Cyberwarfare / Nation-State Attacks , Device Identification , Endpoint Protection Platforms (EPP)

Israeli Government Visits NSO Group Amid Spyware Claims

Meeting Comes After World Leaders Appear on Alleged 'Pegasus' Targeting List
Israeli Government Visits NSO Group Amid Spyware Claims

The Israeli government paid a visit on Wednesday to NSO Group, the controversial company whose spyware is alleged to have been covertly installed on the mobile devices of journalists and activists.

See Also: How Enterprise Browsers Enhance Security and Efficiency

Officials from Israel's Ministry of Defense visited NSO Group, according to The visit was prearranged, the publication reported, and it did not include an audit or examination of computer systems or documents.

In a statement, NSO Group says that it can "confirm that representatives from the Israeli Ministry of Defense visited our offices. We welcome their inspection. The company is working in full transparency with the Israeli authorities. We are confident that this inspection will prove the facts are as declared repeatedly by the company against the false allegations made against us in the recent media attacks."

The visit is a sign that the latest allegations against NSO Group are causing pressure on Israel. Calls have grown stronger from around the world for the country to take a closer look into NSO Group's sales of Pegasus, a powerful type of spyware that can silently infect mobile devices (see: Pegasus Spyware: World Leaders Demand Israeli Probe).

France has pressed Israel to investigate. Also, four U.S. Democratic lawmakers called for the "hacker for hire" industry to be brought under control and sanctions implemented for companies that sell spyware to authoritarian states.

A recent investigation unveiled by Amnesty International and Forbidden Stories, a French-based nonprofit group, alleges that Pegasus is sold to governments which then use it to spy on dissidents, journalists and activists. NSO Group maintains the software is only used for legitimate and authorized law enforcement activities,which include combating crime and terrorism (see: Leak of Alleged Pegasus Target List Restokes Spyware Debate).

Controversial Leak

The findings of Amnesty International and Forbidden Stories were based on a leak of a list of 50,000 phone numbers. The groups say the list represents phone numbers of people who may have been targeted by Pegasus. The source of the list has not been revealed.

Forensic investigators with Amnesty International's Security Lab say 37 devices connected with numbers on the list showed signs of either being targeted or infected with Pegasus.

Those attacks appear to have taken place using network injection techniques or possible zero-day vulnerabilities in applications such as Apple's iMessage, Photos and Music, the researchers contend. The attacks using iMessage appear to be so-called zero-click attacks, which means no interaction with the user is needed to infect a device (see: Spyware Exposé Highlights Suspected Apple Zero-Day Flaws).

Although it has been alleged that NSO Group's software has been misused by its clients, what elevated the situation this time is the presence of phone numbers of high-profile leaders on the list.

The numbers include those for presidents, such as France's Emmanuel Macron, Iraq's Barham Salih and South Africa's Cyril Ramaphosa. There are also three current prime ministers on the list: Pakistan's Imran Khan, Egypt's Mostafa Madbouly and Morocco's Saad-Eddine El Othmani. Seven former prime ministers are on the list and one king, Morocco's Mohammed VI.

NSO Group says the list does not come from the company and is not a targeting list. The company maintains that it complies with Israel's export regulations, which controls how cyber weapons are sold. The company has said it has about 45 government customers that each target about 100 people per year.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.