Spyware from Israeli company used to target U.S. Embassy workers in Africa

WASHINGTON – The iPhones of 11 U.S. Embassy Employees Working in Uganda Hacked Using Spyware Developed by Israel’s NSO Group, the Monitoring Firm the U.S. Blacklisted Ago was a month old because she said the technology had been used by foreign governments to quell dissent, several people familiar with the breach said Friday.

The hack is the first known case of spyware, known as Pegasus, used against US officials. Pegasus is a sophisticated surveillance system that can be remotely implanted in smartphones to extract audio and video recordings, encrypted communications, photos, contacts, location data and text messages.

There is no indication that NSO itself hacked the phones, but rather that one of its clients, mostly foreign governments, directed it against embassy employees.

The disclosure is sure to heighten tension with Israel over the recent US crackdown on Israeli companies that make surveillance software that has been used to track dissidents’ locations, eavesdrop on their conversations, and secretly download files that have happened. move on their phones. President Biden plans to make efforts to further crack down on the use of such software, a key part of a summit next week at the White House, to which he has invited dozens of countries, including Israel.

U.S. diplomats have been hacked in the past, including by Russia, which has repeatedly breached the State Department’s unclassified messaging systems. But in this case, the software was written by a company that operates closely with one of America’s most vital allies – and a nation that often conducts cyber operations alongside the National Security Agency, including against Iran.

NSO has long insisted that it select its customers carefully and turn down many. But the United States concluded last month that the company’s software and its operations were against U.S. foreign policy interests, and placed it on the Commerce Department’s “entity list”, which prevents him from receiving key technologies.

Representatives from the State Department and Apple declined to comment.

NSO said in a statement it would conduct an independent investigation into the allegations and cooperate with any government investigation.

“We have decided to immediately terminate the access of affected customers to the system, due to the seriousness of the allegations,” the company said. “At this point, we have not received any information, phone numbers, or any indication that NSO tools were used in this case. “

Reuters reported Earlier on Friday, Apple informed employees of the US Embassy in Uganda on Tuesday of the hack. Those affected include a mix of foreign service officers and locals working for the embassy, ​​all of whom had linked their Apple IDs to their State Department email addresses, according to a person familiar with the attack.

“Apple believes you are the target of state-sponsored attackers who attempt to remotely compromise the iPhone associated with your Apple ID,” the Apple notice states.

“These attackers are probably targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, it may be able to remotely access your sensitive data, communications, or even the camera and microphone. While it is possible that this is a false alarm, please take this warning seriously, ”Apple said in the advisory.

NSO is one of the many companies that make money by finding operating system vulnerabilities and selling tools that can exploit them.

Among those targeted by its users were confidants of Jamal Khashoggi, the Washington Post columnist who was dismembered by Saudi agents in Turkey; a range of human rights lawyers, dissidents and journalists in the Emirates and Mexico, and even their family members living in the United States.

Last month, the Biden administration blacklisted NSO, its subsidiaries and an Israeli company called Candiru, claiming they had knowingly provided spyware that was used by foreign governments to “maliciously target” phones. dissidents, human rights activists, journalists and others.

NSO and Candiru are not accused of malicious hacking into the phones themselves, but of selling tools to customers knowing they would be used in malicious attacks.

The blacklist, which prevents US suppliers from doing business with these companies, represented a remarkable break with Israel and was the most important step the White House has ever taken to combat abuse in the obscure global market and not regulated spyware.

Government phones that have been targeted so far have not been classified, and there is no indication that NSO exploits were used to access classified information, a senior administration official said.

“We were also very concerned about this because it poses a real and real risk of counterintelligence and security for US personnel and US systems around the world,” said a senior administration official.

Apple created a patch in September that fixed the weakness in its mobile operating system. Since this patch only protects a phone after a user downloads the updated software, it is possible that hackers will continue to exploit the weakness to infiltrate phones that have not yet been updated. day.

Apple has asked State Department employees to take several precautions, including immediately updating their iPhones with the latest available software, which includes the fix. The company said the attacks detected by Apple “are ineffective against iOS 15 and later.”

Apple’s notification to diplomats and the U.S. government came after the tech company filed a lawsuit against NSO for what it alleges to be violations of the Computer Fraud and Abuse Act, a law passed in 1986, when de many computers had less computing power than today’s cell phones.

It’s not clear Apple will win, as the law is meant to protect computer users, not manufacturers. But the essence of the lawsuit, and the addition of NSO to an American blacklist, is an attempt to put the Israeli company in the same category as Chinese or Russian hacking groups, or ransomware operators who praise their capabilities. .

China has used similar types of spyware to suppress Muslim minorities, as has Russia against dissidents. It is believed Saudi Arabia used it in the murder of Mr. Khashoggi and in subsequent efforts to cover up the crime.

But until now, it was not known that he was targeting American diplomats.

The government’s actions, combined with Apple’s legal moves, are expected to be a “multi-faceted effort” to shut down NSO and make its spyware less effective. According to public reports, Apple has informed people in El Salvador, Uganda and Thailand that their phones have been compromised.

The concern is that spy technology is extremely stealthy and can be placed on phones without users doing anything. Detecting that a phone has been compromised can also be quite difficult, the official said.

Kellen browning contributed to San Francisco reporting, and Ronen bergman from Tel Aviv.

Comments are closed.