Citizen Lab, a laboratory based at the Munk School of Global Affairs and Public Policy of the University of Toronto which is helping WhatsApp find Israeli spyware-affected users, has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe via the piece of spyware called Pegasus.
The digital assault happened on individuals ranging from Africa, Asia, Europe, the Middle East and North America “that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses”.
After the incident, Citizen Lab volunteered to help WhatsApp identify cases where the suspected targets of this attack were members of civil society, such as human rights defenders and journalists.
“We continue to investigate the incident, and conduct outreach with the individuals targeted with these attacks to assist them in becoming more secure, and to better understand the cases,” Citizen Lab said in a statement.
NSO Group, which also goes by the name Q Cyber Technologies, is an Israeli-based company which develops and sells spyware technology. It is majority owned by Novalpina Capital, a European private equity firm.
NSO Group claims it sells its spyware strictly to government clients only, and all of its exports are undertaken in accordance with Israeli government export laws and oversight mechanisms.
“However, the number of cases in which their technology is used to target members of civil society continues to grow,” said the statement.
WhatsApp on Thursday confirmed that Indian human rights activists and journalists were among those targeted by the Israeli spyware.
Citizen Lab a”along with organizations such as R3D, Privacy International, EFF, and Amnesty International a” has closely tracked how NSO Group’s surveillance technology has been turned against political dissidents, lawyers, journalists, and human rights defenders.
“Although the technology is marketed as a tool to assist governments in lawful investigations into crime and terrorism, Citizen Lab has identified dozens of cases where journalists, human rights activists and defenders, lawyers, international investigators, political opposition groups, and other members of civil society have been targeted with its spyware, called Pegasus,” said Citizen Lab.
To monitor a target, a Pegasus operator uses multiple vectors and tactics, including zero-day exploits and deception, to penetrate security features in popular operating systems and silently install Pegasus without the user’s knowledge or permission.
Once Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.
“The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity, and use the GPS function to track a target’s location and movements,” said Citizen Lab.
The spyware can be placed on phones using multiple vectors, or means of infection. The WhatsApp exploit from May 2019 was one such vector.
In 2017, the wife of a murdered Mexican journalist was sent alarming text messages concerning her husband’s murder, designed to trick her into clicking on a link and infecting her phone with the Pegasus spyware.
In 2018, a close confidant of Jamal Khashoggi was targeted in Canada with a fake package notification, resulting in the infection of his iPhone. Citizen Lab has tracked more than two dozen cases using similar techniques.
According to NSO Group, it develops best-in-class technology to help government agencies detect and prevent a wide-range of local and global threats.
“Our products help government intelligence and law-enforcement agencies use technology to meet the challenges of encryption to prevent and investigate terror and crime,” says the Israeli cyber intelligence form.
However, NSO Group spyware is being sold to government clients without appropriate controls over how it is employed by those clients.
“They are, in turn, using NSO’s technology to hack into the devices of members of civil society, including journalists, lawyers, political opposition, and human rights defenders a” with potential lethal consequences,” Citizen Lab lamented.
The Indian government, however, has denied purchasing Pegasus from NSO Group.