Israeli spyware traces found in 45 countries

Internet watchdog Citizen Lab identifies notorious spyware infections linked to Israeli NSO Group in countries around the globe.
Wednesday 19/09/2018
A man poses inside a server room at an IT company, for an illustration photo. (Reuters)
A man poses inside a server room at an IT company, for an illustration photo. (Reuters)

LONDON — Researchers say an increasingly notorious brand of Israeli surveillance software is being used further afield than previously known, with possible infections detected around the globe.

The internet watchdog Citizen Lab said it has used an internet survey technique to identify suspected spyware infections linked to the Israeli company NSO Group in 45 countries.

“We found suspected NSO Pegasus (spyware) infections associated with 33 of the 36 Pegasus operators we identified in 45 countries: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia,” Citizen Lab said in a statement on September 18.

The NSO Group, which has been buffeted by recent allegations that its software is being used to hunt down dissidents and civil society figures, said Citizen Lab’s list of nations had several inaccuracies.

The company said in a statement that its software was “specifically designed” to not operate in the United States, one of the countries where the researchers said they had found traces of the malware.

An Israeli woman uses her iPhone in front of the building housing the Israeli NSO group in Herzliya, near Tel Aviv. (AFP)
An Israeli woman uses her iPhone in front of the building housing the Israeli NSO group in Herzliya, near Tel Aviv. (AFP)

A lawsuit filed in a Tel Aviv court on August 30 carried a claim from five Mexican journalists and activists who allege they were spied on using NSO Group software. A second lawsuit was filed in Cyprus by a number of plaintiffs.

The parallel lawsuits underline the growing notoriety of the NSO Group, which is owned by US private equity firm Francisco Partners.

Human rights group Amnesty International on August 1 accused the Israeli company of having crafted the digital tools used to target one of its staffers.

“An Amnesty International staff member has been targeted by a sophisticated surveillance campaign, in what the organisation suspects was a deliberate attempt to spy on its staff by a government hostile to its work,” the rights group said in a statement.

Joshua Franco, Amnesty’s head of technology and human rights, said the hacking attempt was emblematic of the increased digital risk faced by activists worldwide.

NSO said in a written statement that its product was “intended to be used exclusively for the investigation and prevention of crime and terrorism” and that allegations of wrongdoing would be investigated.

Citizen Lab is based at the University of Toronto’s Munk School of Global Affairs. The watchdog has been tracking NSO spyware for two years.

A former employee NSO Group has been charged with stealing intellectual property and trying to sell it for $50 million over the Darknet in a manner that could harm state security, Israel’s Justice Ministry said on July 5.

The former employee, 38, was a senior programmer with access to the company’s servers and proprietary tools, a ministry statement said.

The ministry said the accused was called in for a hearing by NSO on April 29 before his dismissal, after which he downloaded software and information worth hundreds of millions of dollars.

The potential buyer alerted NSO, which called in the police and the suspect was arrested on June 5, the ministry said.

NSO, which has 500 employees and a valuation of at least $900 million, said that no intellectual property or company materials were shared with any third party or otherwise leaked and no customer data or information was compromised.

(AW and news agencies)