Amnesty International alleges Israeli spyware linked to Saudi Arabia

The malicious messages arrived in June and appeared to target human rights activists.

By
August 1, 2018 20:45
3 minute read.
Computer hacking

Computer hacking (illustrative). (photo credit: REUTERS)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

The report released Wednesday coincided with a second report from Citizen Lab, an interdisciplinary lab that deals with information technology and human rights, which examined the suspicious messages and corroborated Amnesty’s findings. “The SMS messages contain domain names pointing to websites that appear to be part of NSO Group’s Pegasus infrastructure.”

NSO Group “develops mobile device surveillance software. The software called Pegasus developed by the company can be used to record conversations and gain access to photos, text messages and websites viewed from a smartphone,” according to Bloomberg.

Be the first to know - Join our Facebook page.


The company was founded in 2010 and is based in Herzliya, Israel. Calcalist reported that NSO’s co-founder has asserted the company only sells to “government bodies that are defined as legitimate.”

The malicious messages arrived in June and appeared to target human rights activists. The messages ostensibly provided information about a protest or court case that lured the potential victim to click on a link. One message even mimicked an Amnesty report title about Saudi Arabia’s lifting the ban on women driving.

Amnesty, which focuses on global human rights abuses, investigated the origin of the text messages and the sites they linked to. “These messages carried links to domains which we identified as part of that same network infrastructure used by NSO Group.

AMNESTY CLAIMS that human rights organization have documented cases where surveillance has been used contrary to international human rights law. In this case, the result of the attempted targeting is unclear. The organization says that in one case it was unable “to confirm whether this [message and link] was also carrying a link connected to known NSO Group’s infrastructure.”

In another case they attempted to open a link to “activate the infection” but the link went to a “legitimate Saudi Arabian news site.” This is because advanced spyware seeks to verify if the device it is connecting to is the intended recipient, Amnesty notes. This would prevent spyware, for instance, to spread uncontrolled, the way the Stuxnet malicious computer worm apparently did.

JPOST VIDEOS THAT MIGHT INTEREST YOU:


Citizen Lab claims that NSO’s software allows the operator to spy on the activity of the user of a device. For instance, it could turn on the device’s webcam and microphone, “to record calls and log messages in mobile chat apps and to track the device’s movements.” This would help a government track down a wanted terrorist, but it could also allow monitoring of dissidents.

Citizen Lab claims there is a growing list of “abusive misuse of NSO Group’s spyware.” This includes cases in Saudi Arabia, the UAE, Panama and Mexico. However, the report does not allege that the company is responsible, or that governments are responsible.

In July, Reuters reported that a “former employee of cyber surveillance company NSO Group has been charged with stealing intellectual property and trying to sell it for $50 million over the Darknet.” Israel’s Justice Ministry said that this could harm state security.

The Amnesty report goes to great lengths to show that the domain names associated with the spyware “were registered between Sundays and Thursdays, which matches the Israeli work week.” It also made a graph showing that the domains were registered mostly from 6 to 10 p.m. “in Tel Aviv’s time zone.” Some were also registered from 1 to 3 a.m. Almost none were registered on Saturday.

Israel, because it is a tech center known for innovation and with a reputation for sometimes cutting corners, has been at the center of some of these stories. As far back as 2003, Bloomberg reported that an Israeli technology had helped Saudi Arabia track down jihadists. Bloomberg also revealed in July of last year a second Israeli company that specialized “in the development of tailor-made innovative solutions for law enforcement, intelligence agencies and national security organizations.”

The murky stories join a series of recent cases of hacking between governments as part of international disputes in the region. Governments and others have also targeted dissidents and rivals. In June 2017, Qatar claimed its state news agency was hacked to spread positive stories about Iran and Israel. A fundraiser in the US alleged in May that Qatar coordinated with “ex-spies and influential Qataris” to hack his emails. Hackers also targeted the UAE ambassador.

This is the high stakes game of cybersecurity that now plays out globally.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

File: Jordan's King Abdullah II greets Israeli Prime Minister Netanyahu at the White House in Washin
October 22, 2018
Is Israel’s position in region as secure as it looks?

By SETH J. FRANTZMAN