19 July 2021 — Moon of Alabama
A number of international papers report today on the Israeli hacking company NSO which sells snooping software to various regimes. The software is then used to hijack the phones of regime enemies, political competition or obnoxious journalists. All of that was already well known but the story has new legs as several hundreds of people who were spied on can now be named.
How that came to pass is of interest:
The phones appeared on a list of more than 50,000 numbers that are concentrated in countries known to engage in surveillance of their citizens and also known to have been clients of the Israeli firm, NSO Group, a worldwide leader in the growing and largely unregulated private spyware industry, the investigation found.
The list does not identify who put the numbers on it, or why, and it is unknown how many of the phones were targeted or surveilled. But forensic analysis of the 37 smartphones shows that many display a tight correlation between time stamps associated with a number on the list and the initiation of surveillance, in some cases as brief as a few seconds.
Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International, a human rights group, had access to the list and shared it with the news organizations, which did further research and analysis. Amnesty’s Security Lab did the forensic analyses on the smartphones.
The numbers on the list are unattributed, but reporters were able to identify more than 1,000 people spanning more than 50 countries through research and interviews on four continents.
Who might have made such a list and who would give it to Amnesty and Forbidden Stories?
NSO is one of the Israeli companies that is used to monetize the work of the Israel’s military intelligence unit 8200. ‘Former’ members of 8200 move to NSO to produce spy tools which are then sold to foreign governments. The license price is $7 to 8 million per 50 phones to be snooped at. It is a shady but lucrative business for the company and for the state of Israel.
NSO denies the allegations that its software is used for harmful proposes with a lot of bullshittery:
The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the “unidentified sources” have supplied information that has no factual basis and are far from reality.
After checking their claims, we firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims. In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit.
The reports make, for example, the claim that the Indian government under Prime Minister Narendra Modi has used the NSO software to spy on the leader of the opposition party Rahul Gandhi.
How could NSO deny that allegation? It can’t.
Further down in the NSO’s statement the company contradicts itselfon the issues:
As NSO has previously stated,
our technology was not associated in any way with the heinous murder of Jamal Khashoggi. We can confirm that our technology was not used to listen, monitor, track, or collect information regarding him or his family members mentioned in the inquiry. We previously investigated this claim, which again, is being made without validation.
We would like to emphasize that NSO sells it technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts. NSO does not operate the system and has no visibility to the data.
How can NSO deny that the Saudi government, one its known customers, used its software for spying on the then murdered Jamal Khashoggi when it ‘does not operate the system’ and ‘has no visibility to the data’?
You can’t claim both a. assure knowledge and b. to have no way to have gained it.
But back to the real issue:
- Who has the capacity to make a list of 50,000 phone numbers that include at least 1,000 who were spied on with NSO’s software?
- Who can ‘leak’ such a list to some NGO and make sure that lots of ‘western’ media jump onto it?
- Who has an interest in shutting NSO down or to at least make its business more difficult?
The competition I’d say. And the only real one in that field is the National Security Agency of the United States.
The U.S. often uses ‘intelligence’ as a kind of diplomatic currency that keeps other countries dependent on it. If the Saudis have to ask the U.S. for snooping on someone it is much easier to have influence over them. NSO is disturbing that business. There is also the problem that the first class spying software NSO is selling to somewhat shady customers might well fall into the hands of some big U.S. adversary.
The ‘leak’ to Amnesty and Forbidden Stories is thus an instrument to keep some monopolistic control over client regimes and over spying technology. (The Panama Papers were a similar kind of U.S. sponsored ‘leak’, only in the financial field.)
Edward Snowden, who once was committed NSA supporter but leaked NSA documents because he wanted it to stick to the law, is supporting this campaign:
Edward Snowden @Snowden – 16:28 UTC · Jul 18, 2021
Stop what you’re doing and read this. This leak is going to be the story of the year:
There are certain industries, certain sectors, from which there is no protection. We don’t allow a commercial market in nuclear weapons. If you want to protect yourself you have to change the game, and the way we do that is by ending this trade.
Snowden seems to say that NSO, which sells it software only to governments, should stop doing so but that the NSA should continue the use of such spying instrument:
Speaking in an interview with the Guardian, Snowden said the consortium’s findings illustrated how commercial malware had made it possible for repressive regimes to place vastly more people under the most invasive types of surveillance.
Snowden’s opinion on this is kind of strange:
chinahand @chinahand – 17:28 UTC · Jul 19, 2021
fascinating how Mr “US state surveillance is the greatest threat to humanity” gets worked up about the fact that a bit of state surveillance is apparently outsourced to a private contractor by mid and low tier state actors.
Edward Snowden @Snowden – 17:06 UTC · Jul 19, 2021
Read about the Biden, Trump, and Obama officials who accepted blood money from the NSO group to bury any efforts at accountability — even *after* their involvement in the death and detention of journalists and rights defenders around the world!
The uproar in the the media created by the NSO revelation is already having the desired effect:
Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli surveillance vendor NSO Group, Amazon said in a statement.
The move comes as a group of media outlets and activist organizations published new research into NSO’s malware and phone numbers potentially selected for targeting by NSO’s government clients.
“When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” an AWS spokesperson told Motherboard in an email.
AWs has for years known about NSO’s activities. NSO has been using CloudFront, a content delivering network owned by Amazon:
CloudFront infrastructure was used in deployments of NSO’s malware against targets, including on the phone of a French human rights lawyer, according to Amnesty’s report. The move to CloudFront also protects NSO somewhat from researchers or other third parties trying to unearth the company’s infrastructure.
“The use of cloud services protects NSO Group from some Internet scanning techniques,” Amnesty’s report added.
That protection is no longer valid. NSO will have quite some problems to replace such a convenient service.
Israel will whine about it but it seems to me that the U.S. has decided to shut NSO down.
For you and me that will only marginally lower the risk of being spied on.