America One of 45 Countries Infected by Uber-Powerful Israeli Smartphone Spyware




<div _ngcontent-c16 = "" innerhtml = "

iPhone malware from an Israeli government contractor is spreading across the globe, researchers warn.

iPhone malware from an Israeli government contractor is spreading across the globe, researchers warn.Jaap Arriens / NurPhoto

Some of the world's most advanced spyware for Android and iPhone is floating around for the first time in America. It is one of the no less than 45 countries in which NSO Group malware was discovered. And together they can propose violations of computer crime of American and other countries against cross-border hacking, not to mention a serious concern for the privacy of citizens, according to the researchers who discovered the professional spy software.

The malware of concern, called Pegasus, is the creation of NSO Group, an Israeli company with a value of nearly $ 1 billion. It can hide itself on Apple or Google devices, spy via the camera, listen through the microphone during conversations, steal documents, and send one-off private messages alongside other cunning activities.

NSO has always protested that its instruments are designed to be used to track down the most gruesome criminals, from terrorists to drug cartels. But the company has become entangled in espionage scandals in Mexico and the United Arab Emirates. In both cases civil rights organizations were in arms that the iPhone malware was targeted at activists, journalists and lawyers, among others who turned out to be completely innocent of any crimes. Last month, Forbes reported that an Amnesty researcher who deals with problems in the UAE was targeted by NSO spyware. And most recently, leaked e-mails recorded in lawsuits in Israel and Cyprus against NSO Group showed that the company had hacked the phone of a journalist working in an Arabic newspaper.

Now it seems that infections from NSO's Pegasus tool have spread to more countries than previously thought. In a report on Tuesday announced researchers from Citizen Lab, based at the University of Toronto, claimed that Pegasus had spread its wings in as many as 45 countries. Previously told Citizen Lab Forbes it had evidence of as many as 174 individual infections on Android and iOS phones.

Bill Marczak, one of the Citizen Lab researchers behind today's report, said it was "very worrying" to see Pegasus infections in as many as 45 countries. He said that six of those countries & # 39; Known spyware abusers & # 39; were, including Bahrain, United Arab Emirates, Saudi Arabia, Kazakhstan, Morocco and Mexico. Two more on the list, Togo and Uzbekistan, may not have been caught earlier on innocents with malware, but had "dubious human rights records," Marczak added.

"It indicates that the market for these tools remains largely unregulated and as long as that is the case, repressive regimes will use them to provide secret surveillance and put people who rule governments into account."

Hunting a Pegasus

Citizen Lab was able to detect Pegasus infections by making "fingerprints". They are formed by unique signifiers of the spy software. For example, a form of encryption may be unique to the malware, or web servers associated with its snooping. Citizen Lab keeps these fingerprints secret for now, but discovered that they could then be detected by scanning the internet.

In total, the researchers discovered 36 "different operators" of the NSO tool, many of whom are likely to be customers. Ten turned out to have infected systems in several countries, including the United Kingdom and America, which may be in violation of US law.

According to the Citizen Lab report, handed over to Forbes prior to publication: "The scope of this activity suggests that spyware is used extensively for government purposes only to conduct activities that may be illegal in the countries where the targets are located.

"For example, we have identified several possible Pegasus customers that are not linked to the United States, but to infections in the US IP space, although some of these infections may allow the use of a VPN or satellite Internet service from abroad through targets reflect, it is possible that several countries are actively violating United States law by penetrating devices within the US … "

VPNs, or Virtual Private Networks, typically take internet traffic through different servers across different geographic areas. It is possible that NSO or its customers have used VPN servers in America instead of infecting mobile phones.

The company has repeatedly tried to break the American market. It once established a company called Westbridge Technologies to sell it in the United States and it was acquired in 2014 by a US private equity firm, Francisco Partners. But until now there was no clear evidence that it was able to find customers in the United States.

Marczak said there were suspected infections of three separate operators of the Pegasus malware. Two were interested in matters related to the Middle East, the other with Mexico.

"It is difficult to exclude unmistakable factors such as VPNs or satellite links," Marczak said Forbes. "That said, the ISPs where we found the suspected infections were Cox, COmcast and Time Warner, my mental model of these companies is that they offer cable services and not necessarily VPN or satellite teleports."

A further five operators were found that focus on European countries, including Croatia, Hungary, Latvia, Poland and Switzerland.

NSO response

NSO Group said it worked in full compliance with applicable laws of all countries, including export control rules.

"Our products have saved the lives of thousands of people, prevented suicide attacks, helped convict members of the drug cartel, facilitated complex crime investigations, and brought kidnapped children back to their parents.These are just a few examples of the critical security support that our systems provide. have offered worldwide, "said a spokesman in a statement sent by e-mail Forbes.

They said there were some problems with the Citizen Lab study. In particular, NSO is not active in many of the 45 countries mentioned, the spokesman added, noting that all contracts were passed by a business ethics committee.

Marczak said that since there were 33 suspected operators with infections in 45 suspected countries, the list necessarily included countries that do not serve Pegasus themselves.

">

iPhone malware from an Israeli government contractor is spreading across the globe, researchers warn.

iPhone malware from an Israeli government contractor is spreading across the globe, researchers warn.Jaap Arriens / NurPhoto

Some of the world's most advanced spyware for Android and iPhone is floating around for the first time in America. It is one of the no less than 45 countries in which NSO Group malware was discovered. And together they can propose violations of computer crime of American and other countries against cross-border hacking, not to mention a serious concern for the privacy of citizens, according to the researchers who discovered the professional spy software.

The malware of concern, called Pegasus, is the creation of NSO Group, an Israeli company with a value of nearly $ 1 billion. It can hide itself on Apple or Google devices, spy via the camera, listen through the microphone during conversations, steal documents, and send one-off private messages alongside other cunning activities.

NSO has always protested that its instruments are designed to be used to track down the most gruesome criminals, from terrorists to drug cartels. But the company has become entangled in espionage scandals in Mexico and the United Arab Emirates. In both cases civil rights organizations were in arms that the iPhone malware was targeted at activists, journalists and lawyers, among others who turned out to be completely innocent of any crimes. Last month, Forbes reported that an Amnesty researcher focusing on problems in the UAE was the target of NSO spyware. And lately, leaked e-mails in lawsuits in Israel and Cyprus against NSO Group seemed to show that the company had hacked the phone of a journalist working in an Arabic newspaper.

Now it seems that infections from NSO's Pegasus tool have spread to more countries than previously thought. In a report released Tuesday, researchers at Citizen Lab, based at the University of Toronto, claimed that Pegasus had spread its wings in as many as 45 countries. Previously told Citizen Lab Forbes it had evidence of as many as 174 individual infections on Android and iOS phones.

Bill Marczak, one of the Citizen Lab researchers behind today's report, said it was "very worrying" to see Pegasus infections in as many as 45 countries. He said that six of those countries & # 39; Known spyware abusers & # 39; were, including Bahrain, United Arab Emirates, Saudi Arabia, Kazakhstan, Morocco and Mexico. Two more on the list, Togo and Uzbekistan, may not have been caught earlier on innocents with malware, but had "dubious human rights records," Marczak added.

"It indicates that the market for these tools remains largely unregulated and as long as that is the case, repressive regimes will use them to provide secret surveillance and put people who rule governments into account."

Hunting a Pegasus

Citizen Lab was able to detect Pegasus infections by making "fingerprints". They are formed by unique signifiers of the spy software. For example, a form of encryption may be unique to the malware, or web servers associated with its snooping. Citizen Lab keeps these fingerprints secret for now, but discovered that they could then be detected by scanning the internet.

In total, the researchers discovered 36 "different operators" of the NSO tool, many of whom are likely to be customers. Ten turned out to have infected systems in several countries, including the United Kingdom and America, which may be in violation of US law.

According to the Citizen Lab report, handed over to Forbes prior to publication: "The scope of this activity suggests that spyware is used extensively for government purposes only to conduct activities that may be illegal in the countries where the targets are located.

"For example, we have identified several possible Pegasus customers that are not linked to the United States, but to infections in the US IP space, although some of these infections may allow the use of a VPN or satellite Internet service from abroad through targets reflect, it is possible that several countries are actively violating United States law by penetrating devices within the US … "

VPNs, or Virtual Private Networks, typically take internet traffic through different servers across different geographic areas. It is possible that NSO or its customers have used VPN servers in America instead of infecting mobile phones.

The company has repeatedly tried to break the American market. It once established a company called Westbridge Technologies to sell it in the United States and it was acquired in 2014 by a US private equity firm, Francisco Partners. But until now there was no clear evidence that it was able to find customers in the United States.

Marczak said there were suspected infections of three separate operators of the Pegasus malware. Two were interested in matters related to the Middle East, the other with Mexico.

"It is difficult to exclude unmistakable factors such as VPNs or satellite links," Marczak said Forbes. "That said, the ISPs where we found the suspected infections were Cox, COmcast and Time Warner, my mental model of these companies is that they offer cable services and not necessarily VPN or satellite teleports."

A further five operators were found that focus on European countries, including Croatia, Hungary, Latvia, Poland and Switzerland.

NSO response

NSO Group said it worked in full compliance with applicable laws of all countries, including export control rules.

"Our products have saved the lives of thousands of people, prevented suicide attacks, helped convict members of the drug cartel, facilitated complex crime investigations, and brought kidnapped children back to their parents.These are just a few examples of the critical security support that our systems provide. have offered worldwide, "said a spokesman in a statement sent by e-mail Forbes.

They said there were some problems with the Citizen Lab study. In particular, NSO is not active in many of the 45 countries mentioned, the spokesperson added, noting that all contracts were passed by a business ethics committee.

Marczak said that since there were 33 suspected operators with infections in 45 suspected countries, the list necessarily included countries that do not serve Pegasus themselves.


Source link

Leave a Reply