Connect with us


Probe: Journalists, activists among firm’s spyware targets

Associated Press




An investigation by a global media consortium based on leaked targeting data provides further evidence that military-grade malware from Israel-based NSO Group, the world’s most infamous hacker-for-hire outfit, is being used to spy on journalists, human rights activists and political dissidents.

From a list of more than 50,000 cellphone numbers obtained by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International and shared with 16 news organizations, journalists were able to identify more than 1,000 individuals in 50 countries who were allegedly selected by NSO clients for potential surveillance.

They include 189 journalists, more than 600 politicians and government officials, at least 65 business executives, 85 human rights activists and several heads of state, according to The Washington Post, a consortium member. The journalists work for organizations including The Associated Press, Reuters, CNN, The Wall Street Journal, Le Monde and The Financial Times.

Amnesty also reported that its forensic researchers had determined that NSO Group’s flagship Pegasus spyware was successfully installed on the phone of Post journalist Jamal Khashoggi’s fiancee, Hatice Cengiz, just four days after he was killed in the Saudi Consulate in Istanbul in 2018. The company had previously been implicated in other spying on Khashoggi.

NSO Group denied in an emailed response to AP questions that it has ever maintained “a list of potential, past or existing targets.” In a separate statement, it called the Forbidden Stories report “full of wrong assumptions and uncorroborated theories.”

The company reiterated its claims that it only sells to “vetted government agencies” for use against terrorists and major criminals and that it has no visibility into its customers’ data. Critics call those claims dishonest — and have provided evidence that NSO directly manages the high-tech spying. They say the repeated abuse of Pegasus spyware highlights the nearly complete lack of regulation of the private global surveillance industry.

The source of the leak — and how it was authenticated — was not disclosed. While a phone number’s presence in the data does not mean an attempt was made to hack a device, the consortium said it believed the data indicated potential targets of NSO’s government clients. The Post said it identified 37 hacked smartphones on the list. The Guardian, another consortium member, reported that Amnesty had found traces of Pegasus infections on the cellphones of 15 journalists who let their phones be examined after discovering their number was in the leaked data.

The most numbers on the list, 15,000, were for Mexican phones, with a large share in the Middle East. NSO Group’s spyware has been implicated in targeted surveillance chiefly in the Middle East and Mexico. Saudi Arabia is reported to be among NSO clients. Also on the lists were phones in countries including France, Hungary, India, Azerbaijan, Kazakhstan and Pakistan.

“The number of journalists identified as targets vividly illustrates how Pegasus is used as a tool to intimidate critical media. It is about controlling public narrative, resisting scrutiny, and suppressing any dissenting voice,” Amnesty quoted its secretary-general, Agnes Callamard, as saying.

In one case highlighted by the Guardian, Mexican reporter Cecilio Pineda Birto was assassinated in 2017 a few weeks after his cell phone number appeared on the leaked list.

AP’s director of media relations, Lauren Easton, said the company is “deeply troubled to learn that two AP journalists, along with journalists from many news organizations” are on the list of the 1,000 potential targets for Pegasus infection. She said the AP was investigating to try to determine if its two staffers’ devices were compromised by the spyware.

The consortium’s findings build on extensive work by cybersecurity researchers, primarily from the University of Toronto-based watchdog Citizen Lab. NSO targets identified by researchers beginning in 2016 include dozens of Al-Jazeera journalists and executives, New York Times Beirut bureau chief Ben Hubbard, Moroccan journalist and activist Omar Radi and prominent Mexican anti-corruption reporter Carmen Aristegui. Her phone number was on the list, the Post reported. The Times said Hubbard and its former Mexico City bureau chief, Azam Ahmed, were on the list.

Two Hungarian investigative journalists, Andras Szabo and Szabolcs Panyi, were among journalists on the list whose phones were successfully infected with Pegasus, the Guardian reported.

Among more than two dozen previously documented Mexican targets are proponents of a soda tax, opposition politicians, human rights activists investigating a mass disappearance and the widow of a slain journalist. In the Middle East, the victims have mostly been journalists and dissidents, allegedly targeted by the Saudi and United Arab Emirates governments.

The consortium’s “Pegasus Project” reporting bolsters accusations that not just autocratic regimes but democratic governments, including India and Mexico, have used NSO Group’s Pegasus spyware for political ends. Its members, who include Le Monde and Sueddeutsche Zeitung of Germany, are promising a series of stories based on the leak.

Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously control the smartphone’s microphones and cameras. In the case of journalists, that lets hackers spy on reporters’ communications with sources.

The program is designed to bypass detection and mask its activity. NSO Group’s methods to infect its victims have grown so sophisticated that researchers say it can now do so without any user interaction, the so-called “zero-click” option.

In 2019, WhatsApp and its parent company Facebook sued NSO Group in U.S. federal court in San Francisco, accusing it of exploiting a flaw in the popular encrypted messaging service to target — with missed calls alone — some 1,400 users. NSO Group denies the accusations.

The Israeli company was sued the previous year in Israel and Cyprus, both countries from which it exports products. The plaintiffs include Al-Jazeera journalists, as well as other Qatari, Mexican and Saudi journalists and activists who say the company’s spyware was used to hack them.

Several of the suits draw heavily on leaked material provided to Abdullah Al-Athbah, editor of the Qatari newspaper Al-Arab and one of the alleged victims. The material appears to show officials in the United Arab Emirates discussing whether to hack into the phones of senior figures in Saudi Arabia and Qatar, including members of the Qatari royal family.

NSO Group does not disclose its clients and says it sells its technology to Israeli-approved governments to help them target terrorists and break up pedophile rings and sex- and drug-trafficking rings. It claims its software has helped save thousands of lives and denies its technology was in any way associated with Khashoggi’s murder.

NSO Group also denies involvement in elaborate undercover operations uncovered by The AP in 2019 in which shadowy operatives targeted NSO critics including a Citizen Lab researcher to try to discredit them.

Last year, an Israeli court dismissed an Amnesty International lawsuit seeking to strip NSO of its export license, citing insufficient evidence.

NSO Group is far from the only merchant of commercial spyware. But its behavior has drawn the most attention, and critics say that is with good reason.

Last month, it published its first transparency report, in which it says it has rejected “more than $300 million in sales opportunities as a result of its human rights review processes.” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation and a strident critic, tweeted: “If this report was printed, it would not be worth the paper it was printed on.”

A new, interactive online data platform created by the group Forensic Architecture with support from Citizen Lab and Amnesty International catalogs NSO Group’s activities by country and target. The group partnered with filmmaker Laura Poitras, best known for her 2014 documentary “Citzenfour” about NSA whistleblower Edward Snowden, who offers video narrations.

“Stop what you’re doing and read this,” Snowden tweeted Sunday, referencing the consortium’s findings. “This leak is going to be the story of the year.”

Since 2019, the U.K. private equity firm Novalpina Capital has controlled a majority stake in NSO Group. Earlier this year, Israeli media reported the company was considering an initial public offering, most likely on the Tel Aviv Stock Exchange.



eBay cyberstalking schemer sentenced to 18 months in prison

Hala Turk



Former eBay security manager Philip Cooke was sentenced on Tuesday to 18 months in prison for his role in an intense cyberstalking campaign against a pair of eBay critics.  

U.S. district judge Allison Burroughs issued the sentence nine months after Cooke was found guilty to conspiracy of cyberstalking and tampering with witnesses. 

According to federal prosecutors and a lawsuit filed last week by the victims, a group of eBay employees led by executives began in 2019 targeting the married couple Ina and David Steiner.  

The couple who oversees publishing an e-commerce blog received live spiders, a Halloween mask of a bloodied pig head, and a book titled “Surviving Loss of a Spouse” from former eBay employees.  

Burroughs addressed the employees’ actions as “really abominable” as she sentenced Cooke for 18 months in prison, followed by a year of home detention and a $15,000 fine. 

“It’s almost unfathomable to me, I’m not sure if I saw it on television, I would find it believable,” the judge added. 

Cooke – a retired police captain in Santa Clara, California – participated earlier in 2019, along with other eBay employees in conducting meetings against the couple. They discussed sending the publishers threatening messages, unwanted deliveries such as the bloodied pig head, and their plan of victims’ surveillance.

The cyberstalking conspirator is the first of seven former eBay workers who have been charged in this case and waiting to be sentenced. Four others have also pleaded guilty. 

Both victims spoke in court describing to the judge that they were afraid to leave their home in Natick, Massachusetts, and were concerned for their safety. 

“We were terrified,” Ina Steiner said. 

The husband further explained that the cyber-stalkers “weaponized their security department to make death threats against my wife, to try (to) burn our business down.”  

In parallel, throughout the court session, Cooke said he should have sought to prevent what became “horrific behavior to please the boss.” 

“It is crystal clear this was all wrong from start to finish,” he said. 

Cooke argued that the brain behind the plan was former eBay senior director of safety and security James Baugh. 

He further blamed his behavior on drinking problems within eBay’s culture, saying in a sentencing memorandum that “drinking was part of the culture, with alcohol present throughout the office space where it was typical to take morning shots of alcohol with coworkers.” 

Prior to Tuesday, before the judicial decision was made, prosecutors had asked the court for a prison sentence of two and a half years for Cooke, describing his actions as part of a “three-week nightmare” for the publishers. 

It’s worth mentioning that the U.S.- based e-commerce corporation was not charged as it already terminated all involved employees earlier in September 2019, and issued an apology last year to the affected individuals. 

Continue Reading


Turn off, turn on: Simple step can thwart top phone hackers

Associated Press



Turn off, turn on Simple step can thwart top phone hackers

As a member of the secretive Senate Intelligence Committee, Sen. Angus King has reason to worry about hackers. At a briefing by security staff this year, he said he got some advice on how to help keep his cellphone secure.

Step One: Turn off phone.

Step Two: Turn it back on.

That’s it. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is — turning a device off then back on again — can thwart hackers from stealing information from smartphones.

Regularly rebooting phones won’t stop the army of cybercriminals or spy-for-hire firms that have sowed chaos and doubt about the ability to keep any information safe and private in our digital lives. But it can make even the most sophisticated hackers work harder to maintain access and steal data from a phone.

“This is all about imposing cost on these malicious actors,” said Neal Ziring, technical director of the National Security Agency’s cybersecurity directorate.

The NSA issued a “best practices” guide for mobile device security last year in which it recommends rebooting a phone every week as a way to stop hacking.

King, an independent from Maine, says rebooting his phone is now part of his routine.

“I’d say probably once a week, whenever I think of it,” he said.

Almost always in arm’s reach, rarely turned off and holding huge stores of personal and sensitive data, cellphones have become top targets for hackers looking to steal text messages, contacts and photos, as well as track users’ locations and even secretly turn on their video and microphones.

“I always think of phones as like our digital soul,” said Patrick Wardle, a security expert and former NSA researcher.

The number of people whose phones are hacked each year is unknowable, but evidence suggests it’s significant. A recent investigation into phone hacking by a global media consortium has caused political uproars in France, India, Hungary and elsewhere after researchers found scores of journalists, human rights activists and politicians on a leaked list of what were believed to be potential targets of an Israeli hacker-for-hire company.

The advice to periodically reboot a phone reflects, in part, a change in how top hackers are gaining access to mobile devices and the rise of so-called “zero-click” exploits that work without any user interaction instead of trying to get users to open something that’s secretly infected.

“There’s been this evolution away from having a target click on a dodgy link,” said Bill Marczak, a senior researcher at Citizen Lab, an internet civil rights watchdog at the University of Toronto.

Typically, once hackers gain access to a device or network, they look for ways to persist in the system by installing malicious software to a computer’s root file system. But that’s become more difficult as phone manufacturers such as Apple and Google have strong security to block malware from core operating systems, Ziring said.

“It’s very difficult for an attacker to burrow into that layer in order to gain persistence,” he said.

That encourages hackers to opt for “in-memory payloads” that are harder to detect and trace back to whoever sent them. Such hacks can’t survive a reboot, but often don’t need to since many people rarely turn their phones off.

“Adversaries came to the realization they don’t need to persist,” Wardle said. “If they could do a one-time pull and exfiltrate all your chat messages and your contact and your passwords, it’s almost game over anyways, right?”

A robust market currently exists for hacking tools that can break into phones. Some companies like Zerodium and Crowdfence publicly offer millions of dollars for zero-click exploits.

And hacker-for-hire companies that sell mobile-device hacking services to governments and law enforcement agencies have proliferated in recent years. The most well known is the Israeli-based NSO Group, whose spyware researchers say has been used around the world to break into the phones of human rights activists, journalists, and even members of the Catholic clergy.

NSO Group is the focus of the recent exposés by a media consortium that reported the company’s spyware tool Pegasus was used in 37 instances of successful or attempted phone hacks of business executives, human rights activists and others, according to The Washington Post.

The company is also being sued in the U.S. by Facebook for allegedly targeting some 1,400 users of its encrypted messaging service WhatsApp with a zero-click exploit.

NSO Group has said it only sells its spyware to “vetted government agencies” for use against terrorists and major criminals. The company did not respond to a request for comment.

The persistence of NSO’s spyware used to be a selling point of the company. Several years ago its U.S.-based subsidy pitched law enforcement agencies a phone hacking tool that would survive even a factory reset of a phone, according to documents obtained by Vice News.

But Marczak, who has tracked NSO Group’s activists closely for years, said it looks like the company first starting using zero-click exploits that forgo persistence around 2019.

He said victims in the WhatsApp case would see an incoming call for a few rings before the spyware was installed. In 2020, Marczak and Citizen Lab exposed another zero-click hack attributed to NSO Group that targeted several journalists at Al Jazeera. In that case, the hackers used Apple’s iMessage texting service.

“There was nothing that any of the targets reported seeing on their screen. So that one was both completely invisible as well as not requiring any user interaction,” Marczak said.

With such a powerful tool at their disposal, Marczak said rebooting your phone won’t do much to stop determined hackers. Once you reboot, they could simply send another zero-click.

“It’s sort of just a different model, it’s persistence through reinfection,” he said.

The NSA’s guide also acknowledges that rebooting a phone works only sometimes. The agency’s guide for mobile devices has an even simpler piece of advice to really make sure hackers aren’t secretly turning on your phone’s camera or microphone to record you: don’t carry it with you.


Continue Reading


Brazil gears up for potential cyber-threats

Rim Zrein



Potential cyber-threats

Over the years, cybersecurity has increasingly become a major issue. Rightfully so, as multiple organizations have been compromised by cyberattacks within a matter of seconds, placing sensitive information in the hands of opportunistic tech criminals. 

However, Brazil isn’t taking any risk, as the country is prioritizing cybersecurity by creating a cyberattack response network, with the goal of encouraging fast action toward cyberattacks. 

The Federal Cyber Incident Management Network will embody the Institutional Security Office of the presidency, and will act as an entity under the federal government administration, according to a presidential decree signed on July 16. 

The network will also welcome public companies, mixed capital companies, and their subsidiaries to join the establishment on a voluntary basis. 

The formation of the cyber network will be supported by the Digital Government Secretariat (DGS). The DGS highlighted in the decree that the newly found cybersecurity network will aim at preventing potential cyber-threats, as well as provide speedy solutions to vulnerabilities being exploited.  

Although joining the network is not compulsory, DGS has hinted that public companies such as Dataprev, the government’s social security technology and information company, and Serpro, the federal data processing service, are expected to team up on this initiative. 

“Fostering cybersecurity at a national level needs to be accompanied by the promotion of a cybersecurity culture, encouraging an attitude shift among business leaders, away from cybersecurity as an information technology-related problem, to a more holistic outlook that values the role of cybersecurity in improving overall business efficiency and performance,” DGS stated within the presidential decree. 

Earlier in June, Brazil’s advancement in the latest Global Cyber Security Index by the United Nations is evident in its recent ranking.  

The country ranked 70th in 2018 on the list of countries with the highest cyber-security. Almost four years later, Brazil currently sits in 18th

The country has shown some of the best results when it comes to cybersecurity. Digital government, and management secretary Caio Mario Paes de Andrade stated that Brazil’s cyber’s development isn’t slowing down anytime soon. 

“The creation of the network will help the Brazilian federal government to further strengthen its role in confronting potential cyber-threats,” noted Andrade. 

According to Cyber Security Ventures, Cybercrime damages are estimated to exceed a staggering $6 trillion by 2021, as data is the building block for most economies around the globe.  

Cyber threats do not only harm businesses and governmental organizations, but they also target almost anything with a heartbeat or an electronic pulse.  

Warren Buffet, American business tycoon, investor, and philanthropist has previously warned countries that cyberattacks are the number one problem with mankind, describing it as a bigger threat to humanity, with nuclear weapons coming in second. 

However, as Brazil jumps on the cyber-security bandwagon, citizens of the country can rest assured as the country is in the process of building an infrastructure to protect itself and its big data from potentially being harmed.  

After all, you don’t bring a knife to a gunfight.  

Continue Reading