back to article Amnesty International and French media protection org claim massive misuse of NSO spyware

Amnesty International and French journalism advocacy organisation Forbidden Stories say they've acquired a leaked list of individuals targeted by users of Israeli spyware-for-law-enforcement operator NSO Group, and that Heads of State, academics, diplomats, human rights advocates, and media figures are among those targeted. …

  1. Anonymous Coward
    Anonymous Coward

    And in other news...

    ir appears that a senior adviser to Biden was running PR for these digital terrorists along with a laundry list of other scumbags:

    "Some of ANITA DUNN's private sector work does not exactly align with progressive sensibilities,' 'This is extraordinarily bad news,' and explains that Dunn has done PR recently for Harvey Weinstein, the Keystone XL pipeline, hedge funds after the 2008 recession, Charter school lobbyists and NYC landlords/real estate groups lobbying against rent protections."

    1. Yet Another Anonymous coward Silver badge

      Re: And in other news...

      Is it still PR if your PRs reputation is so bad that hiring that PR means you are evil ?

      A bit like hiring OJ's lawyer for your defence team = I'm guilty

  2. jgarbo
    Facepalm

    No surprise

    AI, at least, has been a CIA honey pot for years. I'd consider them sloppy if they weren't spying on members and associates. Next...

  3. Anonymous Coward
    Anonymous Coward

    It's interesting, isn't it, that so many of these vulnerabilities in smart phones are found by Israeli companies. Suggests that Mossad has been busy around Google and Apple, no?

    1. stiine Silver badge
      Facepalm

      no

      it suggests that they've bought some of them.

    2. James12345
      Facepalm

      Did the Mossad steal your shoe?

      I think if Google and Apple knew about the vulnerabilities, they would fix them, and not keep them in a file marked "Stuff that breaks our products, but we can't be bothered to fix", while they wait for a third party to find the file.

      1. Anonymous Coward
        Anonymous Coward

        Did the Mossad steal your shoe?

        If the shoe fits....

      2. Claptrap314 Silver badge

        Ever hear of "won't fix"? How about "bug bankruptcy"?

        There is precisely one company selling securable phones--RIM. They don't have a retail sales channel.

        1. Michael Wojcik Silver badge

          "securable phones"? That's adorable.

          (Also, RIM no longer exists. They're "BlackBerry Limited" now.)

    3. henryd

      Why the Mossad?

      Why target the Mossad? More likely highly capable civilian software engineers who have spotted a vulnerability and have simply exploited it.

      NSO are in the same situation as gun makers who also disclaim any responsibility for their use. We'll just have to live with it.

      BTW I'm sure that everyones at it, it's just that NSO do it better. I reckon that if NSO was not Israeli then Amnesty, a vocal enemy of Israel, wouldn't show nearly as much interest.

      1. Freddie

        Re: Why the Mossad?

        I think Amnesty is better described as a vocal enemy of human rights abuses.

        There are often mixups with Isreal but we must remember that while *some people* in Israel commit egregious rights abuses, most people there do not, so we should be careful not to mislabel.

    4. Anonymous Coward
      Anonymous Coward

      mostly Unit 8200 graduates - I'd be surprised if they didn't make money out of cybersecurity

  4. This post has been deleted by its author

  5. Pete 2 Silver badge

    Mostly harmless

    > a majority of which are in the EU or OECD, commit that they will use our products responsibly," the report states.

    not exactly a ringing endorsement.

    Just do a "Guantanamo" and move your dodgy operations to a jurisdiction that is not in the EU or OECD.

    1. Michael Wojcik Silver badge

      Re: Mostly harmless

      "commit that they will use our products responsibly"

      "And then they giggle uncontrollably for a bit. We have no idea why."

  6. Anonymous Coward
    Anonymous Coward

    NSO itself already faces a lawsuit from Facebook...

    Yes, but only after FB first tried to purchase exploits from NSO to be able to dig deeper into iPhone's walled garden to steal more user data.

    (allegedly)

    1. doublelayer Silver badge

      Re: NSO itself already faces a lawsuit from Facebook...

      And they deny that though it's Facebook, so it'd be entirely in character. Doesn't change my view though. I'm hoping that Facebook manage to trample NSO out of existence. If they could do that by spending massive amounts of money causing them to crash slightly afterward, that's just a bonus.

  7. Roger Kynaston Silver badge
    Pirate

    I am shocked!

    TLAs abuse their positions of trust. Whatever next? Good on Amnesty et al to uncover this though. Another stage in the great game of cat and mouse. Note to NSO if they ask you to keep tabs on me, mine is an aging iPhone8.

    1. Yet Another Anonymous coward Silver badge

      Re: I am shocked!

      But it's nice that after millennia of only state level actors being able to spy on masses of peasants the free market has now allowed any young hacker to dream of having this power, and making money from it.

  8. heyrick Silver badge

    NSO's claims that it tightly controls

    Their entire operation is based upon lies, subterfuge, and sneaking things where they shouldn't be.

    It would be irresponsibly naive to think that their PR department would be telling anything resembling the truth, rather than just what they want us to hear.

    1. amanfromMars 1 Silver badge

      Re: NSO's claims that it tightly controls

      It would be irresponsibly naive to think that their PR department would be telling anything resembling the truth, rather than just what they want us to hear. ..... heyrick

      Understandably so, many would say, given the identity of the paid for help, heyrick ........ Cherie Blair's law firm under scrutiny for links to spyware developer NSO

  9. The_Cram

    Old news .....

    as in December 2020 this already was discovered and published by a Canadian group.

    https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

    Somebody should make a little tool to detect if that NSO awful-ware is installed on your phone.

    1. Stork Silver badge

      Re: Old news .....

      True, but this story is as much about how widespread the use and abuse of pegasus is - as in how many comes under "Terrorist & Criminals". Editors on FT and Economist among others.

  10. Chris the bean counter

    Frustrating the client who made each request not revealed

    And a bit surprising. Hopefully will be part of a later leak.

    Otherwise its like reading a whodunnit with the last page torn out..

  11. amanfromMars 1 Silver badge

    No Smoke without Fire

    [NSO Group] styles itself "the world leader in precision cyber intelligence solutions for the sole use of vetted-and-approved, state-administered intelligence and law enforcement agencies". NSO Group has disputed the allegations made by Amnesty and Forbidden Stories.

    Would NSO Group and their groupies also like to try to viably deny the following observation given what we know the NSO Group freely admits to doing ? ......

    amanfromMars [2107190756] ..... points out a massive flaw for further future exploitation on https://www.zerohedge.com/geopolitical/russiagate-luke-hardings-hard-sell

    Everyone is owned by the Israelis. ...... AdenJamesSwift

    Now that is quite obviously fake news, AdenJamesSwift. How about we settle and agree that some Israelites may like to think they can own everyone and/or anyone ...... which one surely cannot help but realise is delusional in extremis and much more of an affliction and affectation or infection than blessing and pressing advantage for a chosen few.

    And what is surely not new news, as strange as that may be, is they be not alone in that maelstrom of madness and mayhem with many an accomplished party competing against them in a virulent and venal and venerable opposition.

  12. Tromos

    Vetted and approved...

    ...or, in other words, passed all the credit checks.

  13. Anonymous Coward
    Anonymous Coward

    Flaws? Really

    It's interesting that OS's and applications are so conveniently vulnerable to spyware design for state security agencies - almost as if those vulnerabilities are entirely deliberate.

    1. Michael Wojcik Silver badge

      Re: Flaws? Really

      If you actually make a little effort to study the vulnerability discovery and development process, and the 0day market, and other aspects of this field, you'll find that there's no need to add deliberate back doors. Modern commodity computing systems are riddled with vulnerabilities which are obviously the product of the same types of development errors we've documented for decades.

      In the vast majority of cases, incompetence more than adequately explains the exploitable vulnerabilities that we find.

      There are some high-profile cases of backdoors, such as the whole sorry Dual_EC_DRBG saga. But for the most part the cost of getting backdoors inserted isn't justified when there are plenty of windfall vulnerabilities lying around.

      1. amanfromMars 1 Silver badge

        Re: Flaws? Really

        In the vast majority of cases, incompetence more than adequately explains the exploitable vulnerabilities that we find. .... Michael Wojcik

        Quite so, Michael, and the abiding problem/opportunity which still very few fully realise and are able to enable taking overwhelming advantage of, is the fact that it not operating systems per se which are hacked and cracked but rather more exploitation of those who be using those operating systems leaving behind them previously closed doors unlocked and unprotected.

  14. Britt Johnston

    another finger pointed

    the French channel FR24 also mentioned a collaboration betreen Mexican security and a drug cartel. The Minister has moved on, but the cartel group stil uses the spyware. The source appeared to be miffed because Pegasus licencing payments were no lomger being paid.

  15. steviebuk Silver badge

    Its funny

    All these politicians want an end to end to end encryption or at least a "backdoor" that "only law enforcement will have access too". Yet we've been saying for years it won't be only them that has access and this perfectly proves the point.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021