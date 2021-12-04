Israeli Company’s Spyware Is Used to Target U.S. Embassy Employees in Africa
WASHINGTON – The iPhones of 11 U.S. embassy staff working in Uganda were hacked using spyware developed by Israel’s NSO group, a US blacklisted surveillance company a month ago for allegedly using technology to suppress dissent. Violation acquaintances said Friday.
The hack is the first known case of spyware, known as Pegasus, being used against US officials. Pegasus is a state-of-the-art surveillance system that can be installed remotely in a smartphone to extract voice and video recordings, encrypted communications, photos, contacts, location data and text messages.
There is no indication that the NSO hacked the phone itself, but rather that one of its clients, most of the foreign governments, directed it against the embassy staff.
The recent US crackdown on Israeli companies developing surveillance software used to track the whereabouts of dissidents, listen to their conversations and secretly download files from their phones will only increase tensions with Israel. President Biden plans to push harder on the use of such software, a key component of next week’s summit at the White House, to which he has invited dozens of countries, including Israel.
US diplomats have been hacked in the past, especially by Russia, which has repeatedly hacked the State Department’s unclassified email system. But in this case, the software is written by a company that works closely with one of the most important friends of the United States – and a nation that often conducts cyber operations against Iran, including the National Security Agency.
NSO urges its customers to choose carefully and support many. But the United States concluded last month that the company’s software and its operations run counter to the interests of US foreign policy and are placed on the Commerce Department’s “institution list”, which prevents it from acquiring key technologies.
State Department and Apple spokesmen declined to comment.
The NSO said in a statement that it would conduct an independent inquiry into the allegations and would co-operate with any government inquiry.
“Due to the severity of the allegations, we have decided to immediately terminate the access of concerned customers to the system,” the company said. “So far, we have not received any information or phone numbers or any indication that NSO devices have been used in this case.”
Reuters reported earlier on Friday that Apple had notified US embassy staff in Uganda about the hack last Tuesday. The victims included foreign service officials and locals working for the embassy, all of whom had linked their Apple IDs to their State Department email addresses, said a person familiar with the attack.
“Apple believes you have been targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID,” Apple’s notice said.
“These attackers may be targeting you personally, depending on who you are or what you do. If your device is compromised by a state-sponsored attacker, they will be able to access your sensitive data, communications or even the camera and microphone remotely. While this is likely to be a false alarm, please take this warning seriously, “Apple said in a statement.
NSO is one of the few companies that makes money by exploring vulnerabilities in operating systems and selling devices that can exploit them.
The Washington Post columnist Jamal Khashoggi’s confidante, who was targeted by Saudi activists in Turkey, was targeted by his users; Human rights lawyers in the UAE and Mexico, dissidents and journalists and their families living in the United States.
The Biden administration last month blacklisted NSO, its subsidiaries and an Israeli firm called Candiru, saying it had deliberately supplied spyware used by foreign governments to “maliciously target” the phones of dissidents, human rights activists, journalists and others.
NSO and Candiru are not accused of malicious phone hacking, but of selling devices to clients despite knowing they would be used in malicious attacks.
The blacklist, which barred American suppliers from doing business with those companies, marks a significant breakthrough with Israel and was the White House’s strongest move to curb malpractice in the shady, unregulated global market for spyware.
So far, the targeted government phones have been unclassified and there is no indication that NSO’s actions have been used to access classified information, a senior administration official said.
“We are deeply concerned about this because it poses a real and direct deterrent and security threat to U.S. employees and to U.S. systems around the world,” said a senior administration official.
Apple created a patch in September that addressed vulnerabilities in their mobile operating systems. It protects the patch phone only after the user downloads the updated software, it is possible that hackers may continue to exploit vulnerabilities to infiltrate the updated phone.
Apple has asked State Department employees to take a number of precautions, including updating their iPhones immediately with the latest software available with patches. The company says the attacks Apple found were “ineffective against iOS 15 and later.”
Apple’s notification came to diplomats and the U.S. government after the technology company sued NSO, accusing it of violating the Computer Fraud and Abuse Act, a law passed in 1986, when most computers had less computer power than they do now. Mobile.
It is unknown at this time what he will do after leaving the post. But the gist of the lawsuit, and the inclusion of NSO in the US blacklist, is an attempt to place the Israeli company in the same category as the Chinese or Russian hacking groups or ransomware operators who hire their capabilities.
China has used similar spyware to suppress the Muslim minority, just as Russia has done against dissidents. It is alleged that the ambassador provided the information to Hussein.
But until now it was not known that it was directed at American diplomats.
The government’s action, in conjunction with Apple’s legal action, should be a “multilateral effort” to stop the NSO and make its spying software less effective. According to public reports, Apple has notified people in El Salvador, Uganda and Thailand that their phones have been compromised.
Of concern is that espionage technology is highly secretive and can keep users on the phone without doing anything. It is also very difficult to find out if the phone has been compromised, the official said.
Kellen Browning Contributed to the report in San Francisco, and Ronen Bergman From Tel Aviv.
