Spain: Intelligence Uses NSO Group Malware To Target Catalan Leaders, Federal Judge Refuses To Dismiss WhatsApp Suit
Things began promisingly enough when an over-indulgent
Israeli district court dismissed a lawsuit brought by Amnesty International on
behalf one of its staff members whose phone was hacked by a Gulf state.
The NGO correctly called the ruling “disgraceful:”
“Today’s disgraceful ruling is a cruel blow to people put at
risk around the world by NSO Group selling its products to notorious human
rights abusers. At a moment when NSO and the Israeli MOD [Ministry of Defense]
should be held accountable for their practices, it is appalling that the court
has failed to do so,”
NSO’s client, of course, did employ its Pegasus malware to
hack the staff member’s phone. Despite
the fact that Citizen Lab did a forensic examination of the phone showing it
was hacked by a nation-state, the court ruled that Amnesty had failed to prove
that NSO or one of its customers was responsible for the hack. I’ll bet if the company’s CEO came to court
and admitted the crime the court would have let him off. That’s how much the
Israeli judicial system is in the pocket of the national security state.
Thankfully, a federal court in California ruled completely
opposite in a case brought by Whatsapp regarding another NSO exploit which
targeted 1,400 users and their communications.
The vulnerability was used again by a Gulf State to target its perceived
enemies. When Citizen Lab discovered the
exploit, Whatsapp sued NSO.
The ruling rejected an attempt by NSO’s lawyers to dismiss
the case before trial. The judge found
more than sufficient cause to permit the case to move forward. Though Whatsapp has not won a final victory,
this ruling shows it has a likelihood of prevailing and should be warning sign
to NSO.
NSO is spending tons of money hiring the Big Guns of the DC
lobbying world in its fight against Whatsapp. This portion of one of its
filings reveals that former acting Attorney General, Rod Rosenstein has been
hired to offer legal advice. Of course,
NSO is trying to hire Big Names to show the U.S. legal community that it has
them on its side. And of course
Rosenstein is happy to earn Big Bucks defending the unscrupulous, just as he
once represented Donald Trump.
YCitizen Lab (CL) announced a new set of charges against
NSO, in which the Spanish government’s intelligence agency used Pegasus to hack
the phones of the political leaders of Catalonia including the former
provincial leader, living in exile in Belgium, and the speaker of the regional
parliament. The victims have announced
the filing of a lawsuit against the national intelligence chief.
Another shocking development is an interview published in
Die Welt with NSO CEO, Hulio, in which he contradicts an earlier claim by the
company that it was not responsible for abuse of its products by its clients
because it could not monitor their use of Pegasus. In the interview, Hulio admits that NSO can
and does monitor client use:
Hulio also admits for the first time [that] NSO is, in fact,
able to discover who its customers spy on with the help of Pegasus.
Hulio says that his company only sells the program if
customers agree to allow NSO to document its use. Every step is recorded on
company servers, he says, and NSO has access to those records. If the customer
does not adhere to the agreement, NSO can even remotely disengage Pegasus,
Hulio says. “We can send a command to the system to stop working. It will
prevent from all new installations to happen. So you will not be able to
install it on a new phone. The system will be useless.” He says the company has
even made use of the function on one occasion, although he declines to name the
country and agency involved.
However, Hulio absolves NSO of any culpability for the abuse
of its malware saying that he was in no position to second-guess a client about
the reasons for targeting a particular individual. The moral contortions of this statement are a
sight to behold:
NSO does, in fact, bear some of the responsibility for how
Pegasus is used. And for a private company, that is a huge amount of power,
particularly given that the program has been sold to dozens of countries and
deployed against thousands of people.
Many of those people are innocent of any wrongdoing…Why
wouldn’t NSO prevent a thing like that despite apparently having the ability to
do so?
Hulio prefers to dodge such questions. He doesn’t want his
company’s software to be used to violate human rights, he says. But
intelligence work is challenging and “That’s what it takes to catch the bad
guys sometimes…
The classification of who is a terrorist and who is not, he
says, can certainly be a matter of some contention, with each country having a
different view. But NSO, he insists, has no influence over such debates.
Furthermore, he adds, just because a human rights activist is placed under
surveillance doesn’t mean that there are no legitimate reasons for such
monitoring. “Is a lawyer a legit target? A human rights activist, is he a legit
target? Yes or no? A sixteen year old kid? The answer is: it depends.” What he
means to say is that outsiders are not in a position to determine if the target
of surveillance is innocent or not.
The bullet-riddled body of Juan Cardenas, journalist
murdered by a Mexican drug cartel. After his death, Mexican authorities used
Pegasus to try to hack her phone
But NSO’s role as a direct accessory in the assassination of
Jamal Khashoggi and the prison sentences of numerous human rights activists in
the Gulf mean that it is not an “outsider” at all. Are cigarette companies outsiders when their
customers smoke their product and die of lung cancer? Are gun companies absolved of responsibility
when their products are used to commit mass murder (despite what Congress may
say)?
Citizen Lab has also exposed continuing abuse by the Mexican
government targeting journalists covering criminal operations of drug
cartels. In one recent case, a reporter
who founded a newspaper reporting on drug crime in the heart of a cartel’s
territory was forcibly removed from his car, his body riddled with ten bullets,
his computer and cell phone stolen.
Afterward, his wife, who is also a human rights activist, was targeted
by Pegasus. CL has traced the hack
attempt to the Mexican government. Other
reporters at the same newspaper were also targeted by Pegasus.
If you are wondering why the wife of a reporter murdered by
a drug cartel would have her cell phone hacked by Mexican authorities remember,
there is no line distinguishing drug dealers from the state. Often they are interchangeable.
One of the bitter ironies of this incident is that Hulio
loves to point out that Pegasus was used to capture El Chapo, a notorious
Mexican drug lord. In all his
interviews, he trumpets that Pegasus is meant to expose drug dealers,
terrorists and sex traffickers. He
doesn’t note that often it is his own clients, the police and intelligence
agencies of brutal dictatorships who are the criminals.
The lovely couple, Stephen and Jana Peel, reaping billions
in profits from the blood of murdered journalists
Hulio’s refusal to monitor customers’ use of his product is
a disavowal of moral responsibility.
It’s also ironic that Hulio (like Mark Zuckerberg in his Georgetown
speech) welcomed international regulations to govern the use of cyber-spying
technology. He said his company would adhere to such standards. But he went on to note that it was unlikely
this would ever happen. Clever boy: say you’d be happy to play by the rules, while
blaming the world for not creating any rules to play by.
But this does expose a massive breakdown in international
governance. Cyber-surveillance is a lucrative industry which, by its very
nature, transcends national boundaries. If any commerce was meant to be
regulated globally it would be this one.
The outrageous ruling in the Israeli case proves that nations cannot be
trusted to monitor and regulate companies like NSO. Yet neither the United Nations nor any other
world body has mounted an effort to create such a regulatory body. Doing so is critical if we are to stop the
egregious criminal behavior of companies like NSO.
Venture capitalist, Stephen Peel bought a controlling
interest in NSO a few years ago. Now, he
is seeking a financing syndicate to buy him out and reward him for his
billion-dollar investment. The
syndication is being managed by Jeffries Group.
Citizen Lab has warned both companies of the criminal implications of
the operations of company they are investing in and the operational damage they
could incur by advancing NSO’s commercial interests. Neither Novalpina nor Jeffries appears to
have much in the way of moral compunctions when there are massive amounts of
money to be made.
Comments
Post a Comment