Apple iPhones of at least nine U.S. State Department officials have been compromised by an unidentified entity using NSO Group’s Pegasus spyware, according to a report by Reuters on Friday.
NSO Group in an email to The register said he blocked an anonymous customer’s access to his system after receiving a request for information about the incident, but has not yet confirmed whether his software was involved.
“Once the request was received, and before any investigation under our compliance policy, we decided to immediately terminate the access of affected customers to the system, due to the seriousness of the allegations,” said a door – words from NSO. The register in an email. “At this point, we have not received any information or phone numbers, or any indication that NSO tools were used in this case.”
The Israeli company, recently sanctioned by the United States for allegedly offering its intrusion software to repressive regimes and sued by Apple and Meta’s WhatsApp (Facebook) for allegedly supporting their customers’ hacking, said it would cooperate with any relevant government authority and convey what it learns from its investigation of the incident.
The spyware company insisted it was unaware of the targets designated by customers using its software.
“To clarify, the installation of our software by the customer is done through phone numbers. As previously stated, NSO technologies cannot work on US numbers (+1),” the spokesperson said. by NSO. “Once the software is sold to the licensed customer, NSO has no way of knowing who the target customers are, as such we were not and could not have known about this matter.”
According to Reuters, relevant State Department staff were based in or focused on Uganda-related issues and therefore had phone numbers with a foreign country prefix rather than the US prefix.
On November 23, when Apple announced its lawsuit against the NSO Group, the iPhone maker also said it would notify iPhone customers targeted by the state-sponsored hack. On the same day, Norbert Mao, lawyer and chairman of the Democratic Party in Uganda, posted on twitter that he had received an Apple threat notification.
In June, the Washington Post reported that NSO’s Pegasus software was involved in the attempted or successful hacking of 37 phones belonging to journalists and rights activists, including two women close to murdered Saudi journalist Jamal Khashoggi. The report says the results undermined NSO Group’s claims that its software was only licensed for fighting terrorists and for law enforcement.
The same month, the NSO Group released its 2021 Transparency and Accountability Report [PDF], in which the company insists that its software is used exclusively against groups that have few allies like terrorists, criminals and pedophiles.
“Myth: Pegasus is a mass surveillance tool,” the report states. “Fact: Data is collected only from individual and pre-identified suspected criminals and terrorists. “
Numerous reports from cybersecurity and human rights research groups have contradicted this claim, not to mention the UN, EU and US claims about the company.
A spokesperson for the US State Department declined The register asked for confirmation of the Reuters report, but said the State Department took its responsibility to protect its information seriously. We were also told that the Biden-Harris administration was working to limit the use of digital tools of repression.
NSO Group maintains that it has turned down $ 300 million in revenue to date based on unresolved human rights issues and that between May 2020 and April 2021 it turned down 15% of new business opportunities for the same reason .
The company, which does not name its customers in its transparency and accountability report but includes many unassigned approval citations on its products, has yet to release documents to verify its claims. ®