Wednesday, December 1

Time to clip the wings of NSO and its Pegasus spyware | John naughton

WWhat is the world’s most troubled tech company? Facebook? Google? Palantir? No. It is a small privately owned Israeli company called NSO that most people have never heard of. On your website, describes itself as a “world leader in precision cyber intelligence solutions”. Its software, sold only to “licensed government intelligence and law enforcement agencies,” naturally helps them “legally tackle the most dangerous problems in the world today.” NSO’s technology has helped prevent terrorism, break up criminal operations, find missing persons, and assist search and rescue teams. “

So what is this magic thing? It’s called Pegasus and it’s ultra-sophisticated spyware that covertly penetrates and compromises smartphones. It’s particularly good with Apple phones, which is significant because these devices are generally more secure than Android ones. This positively infuriates Apple, which considers protecting the privacy of its users to be one of its PSUs.

How does Pegasus work? Pay attention, iPhone users, journalists and heads of government: your beloved and trusted device will not emit any beep or any other sound when it is hijacked. But the intruder has gained entry and ever since everything on your phone is instantly accessible to whoever is running the spyware. Your camera can be secretly activated to take pictures, for example, and your microphone is turned on at the whim of a distant observer or listener. Everything you type in iMessage or WhatApp will be read and recorded. And you will have no idea that this is happening. You have been “used as a Pegasus”, so to speak. And the perpetrator can be a government, which is interesting if you are a president like Emmanuel Macron or a prime minister like Imran Khan, but potentially fatal if you are a journalist like Jamal Khashoggi. Those of us who follow these things have known about NSO for quite some time, mainly thanks to the Citizen lab at the University of Toronto, which is the closest civil society has to the National Security Agency. Its researchers have done an excellent job tracing the ways authoritarian regimes have used journalists’ phones. In December of last year, for example, the laboratory published the report from an investigation showing how Pegasus spyware had been used to hack 36 personal phones belonging to Al Jazeera journalists, producers, presenters and executives and a phone number of a London-based journalist from Al Araby TV. Phones were compromised via an invisible zero-click iMessage exploit. The hack was carried out by four Pegasus customers, two of which appeared to be Saudi Arabia and the United Arab Emirates (UAE).

There’s a lot more where that came from. NSO invariable corporate response is that contractual confidentiality prevents it from identifying its customers and that the company does not operate the spyware itself, it simply sells it to sovereign governments and is therefore not responsible for what they do with it. If that reminds you of another industry that sells powerful and potentially dangerous products, join the club. NSO is basically the same as a weapons manufacturer, because its local government considers its software to be a weapon and the company needs an export license before it can sell it to anyone. From which we could infer that the regimes that lay their claws on Pegasus are those that the Israeli government covertly or tacitly approves.

NSO is in the news again because Amnesty International, in collaboration with the Organized Crime and Corruption Reporting Project and 16 media organizations, including the guardian, has launched the project The Pegasus, whose objective is to discover who could have been victims of spyware and tell their stories. The project was triggered when a consortium of journalists gained access to a leak of more than 50,000 phone numbers allegedly entered into a system used for targeting by Pegasus. The list is an interesting read, especially since it identifies governments that are likely to be regular users of Pegasus. These include Mexico, Azerbaijan, Kazakhstan, Hungary, India, Saudi Arabia, the United Arab Emirates, and interestingly, Rwanda.

Until now, NSO’s activities seemed unstoppable: In a Westphalian world of sovereign states that can do whatever they want, if your local government grants you a license to export, then you’re in business. But recently, three things have changed. First, and most importantly, there are new administrations at the helm in Israel and the United States. If Joe Biden decided that the NSO’s activities have suddenly become unacceptable, then a serious phone call to the Israeli prime minister could have an effect. Second, Apple is very angry about its iPhones being compromised and has more technical clout than even the NSO hackers. And finally, the Amnesty project has suddenly brought NSO, blinking, out of the shadows and into the light. A good thing may come of this.

What i’ve been reading

Look east
Why is China trashing its tech industry? it’s a fascinating essay by Noah Smith on his blog. Perhaps it is because the country knows what is really important.

Friends in bad places
Prabhat Patnaik has written a vigorous controversy in the Boston Review on why neoliberalism needs neo-fascists.

Parting words
There is a wonderful parting piece by Jack Thomas in the Boston Globe, written after he was diagnosed with inoperable cancer.

Leave a Reply

Your email address will not be published. Required fields are marked *