Thursday, September 23

US Expresses Concern with Israeli Officials Over Pegasus Revelations | Surveillance

The White House has raised concerns to top Israeli officials about allegations that governments around the world have used spyware sold by the Israeli surveillance company NSO Group to monitor journalists and activists and, potentially, government officials with close ties. with the US

Brett McGurk, one of the Biden administration’s top advisers in the Middle East, privately raised questions about NSO in a meeting last week with Zohar Palti, a senior official in the Israeli Defense Ministry, according to Axios reports and the Washington Post.

Palti reportedly told McGurk that the controversy was being taken very seriously and that Israel was examining whether it needed to change the rules on how offensive cyber weapons were sold to other countries.

Fast guide

What’s in the Pegasus project data?


What’s in the data leak?

The data breach is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as persons of concern by government clients of the NSO Group, which sells surveillance software. The data also contains the time and date the numbers were selected or entered into a system. Forbidden Stories, a Paris-based non-profit journalistic organization, and Amnesty International initially had access to the list and shared access with 16 media organizations, including The Guardian. More than 80 journalists have worked together for several months as part of the Pegasus project. The Amnesty Security Laboratory, a technical partner of the project, conducted the forensic analyzes.

What does the leak indicate?

The consortium believes the data indicates potential targets that NSO’s government clients identified prior to possible surveillance. While the data is an indication of intent, the presence of a number in the data does not reveal whether there was an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any attempts were made. success. The presence in the data of a very small number of landlines and US numbers, which NSO says are “technically impossible” to access with its tools, reveals that some targets were selected by NSO customers despite that they couldn’t be infected with Pegasus. However, forensic examinations of a small sample of mobile phones with numbers on the list found close correlations between the time and date of a number in the data and the start of Pegasus activity, in some cases as little as a few seconds.

What did the forensic analysis reveal?

Amnesty examined 67 smartphones where attacks were suspected. Of these, 23 were successfully infected and 14 showed signs of attempted penetration. For the remaining 30, the tests were inconclusive, in several cases because the phones had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, Android phones do not record the kind of information required for Amnesty detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Amnesty shared “backups” of four iPhones with Citizen Lab, a research group at the University of Toronto that specializes in studying Pegasus, which confirmed that they showed signs of Pegasus infection. Citizen Lab also conducted a peer review of Amnesty’s forensic methods and found them to be robust.

Which NSO customers were selecting numbers?

While the data is organized into groups, indicative of individual NSO customers, it does not say which NSO customer was responsible for selecting a particular number. NSO claims to sell its tools to 60 clients in 40 countries, but refuses to identify them. By closely examining the targeting pattern of individual clients in the leaked data, media partners were able to identify 10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary , India. and the United Arab Emirates. Citizen Lab has also found evidence that all 10 are NSO customers.

What does NSO Group say?

You can read the full statement from NSO Group here. The company has always said that it does not have access to the data of its clients’ objectives. Through its attorneys, NSO said the consortium had made “incorrect assumptions” about which clients are using the company’s technology. He said the number of 50,000 was “exaggerated” and that the list could not be a list of “target numbers for governments using Pegasus”. Attorneys said NSO had reason to believe that the list accessed by the consortium “is not a list of numbers targeted by governments using Pegasus, but may be part of a larger list of numbers that could have been used by NSO Group customers for other purposes “. purposes ”. They said it was a list of numbers that anyone could look up in an open source system. After further questions, the attorneys said the consortium was basing its findings β€œon a misleading interpretation of the leaked data from basic accessible and open information, such as HLR’s search services, that have no bearing on the target list. from customers of Pegasus or any other NSO Products … we still do not see any correlation of these lists with anything related to the use of technologies of the NSO Group ”. After publication, they explained that they considered a “target” to be a phone that was the subject of a successful or attempted (but failed) infection by Pegasus, reiterating that the list of 50,000 phones was too large to represent “targets.” . “From Pegasus. They said the fact that a number appeared on the list in no way indicated whether it had been selected for surveillance using Pegasus.

What is HLR search data?

The term HLR, or Home Location Register, refers to a database that is essential for operating mobile phone networks. Such logs keep records of phone users’ networks and their general locations, along with other identifying information that is routinely used to route calls and text messages. Telecommunications and surveillance experts say that HLR data can sometimes be used in the initial phase of a surveillance attempt, when identifying whether it is possible to connect to a phone. The consortium understands that NSO customers have the ability through an interface in the Pegasus system to perform HLR search queries. It is unclear whether Pegasus operators must perform HRL search queries through their interface to use their software; An NSO source emphasized that their customers may have different reasons, unrelated to Pegasus, for conducting HLR searches through an NSO system.

Thank you for your comments.

Under current rules, Israel’s defense ministry reviews applications for export licenses before NSO’s surveillance technology is sold to a foreign country. NSO has said the reviews are rigorous and take into account a country’s human rights record.

The development comes two weeks after the Pegasus Project, a journalism consortium that includes The Guardian and 16 other media partners, revealed details of a massive leak of the phone numbers of people believed to have been selected as candidates for a possible surveillance by government clients of NSO. , including Saudi Arabia, the United Arab Emirates and Hungary.

The phone numbers for French President Emmanuel Macron and Joe Biden’s envoy to Iran, Robert Malley, were among the tens of thousands who were apparently considered persons of concern by NSO clients.

Forensic analysis of dozens of phones by Amnesty International’s security lab, a technical partner of the Pegasus project, found that many of the phones analyzed and included in the leaked list had been infected by NSO’s spyware, called Pegasus, or that infections had been attempted.

When NSO’s Pegasus spyware infects a phone, government customers using it can gain access to a person’s phone conversations, messages, photos, and location, as well as turn the phone into a portable listening device by tampering with its tape recorder.

The leak contains a list of more than 50,000 phone numbers that NSO customers are believed to have identified as persons of interest since 2016.

The appearance of a number in the leaked list does not mean that it has been the subject of a successful hacking attempt. NSO said Macron was not a “target” of any of its clients, which means the company denies that there has been any attempted or successful Pegasus infection on its phone. It says it is technically impossible for its foreign government clients to point to US phone numbers with Pegasus.

NSO has also said the data is “irrelevant” to the company, and has dismissed the Pegasus project report as “full of flawed assumptions and unsubstantiated theories.” He denied that the leaked data represented those who were being monitored by the Pegasus software. NSO has called the number of 50,000 exaggerated and said it was too large to represent Pegasus’ target people.

The Washington Post, a partner in the Pegasus project, reported Thursday that an Israeli official had confirmed contact in recent days between US and Israeli officials about the consortium’s findings, and that Israeli officials had told their US counterparts that the matter was being taking seriously.

Israel has also reportedly launched its own investigation into the matter.

Israeli authorities inspected NSO offices near Tel Aviv on Wednesday, at the same time that Defense Minister Benny Gantz arrived for a pre-arranged visit to Paris in which the Pegasus disclosures were discussed with his French counterpart.

Early media reports described the movements at NSO’s offices as a raid, but the company said in a statement that authorities had “visited” rather than raided its facilities.

NSO said it had been informed in advance that Defense Ministry officials responsible for overseeing commercial exports of sensitive cyber exports would conduct an inspection. “The company is working in full transparency with the Israeli authorities,” he said.

Leave a Reply

Your email address will not be published. Required fields are marked *