back to article European officials reportedly targeted by NSO spyware

Someone at least tried to use NSO Group's surveillance software to spy on European Commission officials last year, according to a Reuters report.  European Justice Commissioner Didier Reynders and at least four commission staffers were targeted, according to the news outlet, citing two EU officials and documentation.  The …

  1. First Light

    Beware the Beast of Brussels

    Their clients picked on the wrong people. Eurocrats are now going to regulate, and fine, the crap out of NSO and its products. The company and its clients will suffocate in red tape.

    1. Anonymous Coward
      Anonymous Coward

      @First Light - Re: Beware the Beast of Brussels

      Well, they deserve being regulated to death. And those Eurocrats should also bring in court the inept developers who though it's cool for my phone to act without any human intervention (the so called zer-click).

    2. jasonbrown1965
      Thumb Up

      Re: Beware the Beast of Brussels

      Two downvotes!

      Must be some zero-click fans on here.

      Or, more probably, anti-bureaucrats.

      While I can empathise with libertarian fears and loathing? I'd rather have large bureaucracies with the power to shut down shithole ops like NSO, than the net become a wtfever free-for-all.

      At least more than it already it is.

    3. Furious Reg reader John

      Re: Beware the Beast of Brussels

      Probably not, as it isn't an EU company, and the Commission won't be able to stop the various member states from using Pegasus or similar anyway.

      I'd be very surprised if the tech involved isn't already understood and security services are not already running their own clones without NSO being involved.

      By the time the Commission has come up with a plan, Pegasus won't even be a thing any more. (Given the ability to detect it now, Pegasus may already be RIP.)

    4. Potemkine! Silver badge

      Another basic misguided anti-european rant

      Why would regulations be bad?

      GDPR, the Charter of Fundamental Rights of the European Union, the European Convention on Human Rights, the European Social Charter are examples of regulations serving the interests of citizens. They help us European citizens to be better protected and safer.

      1. Furious Reg reader John
        WTF?

        Re: Another basic misguided anti-european rant

        Potemkine! - "Another basic misguided anti-european rant" - I can't see any in the thread so far - where the hell has that come from?!?!?!?

      2. First Light

        Re: Another basic misguided anti-european rant

        It was supposed to be a joke, but that obviously didn't come across and has instead touched some Brexit nerves.

        A close relative worked for 30 years at the Commission, so I am in favor of regulations and regulators! However, while I am glad to reside in an EU member state, I am also aware of how choked up and inefficient things can become at the Commission.

        1. Furious Reg reader John
          Facepalm

          Re: Another basic misguided anti-european rant

          "touched some Brexit nerves" - another failed joke? Can't see anything to do with Brexit in the thread....

    5. Justthefacts Silver badge

      Re: Beware the Beast of Brussels

      Yeah. You understand that in this case, “their clients” means a nation government, right?CitizenLab did some clever geographic fingerprinting, and have a list of which countries are doing this.

      https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/

      Out of these, the credible list is: France, Greece, Netherlands, Poland, UK, USA

      The target was the European Justice Minister from 2019 onwards. He doesn’t have military or external trade secrets. Neither the U.K. nor USA are impacted in any way by what goes on in his office.

      So it’s either France, Greece, Netherlands, Poland.

      If you have a look at the heat-map produced by CitizenLabs, it’s *French government* snooping on the EU.

      What were you expecting?

  2. eldakka

    But it sent a statement to Reuters saying that it wasn't responsible, and that targeting EU commissioners and staffers "could not have happened with NSO's tools."

    Just like they can't target US citizens or Israeli nationals?

    Oh wait, NSO sold a version of their software to Israeli organsiation that could target Israeli citizens and offered to US government agencies a version that could target US citizens.

    Not to mention that they are just totally wrong. NSO software can't just 'magically' know that the user of a phone is a US citizen, an Israeli citizen, or a member of the EU commission. What if a US citizen visits Brazil on an extended visa, work permit or long-term tourist visa and decides, reasonably, to get a local Brzailian Telco's phone and phone number so they domn't have to pay international rates for using their US phone in Brazil for contacting locals. Of course the NSO software won't know that that Brazilian telephone number is being used by a US citizen. Likewise, if an EU commissioner decides to get a personal phone from their local telco store down the road - to keep their 'work' and personal life/personas separate - how would NSO 'know' that that number belongs to an EU commissioner and thus not allow targeting of that number?

    Lieing morons, the fucking lot of them.

    1. Pascal Monett Silver badge

      Agreed.

      NSO stating that their software could not be used like that is pure cow manure.

      At best, NSO could have said that all of their clients were aware that their software should not be used like that. That might have been acceptable, except that they specifically created software that hijacks mobile phones.

      You don't do that when you're honest.

  3. Anonymous Coward
    Anonymous Coward

    Why is there not such thing as a virtual phone ?

    One you can spin up from a known image to evade and frustrate malware ?

    1. eldakka

      Re: Why is there not such thing as a virtual phone ?

      There is such software.

      You can get virtual 'online only' phones - that is, they don't actually run on anything you'd recognise as 'a phone'.

      There is nothing 'special' about the mobile phone system that requires a 'physical' mobile phone. If you have the technical know-how and/or access to the right software, you can use a deskotp computer to receive and make 'mobile' calls. All the phone network needs is an IMEI number and a SIM number.

      It's just that currently this is a rather esoteric need, quite niche, therefore the alternatives aren't widely known, supported or available, and those that are, aren't designed with the average consumer in mind, therefore expect a certain level of technical (not just computers but telephone network expertise) knowledge.

      1. Anonymous Coward
        Anonymous Coward

        @eldakka - Re: Why is there not such thing as a virtual phone ?

        Unfortunately the mobile telephony is a tightly closed ecosystem so the problem is not getting a virtual phone. It's the entity that will provide you that phone than can be compelled to offer you a "specially crafted" virtual phone image so you can be spied upon. Even if you control the end-point (good luck with that), those who control the infrastructure will dictate the rules of the game.

        In the end, it's a lot of work with no notable returns in terms of privacy. You will agree with me that these days privacy is worth your weight in gold, that's way everybody and his dog is out to get it.

  4. Anonymous Coward
    Anonymous Coward

    Murder and Deceit.......but mostly "plausible denyability".......

    Known users of NSO Pegasus:

    - Saudi Arabia

    - USA

    ....and if these two are using NSO Pegasus then you can bet that EVERY OTHER FIVE-EYES COUNTRY is also using the software........

    ---and maybe the NSO company might have taken some money from others......Iran? China? Russia? UK? .... who knows?

    So.....maybe carrying an iPhone might not be such a good idea! Cool...Yes!....Problematic...Also Yes!

    Sorry.....my mistake.....should have said iPhone or Android........

    1. Justthefacts Silver badge

      Re: Murder and Deceit.......but mostly "plausible denyability".......

      Put your guess aside, and focus on what we actually know:

      https://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/

      And out of those 45 countries, very few have interest or incentive to snoop on the European Justice Minister. His role is inward-facing only. None of the Five Eyes care what judgements he sends down, as they affect only EU countries.

      Basically, it’s one of France, Greece, Netherlands, Poland. And highly likely to be France, although possibly Poland.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like