke on condition of anonymity to discuss security issues.
Israel’s Defense Ministry approves the export of spyware produced by NSO Group and other private Israeli companies that recruit some of the country’s top military units with cybernetic capabilities. Critics say the process is opaque.
It is not known precisely when or how the phones were breached, security researchers said. But four of the six pirated iPhones used exclusively SIM cards issued by Israeli telecommunications companies with Israeli area code numbers +972, researchers from Citizen Lab and Amnesty said. This has led them to question NSO Group’s claims that exported versions of Pegasus cannot be used to hack Israeli phone numbers. NSO Group also said it is not targeting US numbers.
Among those hacked was Ubai Aboudi, a 37-year-old economist and US citizen. He heads the seven-person Bisan Center for Research and Development in Ramallah, in the Israeli-occupied West Bank, one of six groups Gantz hit with terrorist designations on October 22.
The other two hacked Palestinians who agreed to be named are researcher Ghassan Halaika of the rights group Al-Haq and lawyer Salah Hammouri of Addameer, also a human rights organization. The other three designated groups are Defense for Children International-Palestine, the Union of Palestinian Women’s Committees and the Union of Agricultural Working Committees.
Aboudi said he lost “all sense of security” because of the “dehumanizing” hacking of a phone that is by his side day and night and contains photos of his three children. He said his wife, the first three nights after learning of the hack, “didn’t sleep at the thought of having such deep intrusions into our privacy.”
He was particularly concerned that eavesdroppers were aware of his communications with foreign diplomats. Researchers’ examination of Aboudi’s phone determined he was infected with Pegasus in February.
Aboudi accused Israel of “sticking the terrorist logo” on the groups after failing to persuade European and other governments to cut their financial support.
Israel says the groups are linked to the Popular Front for the Liberation of Palestine, a leftist political faction with an armed wing that has killed Israelis. Israel and Western governments view the PFLP as a terrorist group. Aboudi served a 12-month sentence last year after being convicted of involvement in the PFLP, but denies ever having been with the group.
Tehilla Shwartz Altshuler, a legal expert at the Israel Institute of Democracy, called the results “truly disturbing,” especially if there is evidence that Israeli security agencies, which are largely exempt from the country’s privacy laws, used commercial spyware from NSO Group.
“It actually complicates the government’s relationship with NSO,” said Altshuler, if the government is indeed both a client and a regulator in a relationship conducted in secrecy.
Aboudi, along with representatives of Al-Haq and Addameer, held a press conference in the occupied West Bank on Monday in which they condemned the hacks as an attack on civil society. Addameer director Sahar Francis has called for an international investigation.
“Of course, we are not going to shut down our organizations,” Francis said. “We will continue our work, continue to provide services.”
Frontline Defenders executive director Andrew Anderson said the NSO group could not be trusted to ensure its spyware is not used illegally by its customers and that Israel should face international blame if he does not bring the company into line.
“If the Israeli government refuses to take action, it should have consequences in terms of regulating trade with Israel,” he said by email.
Al-Maskati, the researcher who discovered the hacks, said he was first alerted on October 16 by Halaika, whose phone was reportedly hacked in July 2020. Al-Haq maintains sensitive communications with the International Criminal Court, among others. , involving alleged human rights violations.
“As human rights defenders living under occupation, we think it was the (Israeli) occupation,” Halaika said when asked who he believed was behind the hack.
The phone of the third named hacker victim, Hammouri, was apparently compromised in April, the researchers said. A dual French national living in Jerusalem, Hammouri has already served a seven-year sentence for security breaches, and Israel considers him an agent of the PFLP, claims he denies.
Hammouri declined to speculate on who was behind the hack, saying “we need to determine who had the capacity and who had the motive.”
After Halaika alerted him, Al-Maskati said he scanned 75 phones of Palestinian activists, finding the six infections. He could not determine how the phones were hacked, he said, although the timeline of evidence he encountered pointed to the use of a so-called NSO Group “iMessage zero-click” exploit used on iPhones. The exploit is very effective, requiring no user intervention, as phishing attempts typically do.
Facebook sued NSO Group for using a somewhat similar exploit that allegedly intruded through its globally popular WhatsApp encrypted messaging app.
A snowball of new revelations about the hacking of public figures – including Hungarian investigative journalists, the fiancee of murdered Saudi journalist Jamal Khashoggi and an ex-wife of the ruler of Dubai – has occurred since a consortium of international news organizations reported in July on a list of possible NSO group surveillance targets. The list was obtained from an anonymous source by Amnesty International and the Paris-based non-profit journalism association Forbidden Stories. Among those listed was an Associated Press reporter.
On this list of 50,000 phone numbers, reporters from various news agencies were able to confirm at least 47 additional successful hacks, the Washington Post reported. NSO Group has denied ever having maintained such a list.
Bajak reported from Lima, Peru.