How authoritarian states spy on their opponents

Journalists and opposition figures around the world have apparently been spied on using powerful spy software. This is shown by an international research. Actually, it should only be used to track criminals and terrorists.

They have apparently been targeted by intelligence agencies and police authorities around the globe: Hundreds of journalists, human rights activists, lawyers and politicians, including state presidents. Their cell phones were allegedly selected to be monitored with spy software. This is suggested by research conducted by an international consortium of journalists, in which NDR, WDR, "Süddeutsche Zeitung" and the weekly newspaper "Zeit" are also involved. Together with the organization Forbidden Stories and Amnesty International, the journalists have analyzed a data set of more than 50,000 telephone numbers.

It is a list of potential spying targets selected by customers of the Israeli company NSO Group. NSO is one of the leading manufacturers of commercial spy software. The company sells products to law enforcement agencies, intelligence agencies and armies worldwide that can be used to comprehensively spy on cell phones. The company, which was founded in 2010 and is now said to be worth more than a billion euros, has around 60 customers in 40 countries, according to its own figures.

NSO's best-known product is "Pegasus," a Trojan that can be used to infect iPhones and Android smartphones undetected and effortlessly monitor phone calls, text messages, e-mails and even encrypted chats. The software, which is considered one of the most powerful spying programs on the commercial market, can even turn on a device's camera and microphone without being noticed.

Thousands of telephone numbers

According to official accounts, the Israeli manufacturer NSO sells its spy software only to government agencies, which are supposed to use it exclusively in the fight against terrorism and serious crime. In fact, however, research by the "Pegasus Project" suggests that authoritarian regimes also use it to monitor and track political opponents, opposition figures, human rights activists and critical journalists.

The phone list, which includes entries from 2016 to 2021, apparently contains the data of at least ten NSO customers. The journalists' consortium was able to assign thousands of numbers to specific individuals. The list includes cell phone numbers of heads of state and government and high-ranking diplomats. Also included are the numbers of more than 180 journalists, including the editor-in-chief of the British "Financial Times," reporters from the French media "Le Monde," "Mediapart" and "Le Canard Enchainé," a reporter from the U.S. television channel CNN, from "The Wire" in India, an AFP correspondent in Morocco, a television presenter in Mexico and editors from Hungary and Azerbaijan.

 Attacks prevented, crime fought

An opinion written by a U.S. attorney on behalf of NSO said the collection of phone numbers could have many legitimate and completely clean uses that had nothing to do with surveillance or NSO. Even if those numbers had been fed into NSO, it "does not necessarily mean" that this was also "part of an attempt at surveillance." Moreover, this says nothing about whether the use of spy software was also successful. In addition, NSO had no knowledge of the reconnaissance objectives of its customers. The French association Forbidden Stories drew "false, overly broad and defamatory conclusions from the list of data," he said.

"The truth is, NSO Group's technologies have helped prevent terrorist attacks, gun violence, car explosions and suicide bombings," the Israeli company said in response to a request. NSO's products are used daily by authorities "to break pedophilia, sex and drug trafficking rings, locate missing and abducted children," it said, adding that the company is on a "life-saving mission" and will carry it out "unflinchingly and diligently, despite all continued attempts to discredit it with false justifications."

Attack within seconds

According to insiders, when a cell phone is to be attacked with the help of the spying software, this is done in two steps. First, the system checks where the device is located and whether it can be reached. Then, based on this data, the attackers can infect the cell phone with the Pegasus program. In more than a dozen cases from the list investigated by the journalists' consortium, the attack took place less than a minute after the first data query, sometimes it was even only seven seconds.

Traces of the Trojan found on numerous cell phones

In order to verify whether attacks with the "Pegasus" spy software actually took place on the listed phone numbers, the media involved have met with alleged victims of the spying operations in recent months and arranged for random tests to be carried out.

IT experts from the Amnesty International Security Lab in Berlin and the Citizen Lab at the University of Toronto conducted forensic examinations on 44 iPhones belonging to people whose numbers had apparently been selected by NSO customers as potential targets. Traces of attacks with the "Pegasus" software were indeed found on 37 devices, and the Trojan was apparently still active on some phones until July of this year.

The Kashoggi case

According to the experts from Citizen Lab, who have been dealing with the software from the Israeli company NSO for years, the traces on the examined cell phones showed a high degree of correspondence with traces from devices that had already been suspected of being infected with "Pegasus" in the past.

There was also criticism of NSO after indications emerged that the "Pegasus" surveillance software had been used in the environment of Saudi journalist and exiled opposition figure Jamal Khashoggi - which NSO denies. Khashoggi was considered a critic of the royal family and was allegedly murdered by a hit squad in Istanbul in 2018 while visiting the Saudi consulate and his body was subsequently sawed up. The Israeli surveillance program was also allegedly used against Ahmad Mansur, a human rights activist from the United Arab Emirates.

Use also in Europe

The new research by the "Pegasus Project" suggests that the spy software was also used in Europe. In Hungary, for example, several investigative journalists are said to have been attacked with it as recently as 2019. The country does not comment on this. In a statement, however, the government writes that the rule of law prevails in Hungary.

In Azerbaijan, too, there were spying operations against well-known journalists critical of the government, for example against the reporters Khadija Ismayilova and Sevinc Vaqifizi, as forensic analyses of their cell phones revealed. In France, according to the investigation, the cell phone of Edwy Penel, founder of the research platform "Mediapart," was infected, as was that of a well-known reporter for "Le Monde." The analysis of the data and further research indicate that the surveillance was initiated by authorities in Morocco.

The list contains a total of around 10,000 telephone numbers that were apparently entered into the system by NSO customers from Morocco. Around 100 subscribers were identified by name, most of them French telephone numbers. This makes the North African country probably one of the largest customers of the Israeli company. The Moroccan government did not answer specific questions about the use of the Israeli software.

Comments

Post a Comment

Popular posts from this blog

Chrome targeted by criminals: Why users need to update quickly now

A security vulnerability in Google Chrome is currently being exploited by cyber criminals. Malware could land on your PC through it. Read here how you can protect yourself. The Google Chrome browser is currently struggling with some security vulnerabilities. In a blog post , Google warns about a total of seven vulnerabilities, with the majority of these gaps being classified as a "high" threat to users. The vulnerabilities have been fixed in the latest version of Chrome for Windows, Linux and macOS. If you have Chrome version 90.0.4430.85 installed, it can no longer be exploited. If you have an older version of the browser installed, you should update urgently. You can find the download of the new version below these lines. Smartphone users do not have to be afraid of the security vulnerability. Google has not had to take any security measures here for the time being. The security vulnerability probably remained undiscovered by cyber criminals for the time being. So far, noth...
Read more

Face and voice recognition: Why TikTok wants to be allowed to collect biometric data in the USA

TikTok's privacy policy for the US now mentions the collection of biometric data from faces and voices. The background is likely to be a legal dispute that cost the company $92 million. Neue Datenschutzbestimmungen sind oft eher etwas für Juristen, doch die jüngste Aktualisierung von TikTok sollte alle Nutzerinnen und Nutzer in den USA aufhorchen lassen. Denn in den am 2. Juni aktualisierten Datenschutzbestimmungen für die USA ist ein Abschnitt enthalten, den es zuvor nicht gab. Er lautet übersetzt: »Wir sammeln möglicherweise biometrische Identifikationsmerkmale und biometrische Informationen, wie sie im US-Recht definiert sind, wie etwa von deinem Gesicht und deiner Stimme, aus deinen Inhalten.« Im englischsprachigen Original ist von »faceprint« und »voiceprint« die Rede. »Bevor wir damit anfangen«, frage man jedoch nach dem Einverständnis, wenn dies gesetzlich nötig sei, fügte noch TikTok hinzu. In response to an initial inquiry from "TechCrunch" about the ba...
Read more

Microsoft Teams, Zoom, WebEx: Berlin authority warns against popular video systems

After an initial data protection audit, some video service providers have made improvements to their offerings. But the Berlin data protection commissioner still sees serious shortcomings. The State Commissioner for Data Protection in Berlin (Germany), Maja Smoltczyk, advises against using leading video conferencing systems such as Microsoft Teams, Skype, Zoom, Google Meet, GoToMeeting, Teamviewer and Cisco WebEx. The reason is a retest of various offerings. After a number of services had already failed a test of data protection requirements last year, a new test of the major providers did not reveal any substantial improvement. Smoltczyk said that she was pleased "that our comments had persuaded so many providers to improve their offerings, in some cases very significantly, in terms of data protection". There are now enough legally compliant services for a wide range of purposes that there is no reason to break data protection law for video conferencing. However, if a provid...
Read more