US State Department Phones Hacked with Israeli Spyware
APPLE Inc iPhones of at least nine US State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.
The hacks, which took place in the last several months, hit US officials either based in Uganda or focused on matters concerning the East African country, two of the sources said.
The intrusions represent the widest known hacks of US officials through the Jewish company’s technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried, or if they succeeded.
Sources did not reveal the party or parties using the Israeli software, though it is sold freely to governments and intelligence agencies, and presumably would be at the disposal of any group deemed ‘acceptable” to the Jewish owners and management. The company have repeatedly been criticized for selling their hacking technology to states viewed by many as “rogue” or oppressive. It is not known if the software has “back doors” allowing the company, or the Jewish state, to spy on the targets chosen by their customers — or on the customers themselves.
NSO Group said in a statement on Thursday that it “did not have any indication” their tools were used. NSO has long said it only sells its products to government law enforcement and intelligence clients, helping them to “monitor security threats,” and is not directly involved in surveillance operations. According to National Vanguard editor Rosemary Pennington, “defining ‘security threats’ is highly arbitrary, of course — one man’s whistleblower or freedom fighter or dissident writer may be the Jewish state’s, or an NSO customer’s, ‘security threat.’”
Officials at the Uganda embassy in Washington did not comment. A spokesperson for Apple declined to comment on the fact that their phones and computers have been almost totally open, for years now, to conversion into Israeli “total surveillance” devices at the beck and call of any customer willing to pay enough to the Jewish firm making the software. “Apple’s efforts to close these vulnerablilities never seem work for long,” one observer stated.
A US State Department spokesperson also declined to comment on the intrusions, instead pointing to the Commerce Department’s recent decision to place the Israeli company on an “entity list,” making it harder — though far from impossible — for US companies to do business with them.
NSO Group and another spyware firm were “added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” the Commerce Department said in an announcement last month.
NSO software is capable of not only capturing encrypted messages, photos and other sensitive information from infected phones, but also turning them into recording devices to monitor surroundings, based on the Jewish company’s own product manuals.
Apple’s alert to affected users did not name the creator of the spyware used in this hack.
The victims notified by Apple included American citizens and were easily identifiable as US government employees because they associated email addresses ending in state.gov with their Apple IDs, two of the people said.
They and other targets notified by Apple in multiple countries were infected through the same graphics processing vulnerability that Apple did not learn about and fix until September, the sources said.
Since at least February, this software flaw allowed some NSO customers to take control of iPhones simply by sending invisible yet tainted iMessage requests to the device, researchers who investigated the espionage campaign said.
The victims would not see or need to interact with a prompt for the hack to be successful. Versions of NSO surveillance software, commonly known as Pegasus, could then be installed.
In a public response, NSO has said its technology helps “stop terrorism” and that they’ve installed controls to curb spying against “innocent targets.” The company did not explain how “innocent targets” are to be defined, nor who shall define them.
For example, NSO says its intrusion system “cannot work” on phones with US numbers beginning with the country code +1. “That’s a transparent ruse,” says Pennington. “All a user, or NSO, would have to do is change one line of code to render that ‘protection’ dead in the water.”
In the Uganda case, the targeted State Department employees were using iPhones registered with foreign telephone numbers, said two of the sources, without the US country code.
An unnamed Biden Administration official added that the government has seen “systemic abuse” in multiple countries involving NSO’s Pegasus spyware.
Sen. Ron Wyden, who is on the Senate Intelligence Committee, said: “Companies that enable their customers to hack US government employees are a threat to America’s national security and should be treated as such.”
Historically, some of NSO Group’s best-known past clients included Saudi Arabia, the United Arab Emirates and Mexico.
The Israeli Ministry of Defense must approve export licenses for NSO, which has close ties to Israel’s defense and intelligence communities, to sell its technology internationally.
In a statement, the Israeli embassy in Washington said that targeting American officials would be a “serious breach of its rules.” These are the same people who told us that the Israeli attack on the USS Liberty was a “mistake.”
* * *
Source: wire service reports and National Vanguard correspondents