Israeli firm's spyware 'being used by govts to commit abuses'

A woman outside the building housing the NSO Group in Israel. A journalism consortium says NSO Group's surveillance application appears to have been used to attempt to hack at least 37 smartphones owned by journalists from various countries. PHOTO: A
A woman outside the building housing the NSO Group in Israel. A journalism consortium says NSO Group's surveillance application appears to have been used to attempt to hack at least 37 smartphones owned by journalists from various countries. PHOTO: AGENCE FRANCE-PRESSE

TEL AVIV • A major Israeli cyber surveillance company, NSO Group, has come under heightened scrutiny after an international alliance of news outlets reported that governments used its software to target journalists, dissidents and opposition politicians.

The Israeli government also faced renewed international pressure for allowing the company to do business with authoritarian regimes that use the spyware for purposes that go far afield of the company's stated aim: targeting terrorists and criminals.

NSO strongly denied the claims. It has attracted scrutiny since 2016, when its software was said to have been used against a rights activist in the United Arab Emirates and a journalist in Mexico.

Since then, The New York Times has reported that the software was being deployed against journalists, rights campaigners and policymakers in Mexico and Saudi Arabia. The new reports that appeared on Sunday suggest that the firm's software has been used against more people in more countries than had previously been reported.

Among other actions, NSO is said to have sold a sophisticated surveillance application known as Pegasus that the journalism consortium said appears to have been used to attempt to hack at least 37 smartphones owned by journalists from countries including Azerbaijan, France, Hungary, India and Morocco.

The Washington Post reported that some of the phones suspected to be infected were in Singapore. However, this does not mean that a country's government is a client.

Separately, a person familiar with NSO contracts told The New York Times that NSO systems were sold to the governments of Azerbaijan, Bahrain, India, Mexico, Morocco, Saudi Arabia and the UAE. The allegations may escalate concerns that the Israeli government has abetted government abuses by granting NSO an export licence to sell software to countries that use it to suppress dissent.

In a statement, NSO said: "We firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims. In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit."

The new accusations have heightened concerns among privacy activists that no smartphone user - even those using software such as WhatsApp or Signal - is safe from governments and anyone else with the right cyber surveillance tech.

The journalist consortium linked NSO to a leaked list of more than 50,000 mobile numbers from more than 50 countries that it said appeared to be proposed surveillance targets for the company's clients. The list was first obtained by Amnesty International, a human rights watchdog, and Forbidden Stories, a group that focuses on free speech. They then shared the list with the journalists.

Activists say that without access to surveillance-free communications, journalists will no longer be able to contact sources without fear of exposing them to government retaliation. And rights campaigners will be unable to freely communicate with victims of state-led abuses.

"Stop what you're doing and read this," tweeted Mr Edward Snowden, the whistle-blower who leaked large numbers of classified data from the US National Security Agency in 2013. "This leak is going to be the story of the year."

NYTIMES

A version of this article appeared in the print edition of The Straits Times on July 20, 2021, with the headline 'Israeli firm's spyware 'being used by govts to commit abuses''. Subscribe