Spyware Created by Israeli Firm Used to Hack U.S. Officials’ iPhones

Multiple news outlets reported that Apple has been revealed by multiple outlets on Friday notifiedAt least 11 U.S. State Department officers reported that their iPhones had been hacked by an unknown party, or parties using spyware created by the private Israeli company NSO Group.

The “bombshell,” first reportedBy Reuters, comes after Apple suedNSO Group formed last month in an effort protect iPhone users from its Pegasus spyware. The Israeli firm claims it sells only to government law enforcement agencies. This was the focus for a major reporting project earlier in the year.

Citing multiple sources that are not named The Washington Post Reuters explained that State Department employees based in Uganda or elsewhere in East Africa were targeted over several months, and the intrusions “represent the widest known hacks of U.S. officials through NSO technology.”

According to The Reuters:

A senior Biden administration official spoke on condition that he not be identified. He said that the administration was taking steps to protect U.S. personnel overseas and was pursuing new global discussions about spying limits.

The official added that they have seen “systemic abuse” in multiple countries involving NSO’s Pegasus spyware.

In a statement that was reported by the Post that “we have been acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to U.S. personnel, which is one of the reasons why the Biden-Harris administration has placed several companies involved in the development and proliferation of these tools on the Department of Commerce’s Entity List.”

Spokespeople from Apple and the State Department declined comment ReutersThe latter noted, however, that the Commerce Department had recently been added NSO Group to the Entity List “based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”

Officials from the Ugandan Embassy in Washington, D.C. didn’t comment, but the Israeli Embassy made a statement. Reuters addressing the fact that Israel’s Ministry of Defense approves export licenses for the spyware company.

“Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes,” an Israeli spokesperson said. “The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions.”

An NSO Group spokesperson told the news agency that the relevant accounts were canceled and if an internal investigation finds that “these actions indeed happened with NSO’s tools,” the involved customers “will be terminated permanently and legal actions will take place.” The representative added that the company will “cooperate with any relevant government authority and present the full information we will have.”

Facebook sued NSO in 2019, claiming the Israeli firm’s spyware was used on its messaging service WhatsApp.

“We’ve been calling NSO a national security threat for years,” Will Cathcart, head of WhatsApp, tweeted Friday. “This reporting shows — again — why we need to hold NSO accountable for their actions, and why governments need to support increased security online.”

John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto, also responded to the revelations on Twitter, saying that NSO Group has been an “in-plain-sight national security threat for years” and it is “embarrassing that it took a private company to warn them.”

“Are there victims not notified by Apple?” he asked. “How about the overseas-posted personnel using Androids? Does it? [the State Department]Do you want to know now? A multi-agency investigation is immediately needed.”

The same was said by Sen. Ron Wyden, D-Ore. Post that “companies that enable their customers to hack U.S. government employees are a threat to America’s national security and should be treated as such by the government.”

“I want to be sure the State Department and the rest of the federal government has the tools to detect hacks and respond to them quickly,” added Wyden, a member of the Senate Intelligence Committee. “Federal agencies shouldn’t have to rely on the generosity of private companies to know when their phones and devices are hacked.”

Apple filed a lawsuit against NSO Group in California last month. The suit alleges that NSO Group violated its terms and conditions, as well as federal and state laws. Apple is seeking a permanent order to prohibit the firm’s use of its devices, software, and services.

The suit was made after the Pegasus Project — an investigation into NSO’s spyware published in July by more than 80 journalists from 17 media organizations in 10 countries. Forbidden Stories coordinated the project, with technical support by Amnesty International. It focused on the leakage of 50,000 telephone numbers of potential surveillance targets, including journalists and heads of state.

Pegasus Project is a worldwide success story callsfor an immediate moratorium of the export, sale and transfer of such spyware. Exiled American whistleblower Edward Snowden — whose leaked documents revealed that in 2007, Israel was flagged as a top espionage threat against the U.S. government — went further, saying in July that NSO Group’s industry “should not exist.”