Multiple news outlets revealed Friday that Apple notified at least 11 U.S. State Department officials that their iPhones were recently hacked by an unknown party or parties with spyware developed by the private Israeli firm NSO Group.
The “bombshell,” first reported by Reuters, comes after Apple sued NSO Group last month in an effort to protect iPhone users from its Pegasus spyware, which the Israeli company claims to only sell to government law enforcement and intelligence agencies and was the focus of a major reporting project earlier this year.
Citing multiple unnamed sources, The Washington Post and Reuters explained that State Department employees based in Uganda or elsewhere in East Africa were targeted over several months, and the intrusions “represent the widest known hacks of U.S. officials through NSO technology.”
According to the Reuters:
A senior Biden administration official, speaking on condition he not be identified, said the threat to U.S. personnel abroad was one of the reasons the administration was cracking down on companies such as NSO and pursuing new global discussion about spying limits.
The official added that they have seen “systemic abuse” in multiple countries involving NSO’s Pegasus spyware.
The National Security Council said in a statement reported by the Post that “we have been acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to U.S. personnel, which is one of the reasons why the Biden-Harris administration has placed several companies involved in the development and proliferation of these tools on the Department of Commerce’s Entity List.”
Spokespeople for Apple and the State Department declined to comment to Reuters, though the latter also noted that the Commerce Department recently added NSO Group to the Entity List “based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
While officials at the Ugandan Embassy in Washington, D.C. also did not comment, the Israeli Embassy in the U.S. capital gave a statement to Reuters addressing the fact that Israel’s Ministry of Defense approves export licenses for the spyware company.
“Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes,” an Israeli spokesperson said. “The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions.”
An NSO Group spokesperson told the news agency that the relevant accounts were canceled and if an internal investigation finds that “these actions indeed happened with NSO’s tools,” the involved customers “will be terminated permanently and legal actions will take place.” The representative added that the company will “cooperate with any relevant government authority and present the full information we will have.”
Facebook sued NSO in 2019, claiming the Israeli firm’s spyware was used on its messaging service WhatsApp.
“We’ve been calling NSO a national security threat for years,” Will Cathcart, head of WhatsApp, tweeted Friday. “This reporting shows — again — why we need to hold NSO accountable for their actions, and why governments need to support increased security online.”
https://twitter.com/jsrailton/status/1466810704481210391?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1466812157417435148%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fwww.commondreams.org%2Fnews%2F2021%2F12%2F03%2Fbombshell-israeli-spyware-used-hack-iphones-us-state-department-officials
John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto, also responded to the revelations on Twitter, saying that NSO Group has been an “in-plain-sight national security threat for years” and it is “embarrassing that it took a private company to warn them.”
“Are there victims not notified by Apple?” he asked. “How about the overseas-posted personnel using Androids? Does [the State Department] know now? A multi-agency investigation is immediately needed.”
Sen. Ron Wyden (D-Ore.) similarly told the Post that “companies that enable their customers to hack U.S. government employees are a threat to America’s national security and should be treated as such by the government.”
“I want to be sure the State Department and the rest of the federal government has the tools to detect hacks and respond to them quickly,” added Wyden, a member of the Senate Intelligence Committee. “Federal agencies shouldn’t have to rely on the generosity of private companies to know when their phones and devices are hacked.”
https://twitter.com/onekade/status/1466872499212271620?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1466872677487030275%7Ctwgr%5E%7Ctwcon%5Es2_&ref_url=https%3A%2F%2Fwww.commondreams.org%2Fnews%2F2021%2F12%2F03%2Fbombshell-israeli-spyware-used-hack-iphones-us-state-department-officials
Last month, Apple filed a lawsuit in a California-based U.S. district court accusing NSO Group of violating its terms and conditions as well as state and federal laws. Apple is seeking a permanent injunction to ban the firm from using its devices, services, or software.
That suit came after the Pegasus Project — an investigation into NSO’s spyware published in July by more than 80 journalists from 17 media organizations in 10 countries. Coordinated by Forbidden Stories with the technical support of Amnesty International, the project focused on the leak of 50,000 phone numbers of potential surveillance targets, including activists, heads of state, and journalists around the world.
The Pegasus Project spurred worldwide calls for an immediate moratorium on the export, sale, transfer, and use of such spyware. Exiled American whistleblower Edward Snowden — whose leaked documents revealed that in 2007, Israel was flagged as a top espionage threat against the U.S. government — went further, saying in July that NSO Group’s industry “should not exist.”
Truthout Is Preparing to Meet Trump’s Agenda With Resistance at Every Turn
Dear Truthout Community,
If you feel rage, despondency, confusion and deep fear today, you are not alone. We’re feeling it too. We are heartsick. Facing down Trump’s fascist agenda, we are desperately worried about the most vulnerable people among us, including our loved ones and everyone in the Truthout community, and our minds are racing a million miles a minute to try to map out all that needs to be done.
We must give ourselves space to grieve and feel our fear, feel our rage, and keep in the forefront of our mind the stark truth that millions of real human lives are on the line. And simultaneously, we’ve got to get to work, take stock of our resources, and prepare to throw ourselves full force into the movement.
Journalism is a linchpin of that movement. Even as we are reeling, we’re summoning up all the energy we can to face down what’s coming, because we know that one of the sharpest weapons against fascism is publishing the truth.
There are many terrifying planks to the Trump agenda, and we plan to devote ourselves to reporting thoroughly on each one and, crucially, covering the movements resisting them. We also recognize that Trump is a dire threat to journalism itself, and that we must take this seriously from the outset.
Last week, the four of us sat down to have some hard but necessary conversations about Truthout under a Trump presidency. How would we defend our publication from an avalanche of far right lawsuits that seek to bankrupt us? How would we keep our reporters safe if they need to cover outbreaks of political violence, or if they are targeted by authorities? How will we urgently produce the practical analysis, tools and movement coverage that you need right now — breaking through our normal routines to meet a terrifying moment in ways that best serve you?
It will be a tough, scary four years to produce social justice-driven journalism. We need to deliver news, strategy, liberatory ideas, tools and movement-sparking solutions with a force that we never have had to before. And at the same time, we desperately need to protect our ability to do so.
We know this is such a painful moment and donations may understandably be the last thing on your mind. But we must ask for your support, which is needed in a new and urgent way.
We promise we will kick into an even higher gear to give you truthful news that cuts against the disinformation and vitriol and hate and violence. We promise to publish analyses that will serve the needs of the movements we all rely on to survive the next four years, and even build for the future. We promise to be responsive, to recognize you as members of our community with a vital stake and voice in this work.
Please dig deep if you can, but a donation of any amount will be a truly meaningful and tangible action in this cataclysmic historical moment. We are presently looking for 430 new monthly donors in the next 7 days.
We’re with you. Let’s do all we can to move forward together.
With love, rage, and solidarity,
Maya, Negin, Saima, and Ziggy