U.S. State Department phones hacked with Israeli company spyware
Apple iPhones of at least nine U.S. State Department
employees were hacked by an unknown assailant using sophisticated spyware
developed by the Israel-based NSO Group, according to four people familiar with
the matter.
The hacks, which took place in the last several months, hit
U.S. officials either based in Uganda or focused on matters concerning the East
African country, two of the sources said.
The intrusions, first reported here, represent the widest
known hacks of U.S. officials through NSO technology. Previously, a list of
numbers with potential targets including some American officials surfaced in
reporting on NSO, but it was not clear whether intrusions were always tried or
succeeded.
NSO Group said in a statement on Thursday that it did not
have any indication their tools were used but canceled the relevant accounts
and would investigate based on the Reuters inquiry.
“If our investigation shall show these actions indeed
happened with NSO’s tools, such customer will be terminated permanently and
legal actions will take place,” said an NSO spokesperson, who added that NSO
will also “cooperate with any relevant government authority and present the
full information we will have.”
NSO has long said it only sells its products to government
law enforcement and intelligence clients, helping them to monitor security
threats, and is not directly involved in surveillance operations.
Officials at the Uganda embassy in Washington did not
comment. A spokesperson for Apple declined to comment.
A State Department spokesperson declined to comment on the
intrusions, instead pointing to the Commerce Department’s recent decision to
place the Israeli company on an entity list, making it harder for U.S.
companies to do business with them.
NSO Group and another spyware firm were “added to the Entity
List based on a determination that they developed and supplied spyware to
foreign governments that used this tool to maliciously target government
officials, journalists, businesspeople, activists, academics, and embassy
workers,” the Commerce Department said in an announcement last month.
Easily identifiable
NSO software is capable of not only capturing encrypted
messages, photos and other sensitive information from infected phones, but also
turning them into recording devices to monitor surroundings, based on product
manuals reviewed by Reuters.
Apple’s alert to affected users did not name the creator of
the spyware used in this hack.
The victims notified by Apple included American citizens and
were easily identifiable as U.S. government employees because they associated
email addresses ending in state.gov with their Apple IDs, two of the people
said.
They and other targets notified by Apple in multiple
countries were infected through the same graphics processing vulnerability that
Apple did not fix until September, the sources said.
Since at least February, this software flaw allowed some NSO
customers to take control of iPhones simply by sending invisible yet tainted
iMessage requests to the device, researchers who investigated the espionage
campaign said.
The victims would not see or need to interact with a prompt
for the hack to be successful. Versions of NSO surveillance software, commonly
known as Pegasus, could then be installed.
Apple’s announcement that it would notify victims came on
the same day it sued NSO Group last week, accusing it of helping numerous
customers break into Apple’s mobile software, iOS.
In a public response, NSO has said its technology helps stop
terrorism and that they’ve installed controls to curb spying against innocent
targets.
For example, NSO says its intrusion system cannot work on
phones with U.S. numbers beginning with the country code +1.
But in the Uganda case, the targeted State Department
employees were using iPhones registered with foreign telephone numbers, said
two of the sources, without the U.S. country code.
A senior Biden administration official, speaking on
condition he not be identified, said the threat to U.S. personnel abroad was
one of the reasons the administration was cracking down on companies such as
NSO and pursuing new global discussion about spying limits.
The official added that they have seen “systemic abuse” in
multiple countries involving NSO’s Pegasus spyware.
Historically, some of NSO Group’s best-known past clients
included Saudi Arabia, the United Arab Emirates and Mexico.
The Israeli Ministry of Defense must approve export licenses
for NSO, which has close ties to Israel’s defense and intelligence communities,
to sell its technology internationally.
In a statement, the Israeli embassy in Washington said that
targeting American officials would be a serious breach of its rules.
“Cyber products like the one mentioned are supervised and
licensed to be exported to governments only for purposes related to
counter-terrorism and severe crimes,” an embassy spokesperson said. “The
licensing provisions are very clear and if these claims are true, it is a
severe violation of these provisions.”
Comments
Post a Comment