Pegasus hacks victim's iPhone following Apple lawsuit against NSO
The group was hacked by clients suspected to be Jordanian government entities of an Israeli business.
According to new evidence, an Apple iPhone was successfully hacked by a government user of NSO Group's Pegasus spyware in December, only weeks after the technology giant sued the Israeli business in a US court and demanded that it be barred from "harming individuals" with Apple devices.
From August 2019 to December 2021, phones belonging to four Jordanian human rights defenders, lawyers, and journalists were hacked by government clients of NSO – which appear to be Jordanian government agencies – according to a report published on Tuesday by security researchers at Front Line Defenders (FLD) and Citizen Lab at the University of Toronto.
The report appears to indicate that Apple customers may still be subject to NSO privacy breaches, despite a November lawsuit by Apple against NSO to "hold them accountable" for surveilling and targetting Apple users.
Citizen Lab at the University of Toronto discovered an exploit that allowed NSO users to infect iPhones with the company's Pegasus spyware via a weakness in the iMessage feature. Apple stated at the time that the flaw had been fixed.
The FLD and Citizen Lab report detailed that "The fact that the targeting we uncovered happened after the widespread publicity around Apple’s lawsuit and notifications to victims is especially remarkable; a firm that truly respected such concerns would have at least paused operations for government clients, like Jordan, that have a widely publicized track record of human rights concerns."
Jordan’s National Center for Cyber Security “categorically denied” the report findings.
The Center told AP that the allegations are "baseless, and Jordan has not cooperated with any agents with the aim of spying on citizens’ phones or censoring their calls."
Once Pegasus has been successfully deployed against a user, it can hack any phone, intercept messages and emails, examine a user's images and position, and transform the phone into a remote listening device, allowing an NSO customer to listen in on a conversation held near the phone.
According to the FLD and Citizen Lab report, three Jordanians had their phones hacked using Pegasus, including a human rights defender named Ahmed Al-Neimat.
Malik Abu Orabi, who represents Al-Neimat and other activists, was hacked at least 21 times, according to the researchers. Suhair Jaradat, a third target, is a human rights activist and journalist who focuses on women's concerns in the media. The researchers discovered that Jaradat had received text messages and WhatsApp messages with links to the Pegasus malware. According to the researchers, the WhatsApp message impersonated a famous anti-government Twitter account in Jordan.
NSO has been behind a slew of cases in which the violation of privacy rights is involved.
In France, Salah Hammouri, a French-Palestinian human rights campaigner, along with the International Federation of Human Rights and the Human Rights League, is suing NSO for violating privacy rights in France.
The mobile phones of Hammouri and five other Palestinian human rights campaigners were hacked using Pegasus, NSO's hallmark malware, according to a FLD study released in November. The results of FLD were independently corroborated with "high confidence" by technical specialists at Citizen Lab and Amnesty International's security lab, two of the world's top authority on such attacks.
An NSO spokeswoman at the time stated that it could neither confirm or deny the name of government clients but that it does not run products and is "not privy to the details of persons monitored."
NSO asked US cell networks for access in exchange for "bags of cash"
In February, according to a whistleblower's confidential disclosure to the Justice Department, the NSO Group offered American mobile-security firm representatives "bags of cash" in exchange for access to global cellular networks.
Gary Miller, a mobile-phone security specialist, said the NSO offer occurred during a conference call in August 2017 between NSO Group managers and representatives of his current employer, Mobileum, a California-based firm that offers security services to cellular operators worldwide. According to Miller, the NSO officials were explicitly looking for access to the SS7 network, which enables cellular firms to route calls and services as their consumers wander the world.
NSO Group had been under fire after an investigation by The Washington Post and 16 media partners found that military-grade spyware leased by the Israeli firm NSO Group to governments was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives, and the two women closest to the murdered Saudi journalist Jamal Khashoggi.
FBI secretly bought Pegasus in 2019, used it domestically: NYT
In an investigation by the New York Times, the NSO Group's Pegasus, considered as the world’s most effective spyware due to its capability of cracking encrypted communications of iPhone and Android smartphones in a reliable way, was found to have been bought secretly by the Federal Bureau of Investigation (FBI).
The investigation was published in The New York Times, under the title “The Battle for the World’s Most Powerful Cyberweapon.”
NYT found that sales of Pegasus played a major role in securing the support of Arab nations in "Israel’s" campaign against Iran and pushing the normalization deals (the so-called “Abraham Accords”) forward.