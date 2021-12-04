



Israeli spyware developer NSO Group has faced growing legal pressure and controversy as its hacking tools continue to be abused by repressive regimes and law enforcement agencies around the world. Today, Apple informed a large number of iPhone users, including at least nine employees of the US State Department, that their devices have been compromised in recent months by unidentified hackers using NSO tools.

Sources told Reuters, which first reported the news, that relevant U.S. government officials were working in Uganda or on matters related to the country. Ugandan politicians were also apparently targeted in the campaign. Attacks using NSO’s Pegasus spyware, which runs on both Apple’s iOS mobile operating system and Google’s Android operating system, have been detected for years. Once installed on a device, Pegasus can track the user’s location, activate their microphone, steal data, and more.

This latest example of abuse underscores exactly what privacy and human rights advocates have long warned: that NSO does not have adequate controls in place to limit how its clients use information. powerful tools he sells. And that the company’s repeated assurances to the contrary, including that its spyware cannot be used against devices registered with a US phone number, ring hollow.

Once the software is sold to the customer under license, NSO has no way of knowing who the customer targets are. As such, we were not and could not have known about this matter, NSO Group spokesman Liron Bruck said in a statement, adding that the company has decided to immediately terminate the access of the customers concerned to the system. The statement went on to say that they had no indication that NSO tools were used in this case.

This plausible deniability claim is common to NSO Group. In an interview with Forbes in July, CEO Shalev Hulio compared his company to an automaker who sells a car to someone who later drives drunk. But the powerful spyware used by governments is far from an automobile, and critics at NSO say the company has never done enough to curb the inevitable abuse its flagship invites.

To the extent that NSO’s claims about limiting the targeting of its customers were even credible, it shows that the guardrails in NSO’s product were insufficient, says Jake Williams, a stakeholder and former NSAhacker. It was quite predictable. When governments are sold off capabilities by the NSO and have unfulfilled intelligence requirements, we absolutely must expect these governments to use whatever tool is available to them.

The secure messaging app WhatsApp, owned by Facebook parent company Meta, sued NSO Group in 2019 after its tools were allegedly used to hack thousands of victims while exploiting the service. Apple joined the fray with its own costume last week. And in early November, the US Department of Commerce sanctioned NSO Group for abusing its Pegasus spyware.

You have to wonder if these State Department attacks are the reason NSO was sanctioned, Williams says.

