Security researchers revealed on Monday that the Pegasus spyware, developed by the Israeli security company NSO Group, was detected on the cellphones of six Arab activists, three of whom are affiliated with the PFLP NGOs Israeli Defense Minister Benny Gantz recently designated as terrorists.
The revelations are included in a Monday article published by Toronto’s Citizen Lab and Amnesty International’s Security Lab, titled, Devices of Palestinian Human Rights Defenders Hacked with NSO Group’s Pegasus Spyware. According to the authors:
In October 2021, the human rights non-governmental organization (NGO) Front Line Defenders (FLD) began collecting data on the suspected hacking of the devices of several Palestinians working for civil society organizations based in the West Bank. FLD shared the data they collected with the Citizen Lab and Amnesty International’s Security Lab for separate independent peer review of their initial findings. FLD’s analysis indicated that six devices belonging to six Palestinian human rights defenders were hacked with Pegasus, spyware developed by the cyber-surveillance company NSO Group. Both the Citizen Lab and Amnesty International’s Security Lab independently confirmed these findings.
Of the six individuals, three consented to be named. Of these three, two individuals are dual-nationals: one French, the other American. Further, all three work at NGOs designated “terrorist organizations” by the Israeli government in October 2021. These designations have been widely condemned internationally, including by prominent international NGOs (including Amnesty International and Human Rights Watch), governmental offices and representatives (such as Sweden’s Minister of International Development Cooperation and Humanitarian Affairs, the High Representative of the EU for Foreign Affairs and Security Policy, Ireland’s Minister of Foreign Affairs and Minister of Defence, the French Ministry of Foreign Affairs, the EU Special Representative for Human Rights, and U.S. Congressional representatives), and UN experts (such as the UN High Commissioner for Human Rights and the UN Special Rapporteur for Freedom of Association). The hacking described in this report took place before this designation.
Pegasus is spyware developed by the NSO Group that can be covertly installed on mobile phones and other devices. The current Pegasus software can reportedly exploit all recent iOS versions. Since 2016, Pegasus has been capable of reading text messages, tracking calls, collecting passwords, tracking locations, accessing the target device’s microphone and camera, and harvesting information from neighboring apps. Named after the winged horse Pegasus from Greek mythology, the spyware is a Trojan horse virus that can be sent “flying through the air” to infect cellphones.
Last Wednesday, the US added the NSO Group to the federal blacklist known as “entity list,” a move that prohibits it from receiving American technologies. The ban was based on findings that NSO’s phone-hacking tools had been used by foreign governments to “maliciously target” government officials, activists, journalists, academics, and embassy workers around the world.
The Washington Post cited sources in Israel who said Israel and other implicated countries were given an hour’s notice before the ban went into effect. At the same time, State Department spokesman Ned Price insisted that the US would not take action against the Israeli government, nor against Russia and Singapore, who also use the spyware.
According to the Associated Press, Defense Minister Gantz’s designation of six PFLP affiliated NGOs as terrorist groups, came shortly after the first two Pegasus intrusions had been identified in mid-October. This suggests that the verification Israel later submitted to the Biden administration regarding the true nature of these groups may have relied on Pegasus’ findings.
It also raises a question regarding the motives behind the administration’s new ban against the NSO Group. Are they too good at what they do?
The table below, published by the report’s authors, summarizes information regarding the targets’ identity and when the targeting occurred. Note that some dates of hacking may not be particularly significant, as zero-click hacking can sometimes be driven by the availability of exploits rather than specific timeframes of interest. Of interest is the fact that four hacked phones exclusively used SIMs issued by Israeli telecoms companies with Israeli (+972) phone numbers. NSO Group has said that exported versions of Pegasus cannot be used to hack Israeli phone numbers:
According to The Washington Post, a top Biden adviser raised concerns about Pegasus to his Israeli counterpart during a July meeting at the White House. Members of Congress have also pushed for sanctions, investigations, and rules to combat spyware abuse, saying “the hacking for hire industry must be brought under control.”
The Washington Post also reported Monday morning that former IDF soldiers claimed that Israel is extensively monitoring Arabs in Judea and Samaria using a combination of facial recognition technology and a network of cameras and smartphones. The soldiers were familiar with this operation, which was launched two years ago using a technology known as “Blue Wolf” that captures Arabs’ faces and links them to a photo database, which one former soldier described as “The Palestinians’ Facebook.” The report also claims that the Old City of Hebron is networked with cameras that scan faces, allowing soldiers to identify Arab faces even before they submit their IDs.