Photo: Illustration: Ali Assaf/Guardian Design
Readers in search of a full accounting of Israel’s role in the creation and distribution of the spyware will be disappointed, but this article does shine a certain light on the facts missing from the ‘revelations.’
21 July 2021 | Bethan McKernan and Paul Lewis | The Guardian
Israel’s government is reportedly setting up a task force to manage the fallout from Pegasus project revelations about the use of spying tools sold to authoritarian governments by the Israeli surveillance firm NSO Group.
A team including representatives from the defence ministry, ministry of justice, foreign ministry, military intelligence and the Mossad, the national intelligence agency, is poised to conduct an investigation into whether “policy changes” are needed regarding sensitive cyber exports, several Israeli media outlets reported on Tuesday night, quoting unnamed officials.
The reports come as diplomatic pressure mounts on Israel over concerns the government has enabled abuses by repressive states around the world by granting NSO export licences for the spyware.
There are also questions about whether Israeli intelligence agencies have been able to access information gathered by NSO’s clients – which both Israel and the surveillance company strongly deny.
Officials’ fears also appear to be centred around how the Pegasus project disclosures will affect other Israeli companies and the future of Israel’s cutting-edge cyberweapons industry.
“This is a very significant event … We are trying to understand its full significance,” an unnamed official told Maariv News.
A spokesperson for the Israeli prime minister’s office declined to comment on whether a task force was being set up.
The Pegasus project, a consortium of media including the Guardian, Washington Post, Die Zeit, Süddeutsche Zeitung and Le Monde, revealed on Sunday that government clients around the world had used hacking software developed and sold by NSO to target human rights activists, journalists and lawyers.
The investigation has been based on forensic analysis of phones and analysis of a massive leak of 50,000 numbers. The fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus or was infiltrated with NSO’s software. The list does not identify who put the numbers on it or how many were targeted or compromised.
In multiple statements, NSO has denied that the list was purely for surveillance purposes.
“It is not a list of targets or potential targets of NSO’s customers, and your repeated reliance on this list and association of the people on this list as potential surveillance targets is false and misleading,” NSO said. The company said it may be part of a larger list of numbers that might have been used by NSO Group customers “for other purposes”.
But the list is believed to provide insights into those identified as persons of interest by government clients of NSO. It includes people whose phones showed traces of NSO’s signature phone-hacking spyware, Pegasus, according to forensic analysis of their devices.
The wider Pegasus project investigation found NSO has close links to the Israeli state, and in 2017 was given explicit permission by the Israeli government to try to sell the hacking tools to Saudi Arabia in a deal reportedly worth at least $55m.
The 10 countries that the analysis of the leak and forensic analysis of phones suggest have been using the technology, which include India and Hungary, all enjoy trade relations with Israel or diplomatic ties that have improved in recent years. NSO declines to confirm or deny which governments it sells its technology to, but states that its tools only go to carefully vetted military, intelligence and law enforcement agencies.
The Pegasus project reporting marks an early diplomatic crisis for Israel’s new, ideologically diverse coalition government, headed by Naftali Bennett. The majority of the findings correlate with the lengthy tenure of his predecessor as prime minister Benjamin Netanyahu.
As well as activists, lawyers and journalists, the leaked database includes the mobile phone numbers of many government officials, including the French president, Emmanuel Macron, and 13 other heads of state and heads of government.
The appearance of a number on the leaked list – which includes numbers selected by governments that are clients of NSO – does not mean it was subject to an attempted or successful hack.
However, on Tuesday it emerged that the iPhone of François de Rugy, who was France’s environment minister at the time his number appeared on the list, showed digital traces of activity associated with Pegasus, according to forensic analysis of the phone conducted by Amnesty International’s Security Lab.
The analysis showed the advent of a Pegasus-related iMessage lookup, in July 2019. It occurred fifteens seconds after his number appears in the leaked data.
An NSO spokesperson said Macron, De Rugy and other French ministers whose numbers appear in the data “are not and never have been Pegasus targets”. “It is not a list of targets or potential targets of NSO’s customers,” they added.Advertisementhttps://8f7393a578828f70e89554c648a1b1db.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Lawyers for NSO have repeatedly insisted the leaked data has “no relevance” to the company.
The South African president, Cyril Ramaphosa, and the Pakistani prime minister, Imran Khan, are also listed in the data, which includes diplomats, military chiefs and senior politicians from 34 countries.
NSO states that its government clients are contractually required to only use their technology for legitimate investigations into crime and terrorism, but it concedes that customers may have misused the software.
In his only public comments since the launch of the Pegasus project, Shalev Hulio, the founder and chief executive of NSO, said he continued to dispute that the leaked data “has any relevance to NSO”, but added that he was “very concerned” about the reports and promised to investigate them all. “We understand that in some circumstances our customers might misuse the system,” he said.