NSO Group Points Finger at State Clients in WhatsApp Spying Case 

Cyberwar graphic

NSO Group – whose technology is reported to have been used against dozens of targets including Pakistani intelligence officials, Indian journalists and exiled Rwandan political activists – also claimed in legal documents that the lawsuit brought against the company by WhatsApp threatened to infringe on its clients’ “national security and foreign policy concerns”.

Source: NSO Group points finger at state clients in WhatsApp spying case | Espionage | The Guardian

Biden Briefer Defended Israeli Spyware Firm Implicated in Abuses

Anita Dunn
Anita Dunn
Anita Dunn, senior adviser to the Biden campaign and flak for an Israeli private intelligence firm. (Credit: Showtime)

After last night’s Democratic presidential debate, Anita Dunn, senior adviser to the Biden campaign, spun reporters on the Vice President’s performance.

Last years, Dunn, who served as communications director in Barack Obama’s White House, did similar duty for NSO, the spyware firm founded by former Israeli intelligence officers. NSO created the infamous Pegasus intrusion tool, which has been used to harass and disrupt journalists from India to Mexico to Saudi Arabia–and also to pick Jeff Bezo’s pocket.

Dunn’s work for NSO indicates a preference of private power over the public interest. Her condescending remarks about Sanders’ performance embody a certain arrogance that pervades the intersection of big government and corporate power in Washington. She represents the reasons why some Sanders’s supporters are reluctant to support the former Vice President. Dunn, in short, embodies the difficulties of unifying the progressive and moderate wings of the Democratic party going into the 2020 presidential election.

What is NSO?

On the trail of NSO, Asher-Schapiro “has been tracking research by Citizen LabAmnesty International, and other local and international human rights groups involving journalists targeted by Pegasus, a spyware tool that the NSO Group markets and sells to governments. “

Once covertly installed by means of spear-phishing attacks that trick the recipient into clicking on a malicious link, the technology passes control of a phone’s camera, microphone, and contents to the attacker.”

Last year Asher-Schapiro reported in the Columbia Journalism Review on

an attempted Pegasus attack targeting Griselda Triana, the widow of Mexican journalist Javier Valdez. Valdez, the winner of CPJ’s 2011 International Press Freedom Award, was murdered in May 2017; the Mexican government has not charged anyone for ordering the killing, which CPJ believes was in reprisal for his coverage of narcopolitics.

When Asher-Schapiro sought comment from NSO, he directed his questions to Dunn’s staff. Her aides denied wrongdoing.

“We do not tolerate misuse of our products,” an NSO Group spokesperson told CPJ by email. “We regularly vet and review our contracts to ensure they are not being used for anything other than the prevention or investigation of terrorism and crime.” The spokesperson declined to be named because the comment was from the organization, not an individual.

Who Dunn Defends

The privatization of intrusive surveillance technology has enabled repressive forces in India, Mexico, and Saudi Arabia, to spy on independent journalists seeking to hold government accountable. Saudi Arabian intelligence officials reportedly used Pegasus to track dissident Washington Post columnist Jamal Khashoggi before his murder in the Saudi consulate in Istanbul, Turkey in October 2018.

A technical report on the hack of Bezos’s phone (now available on Motherboard) concluded says that the exact type of software used to extract Bezos’s data could not be determined but that it had the same capabilities a as Pegasus.

A backlash against NSO has been growing.

The messaging giant WhatsApp is suing NSO, accusing it of “unlawful access and use” of WhatsApp computers. According to the lawsuit, filed in northern California federal court, the NSO Group developed the malware in order to access messages and other communications after they were decrypted on targeted devices, allowing intruders to bypass WhatsApp’s encryption.

A Washington Post columnist who served as an adviser to NSO recently quit the firm after criticism. Juliet Kayyem, a Harvard professor, resigned after controversy over her role at the spyware group prompted Harvard to cancel an online seminar she was due to host.

The U.S. government and other leading countries will soon require buyers and sellers of intrusion technologies like Pegasus to obtain licenses.

What does Anita Dunn say about defending NSO? Why does Biden rely on her? Stay tuned.

Here’s what Dunn says about the Biden campaign a week ago.

Can a Cold War Treaty Curb the Spyware Industry?

Cyberwar graphic
OPEN Towers of Babel
(Credit: Robin Bell)

From Yossi Melman at Haaretz.com

The change tightens oversight of “intrusion software” designed to break into smartphones and decipher encryption on digital devices. Companies specializing in forensic cybertechnology will be affected most. That’s the field dealing with the development of software that helps law enforcement agencies collect evidence and reconstruct cellphone data in criminal investigations.

The treaty is known as the Wassenaar Arrangement, named after the Dutch city where it created in 1966, governs nine dual-use technologies and 22 categories of weaponry. The pact has its origins in the Cold War and was initially aimed at preventing the transfer of information from NATO countries to the members of the Warsaw Pact, the Communist bloc led by the Soviet Union.

Now the Wassenaar Arrangment will regulate intrusion technologies. Anyone who wants to require wants to buy and sell to them to obtain a license.

Intrusive systems in the forensic cybertechnology world exploit operating systems’ weaknesses to install malware and Trojan horses. One of the most prominent companies in the field is the controversial Israeli firm the NSO Group, which developed a software tool a decade ago called Pegasus that makes use of weaknesses in the design of smartphones to extract data by circumventing the phones’ security systems.

That is expected to make it more difficult for law enforcement (because the need for a license could delay time-sensitive investigations). But it will also make life harder for the tech firms in the field (because the licensing requirement will make it more difficult for them to do business).

Source: For intel firms, changes to Cold War arms treaty could make hacking phones much harder – Israel News – Haaretz.com

Indian Journalists Say They’ve Been Targeted by NSO Spyware

Cyberwar

The Columbia Journalism review reports that five Indian journalists have been notifed by WhatsApp of attempts to hack their phone.

In October 2019, WhatsApp, which is owned by Facebook, sued the Israeli technology firm NSO Group in a United States federal court and accused the company of exploiting a vulnerability in WhatsApp to enable its clients to spy on at least 100 members of civil society around the world. The NSO Group disputed the allegations “in the strongest possible terms” in a statement at the time, on the grounds that it only sells technology to governments to combat terrorism and serious crime.

The Indian journalists believe they have been targeted for their published work. Some said the WhatsApp notification came in conjunction with intimidation or other reprisals from the government for their work. All five denied any involvement in terrorism or serious crimes. They said they don’t know who is responsible.

Gopal Krishna Pillai, who served as home secretary under a Congress Party government between 2009 and 2011 before leaving politics, told CPJ that NSO products are “available and used” by authorities in India, but did not respond to a request to identify the agencies involved. Pillai has told Indian media he was aware of several thousand Indians targeted for surveillance under his tenure. Pillai told CPJ that he believes the current regime is spying more aggressively.

Journalists and human rights activities in Saudi Arabia, Israel, and Mexico have registered similar complaints about NSO.

Juliette Kayyem, a Washington Post columnist and former Obama administration official, recently quit as an adviser to the company after allegations that NSO spyware had been used to track Jamal Khashoggi, the Post columnist murdered in the Saudi consulate in Turkey in October 2018.

Source: After WhatsApp spyware allegations, Indian journalists demand government transparency – Committee to Protect Journalists

Ex-Obama Official and Washington Post Columnist Quits Israeli Spyware Firm

Juliette Kayyem
Juliette Kayyem
Juliette Kayyem speaking at Suffolk University in 2014 (credit: By Suffolk University Law School )

NSO, the Israeli private intelligence firm is becoming notorious. Known for spyware that Saudi Arabia and Mexican drug cartels have used to spy on journalists and dissidents, NSO has sought respectability by hiring Americans like Juliette Kayyem, a Harvard professor and Washington Post columnist.

I noted last last year that Kayyem’s dual positions as a Post columnist and NSO adviser were, shall we say, incompatible. Investigators believe that NSO spyware may have been used by Saudi intelligence to track Washington Post columnist Jamal Khashoggi before he was assassinated by Saudi operatives in Turkey in 2018.

Now Kayyem apparently agrees. She has quit her position at the company

The disclosure of the public departure of Juliette Kayyem, a high-profile national security expert and Harvard professor, as a senior adviser to NSO came just one day after a controversy over her role at the spyware group prompted Harvard to cancel an online seminar she was due to host.

Source: Ex-Obama official exits Israeli spyware firm amid press freedom row | World news | The Guardian