Israel: Spyware tools of NSO Group allegedly used to spy on activists through WhatsApp security flaws

The products of the NSO Group, which operated in secret for years, were found in 2016 as part of a spying campaign on the iPhone of a now-jailed human-rights activist in the United Arab Emirates through undisclosed Apple security vulnerabilities. Since then, the NSO Group’s spyware has been found on the iPhones of journalists, dissidents, and even nutritionists.

The NSO Group said in a statement on Monday that its spyware was strictly licensed to government agencies and that it would investigate any “credible allegations of misuse.” The company said it would not be involved in identifying a target for its technology, including the lawyer at the center of the latest accusations.

Human Rights organizations have raised concern against the repeatedly evidenced digital attacks targeting human rights defenders, journalists, activists intended to surveil, harass and otherwise interfere with their work. 

Get RSS feed of these results

All components of this story

Item
14 May 2019

Access Now calls for governments action to address threats by surveillance technology

Author: Lucie Krahulcova & Peter Micek, Access Now

"Time to update your WhatsApp (and your surveillance laws)", 13th of May 2019

We remain extremely concerned about the lack of government action to address the threats posed by surveillance technologies to civil society actors across the globe.

This latest security threat put the privacy and security of WhatsApp’s 1.5 billion users at risk, and should convince all large platforms and their investors of the need to encourage disclosure of security vulnerabilities, to share security information with civil society in a timely fashion, and to collaborate with private and public stakeholders to bring accountability and transparency to the surveillance trade. Until governments step up though, we will likely see more victims targeted with impunity by this toxic industry...

 

Read the full post here

Article
14 May 2019

Cyber attacks on activists & advice on how to avoid them

Author: Hans Thoolen

"Beyond WhatsApp and NSO – how human rights defenders are targeted by cyberattacks", 14 May 2019

Friedhelm Weinberg [of] HURIDOCS, published “3 ways activists are being targeted by cyberattacks’ on the website of World Economic Forum. A timely piece in view of the current turmoil surrounding the discovery of spyware crafted by a sophisticated hackers-for-hire, who took advantage of a flaw in WhatsApp.  The Financial Times identified the actor as Israel’s NSO Group, and WhatsApp...describ[ed] hackers as “a private company that has been known to work with governments to deliver spyware.” .As late as Sunday, as WhatsApp engineers raced to close the loophole, a UK-based human rights lawyer’s phone was targeted using the same method... Asked about the WhatsApp attacks, NSO said it was investigating the issue. “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said. “NSO would not, or could not, use its technology in its own right to target any person or organisation, including this individual [the UK lawyer].” ...  Amnesty International is pushing for Israel’s defence ministry to withdraw an export license for NSO Group... NSO Group has been under increased scrutiny after a series of reports about the ways in which its spyware programme has been used against prominent human rights activists... Recently, these companies also started investigating who is behind these attacks... 

Read the full post here

Item
14 May 2019

Joint NGO letter to Novalpina Capital, CC: NSO Group, Francisco Partners

Author: Human Rights Watch, Amnesty International, Committee to Protect Journalists, Privacy International, R3D, Reporters without Borders

"Joint Open Letter to Novalpina Capital, CC: NSO Group, Francisco Partners" April 15th 2019

Novalpina Capital Should Respect and Deliver on Its Commitment to Upholding the UN Guiding Principles on Business and Human Rights

Surveillance technology interferes with the human rights to privacy and to freedom of opinion and expression when it is used in a manner not prescribed by law, is not strictly necessary to meet a legitimate aim, or is not deployed in a manner that is proportionate to that aim. To date, the surveillance industry remains an opaque, reckless, and often defiant business sector, lacking leadership in respecting human rights and addressing harms. This includes NSO Group’s previous owner, Francisco Partners, which rebuffed efforts at outreach, seemingly ignored or dismissed peer-reviewed academic work, and failed to respond to public letters. This blatant disregard for any public engagement and accountability must stop...

Read the full post here

Article
14 May 2019

NSO spyware tools allegely used to break into cellphones of human rights activists through WhatsApp security flaws

Author: Nicole Perlroth & Ronen Bergman, New York Times

NSO, an Israeli firm accused of supplying tools for spying on human-rights activists and journalists now faces claims that its technology can use a security hole in WhatsApp, the messaging app used by 1.5 billion people, to break into the digital communications of iPhone and Android phone users.

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the Facebook-owned company said in a statement.

The WhatsApp hole was used to target a London lawyer who has been involved in lawsuits that accuse NSO Group of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists, the researchers said. The researchers believe the list of targets could be much longer.

The NSO Group said in a statement on Monday that its spyware was strictly licensed to government agencies and that it would investigate any “credible allegations of misuse.” The company said it would not be involved in identifying a target for its technology, including the lawyer at the center of the latest accusations.

Read the full post here

Article
14 May 2019

UK: Human Rights lawyer targeted with NSO technology, repeatedly used against activists

Author: Nick Hopkins & Dan Sabbagh, The Guardian (UK)

"WhatsApp spyware attack was attempt to hack human rights data, says lawyer", 14 May 2019

The UK lawyer whose phone was targeted by spyware that exploits a WhatsApp vulnerability said it appeared to be a desperate attempt by someone to covertly find out the details of his human rights work.The lawyer, who asked not to be named, is involved in a civil case brought against the Israeli surveillance company NSO Group whose sophisticated Pegasus malware has reportedly been used against Mexican journalists, and a prominent Saudi dissident living in Canada. It has been claimed the would-be hacker had also repeatedly attempted to install Pegasus on the lawyer’s phone in recent weeks...” NSO Group said: “NSO’s technology is licensed to authorised government agencies for the sole purpose of fighting crime and terror. The company does not operate the system, and after a rigorous licensing and vetting process, intelligence and law enforcement determine how to use the technology to support their public safety missions. Facebook-owned WhatsApp has encouraged its 1.5 billion users to update to the latest version of the app after discovering the vulnerability... WhatsApp said in a statement: “We have briefed a number of human rights organisations to share the information we can and to work with them to notify civil society.”...

Read the full post here