Sunday, August 1

Israel to examine whether spyware export regulations should be tightened | Israel

An Israeli commission reviewing allegations that its clients misused NSO Group’s Pegasus spyware to target journalists and human rights activists will examine whether rules on the export of cyber weapons from Israel such as Pegasus should be stricter, said a senior parliamentarian.

The move came when French President Emmanuel Macron called an emergency meeting on cybersecurity after they reported that his mobile phone and those of government ministers appeared on the leaked list.

NSO has said that Macron was not a “target” of any of its clients, which means The company denies that it was selected for surveillance using its spyware, saying in multiple statements that it requires its government clients to only use its powerful spy tools for legitimate terrorism or crime investigations.

Fast guide

What’s in the Pegasus project data?


What’s in the data leak?

The data breach is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as persons of concern by government clients of the NSO Group, which sells surveillance software. The data also contains the time and date the numbers were selected or entered into a system. Forbidden Stories, a Paris-based non-profit journalistic organization, and Amnesty International initially had access to the list and shared access with 16 media organizations, including The Guardian. More than 80 journalists have worked together for several months as part of the Pegasus project. The Amnesty Security Laboratory, a technical partner of the project, conducted the forensic analyzes.

What does the leak indicate?

The consortium believes the data indicates potential targets that NSO’s government clients identified prior to possible surveillance. While the data is an indication of intent, the presence of a number in the data does not reveal whether there was an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any attempts were made. success. The presence in the data of a very small number of landlines and US numbers, which NSO says are “technically impossible” to access with its tools, reveals that some targets were selected by NSO customers despite that they couldn’t be infected with Pegasus. However, forensic examinations of a small sample of mobile phones with numbers on the list found close correlations between the time and date of a number in the data and the start of Pegasus activity, in some cases as little as a few seconds.

What did the forensic analysis reveal?

Amnesty examined 67 smartphones where attacks were suspected. Of these, 23 were successfully infected and 14 showed signs of attempted penetration. For the remaining 30, the tests were inconclusive, in several cases because the phones had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, Android phones do not record the kind of information required for Amnesty detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Amnesty shared “backups” of four iPhones with Citizen Lab, a research group at the University of Toronto that specializes in studying Pegasus, which confirmed that they showed signs of Pegasus infection. Citizen Lab also conducted a peer review of Amnesty’s forensic methods and found them to be robust.

Which NSO customers were selecting numbers?

While the data is organized into groups, indicative of individual NSO customers, it does not say which NSO customer was responsible for selecting a particular number. NSO claims to sell its tools to 60 clients in 40 countries, but refuses to identify them. By closely examining the targeting pattern of individual clients in the leaked data, media partners were able to identify 10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary , India. and the United Arab Emirates. Citizen Lab has also found evidence that all 10 are NSO customers.

What does NSO Group say?

You can read the full statement from NSO Group here. The company has always said that it does not have access to the data of its clients’ objectives. Through its attorneys, NSO said the consortium had made “incorrect assumptions” about which clients are using the company’s technology. He said the number of 50,000 was “exaggerated” and that the list could not be a list of “target numbers for governments using Pegasus”. The attorneys said NSO had reason to believe that the list accessed by the consortium “is not a list of numbers targeted by governments using Pegasus, but may be part of a larger list of numbers that could have been used by the clients of the NSO Group for other purposes ”. They said it was a list of numbers that anyone could look up in an open source system. After further questions, the attorneys said the consortium was basing its findings “on a misleading interpretation of the leaked data from basic accessible and open information, such as HLR’s search services, that have no bearing on the target list. from customers of Pegasus or any other NSO Products … we still do not see any correlation of these lists with anything related to the use of technologies of the NSO Group ”. After publication, they explained that they considered a “target” to be a phone that was the subject of a successful or attempted (but failed) infection by Pegasus, reiterating that the list of 50,000 phones was too large to represent “targets.” . “From Pegasus. They said the fact that a number appeared on the list in no way indicated whether it had been selected for surveillance using Pegasus.

What is HLR search data?

The term HLR, or Home Location Register, refers to a database that is essential for operating mobile phone networks. Such logs keep records of phone users’ networks and their general locations, along with other identifying information that is routinely used to route calls and text messages. Telecommunications and surveillance experts say that HLR data can sometimes be used in the initial phase of a surveillance attempt, identifying whether it is possible to connect to a phone. The consortium understands that NSO customers have the ability through an interface in the Pegasus system to perform HLR search queries. It is unclear whether Pegasus operators must perform HRL search queries through their interface to use their software; An NSO source emphasized that their customers may have different reasons, unrelated to Pegasus, for conducting HLR searches through an NSO system.

Thank you for your comments.

German Chancellor Angela Merkel also added her voice to the growing controversy on Thursday, telling reporters in Berlin that spyware like the NSO should be denied to countries where there was no judicial oversight after it emerged that 14 heads of state were on the list.

When asked if she regretted that the technology sold by the NSO Group had helped undermine freedom of expression in countries ruled by autocratic regimes, Merkel said: “I think it is important that software developed for certain situations does not fall into the wrong hands. There must be restrictive conditions and such software must not be sold to countries where judicial oversight of such attacks cannot be guaranteed. “

The mounting fallout from the Pegasus project revelations, a collaboration of 17 media organizations including The Guardian, which launched Sunday with a series of claims about misuse of the software, have continued to resonate.

In Israel, the prospect of tighter controls on the export of spyware such as Pegasus was raised by Ram Ben-Barak, head of the parliament’s defense and foreign affairs committee, and former deputy director of the Mossad spy agency, on Army Radio, as revealed. that the “country’s defense system [has] appointed a review commission made up of various groups ”.

“We certainly have to look again at this whole issue of the licenses granted by DECA. [Israel’s Defence Exports Control Agency], “he said.” When they finish their review, we will demand to see the results and assess whether we need to make corrections. “

DECA is within the Israel Ministry of Defense and oversees NSO exports. Both the ministry and the company have said that Pegasus is intended to be used to track terrorists and criminals only, and that all foreign customers are vetted governments.

At the heart of the project is a leaked database of some 50,000 mobile phone numbers. The Guardian and other media partners who had access to the data as a party believe the list indicates persons of interest selected by government clients of NSO. It includes some people whose phones showed traces of NSO’s Pegasus spyware, based on forensic analysis of their devices.

However, the appearance of a number in the leaked list does not mean that it was the subject of a successful hacking attempt.

NSO says the database is “irrelevant” to the company and has rejected the Pegasus project reports as “full of erroneous assumptions and unsubstantiated theories.” He denied that the leaked database represented the Pegasus software’s surveillance targets.

The alleged misuse has raised questions within Naftali Bennett’s cross-partisan coalition, one of whose members, the liberal Meretz party, asked Defense Minister Benny Gantz about NSO exports in a meeting Thursday.

Gantz “emphasized the importance of defending human rights in the framework of arms sales,” said a joint statement.

Leave a Reply

Your email address will not be published. Required fields are marked *