Israeli Spyware Maker Is in Spotlight Amid Reports of Wide Abuses

TEL AVIV — A significant Israeli cyber-surveillance firm, NSO Group, got here below heightened scrutiny Sunday after a global alliance of information shops reported that governments used its software program to focus on journalists, dissidents and opposition politicians.

The Israeli authorities additionally confronted renewed worldwide stress for permitting the corporate to do enterprise with authoritarian regimes that use the spyware and adware for functions that go far afield of the corporate’s acknowledged purpose: concentrating on terrorists and criminals.

NSO strongly denied the claims.

NSO has attracted scrutiny since 2016, when the corporate’s software program was mentioned for use in opposition to a rights activist in the United Arab Emirates and a journalist in Mexico. Since then, The New York Times has reported that the software program was deployed in opposition to journalists, rights campaigners and policymakers in Mexico and Saudi Arabia. The new studies that appeared Sunday recommend that the agency’s software program has been used in opposition to extra individuals in extra international locations than had beforehand been reported.

Among different actions, the corporate is alleged to have bought a classy surveillance utility generally known as Pegasus that the journalism consortium mentioned seems to have been used to try to hack a minimum of 37 smartphones owned by journalists from international locations that embrace Azerbaijan, France, Hungary, India and Morocco. Separately, an individual acquainted with NSO contracts informed The Times that NSO techniques had been bought to the governments of Azerbaijan, Bahrain, India, Mexico, Morocco, Saudi Arabia and the U.A.E.

The allegations might escalate considerations that the Israeli authorities has abetted authorities abuses by granting NSO an export license to promote software program to international locations that use it to suppress dissent.

The accounts, printed by The Washington Post and an alliance of 16 different worldwide information shops, observe latest reporting by The Times that Israel permitted NSO to do enterprise with Saudi Arabia, and inspired it to maintain doing so even after the Saudi authorities was implicated in the 2018 assassination of a Saudi journalist and dissident, Jamal Khashoggi.

In an announcement, NSO mentioned: “We firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims. In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit.”

The Israeli prime minister’s workplace declined to remark, and the Israeli Defense Ministry mentioned it had not been given sufficient to time to answer a request for remark. The ministry has beforehand mentioned it will revoke export licenses granted to any Israeli firm that bought software program that contravened the phrases of the license, “especially after any violation of human rights.”

A constructing on the handle listed for NSO Group in Herzliya, Israel, in 2019.Credit…Corinna Kern for The New York Times

The new accusations heightened considerations amongst privateness activists that no smartphone consumer — even these utilizing software program like WhatsApp or Signal — is secure from governments and anybody else with the best cyber-surveillance tech.

Activists say that with out entry to surveillance-free communications, journalists will not have the ability to contact sources with out worry of exposing them to authorities retaliation. And rights campaigners can be unable to freely talk with victims of state-led abuses.

“Stop what you’re doing and read this,” tweeted Edward Snowden, the whistle-blower who leaked massive numbers of labeled data from the National Security Agency in 2013. “This leak is going to be the story of the year.”

The journalist consortium linked NSO to a leaked checklist of greater than 50,000 cellular numbers from greater than 50 international locations that it mentioned gave the impression to be proposed surveillance targets for the corporate’s shoppers. The alliance mentioned the checklist contained the numbers of a whole bunch of journalists, media proprietors, authorities leaders, opposition politicians, political dissidents, lecturers and rights campaigners.

The checklist was first obtained by Amnesty International, the human rights watchdog, and Forbidden Stories, a gaggle that focuses on free speech. They then shared the checklist with the journalists.

The consortium mentioned the numbers on the checklist embrace these of the editor of The Financial Times, Roula Khalaf; individuals near Mr. Khashoggi; a Mexican reporter who was gunned down on the road, Cecilio Pineda Birto; and journalists from CNN, The Associated Press, The Wall Street Journal, Bloomberg News and The New York Times.

Hatice Cengiz, Jamal Khashoggi’s fiancée, was reportedly focused utilizing Pegasus software program.Credit…Nicholas Kamm/Agence France-Presse — Getty Images

In an announcement posted on its web site, NSO mentioned the checklist of numbers had not come from its database. “Such data never existed on any of our servers,” the assertion mentioned.

“As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi,” the assertion continued. “We can confirm that our technology was not used to listen, monitor, track, or collect information regarding him or his family members mentioned in the inquiry.”

In an interview, the agency’s chief government and founder, Shalev Hulio, mentioned he had first been made conscious of the checklist in June, when 4 separate individuals informed him that hackers had been trying to promote a listing supposedly stolen from the corporate’s servers.

Mr. Hulio mentioned that NSO didn’t have any lively servers from which such information could possibly be stolen, and that from the second he noticed the checklist, he realized that it was “not a list of targets attacked by Pegasus, or something born out of Pegasus’ system or any other NSO product.” He mentioned the checklist appeared to have been produced by customers of a separate app referred to as HLR LookUp.

Calling the consortium story “flimsy from the start,” Mr. Hulio took points with the claims made in regards to the checklist of cellphone numbers.

“This is like opening up the white pages, choosing 50,000 numbers and drawing some conclusion from it,” he mentioned.

The Times journalists whose numbers are mentioned to be on the leaked checklist embrace Azam Ahmed, a former Mexico City bureau chief who has reported broadly on corruption, violence and surveillance in Latin America, together with on NSO itself; and Ben Hubbard, The Times’s bureau chief in Beirut, who has investigated rights abuses and corruption in Saudi Arabia and wrote a latest biography of the Saudi crown prince, Mohammed bin Salman.

In January 2020, Mr. Hubbard printed an account of a hacking try in opposition to his personal cellphone. Mr. Hulio denied Mr. Hubbard’s cellphone was attacked by Pegasus, and prompt he was the goal of a product made by a rival Israeli tech agency.

Michael Slackman, The Times’s assistant managing editor for worldwide information, mentioned: “Azam Ahmed and Ben Hubbard are talented journalists who have done important work uncovering information that governments did not want their citizens to know. Surveilling reporters is designed to intimidate not only those journalists but their sources, which should be of concern to everyone.”

With Nicole Perlroth, Mr. Ahmed helped lead Times reporting about how the Mexican authorities used the Pegasus utility in opposition to some of the nation’s most distinguished journalists, democracy advocates, corruption fighters and attorneys — and later in opposition to worldwide investigators introduced into the nation to analyze the tragic disappearance of dozens of college students, in addition to kin of the Mexican authorities’s personal interior circle after they started difficult authorities corruption.

The Times has additionally reported that Pegasus was deployed in Mexico in 2017 in opposition to policymakers and vitamin activists pushing for a soda tax in a rustic with critical well being issues associated to soda consumption, in addition to the political adversaries of prime Emirati officers.

Analysts from Amnesty International checked out 67 smartphones related to numbers on its leaked checklist and concluded that 24 had been contaminated by Pegasus, and that 13 extra had been focused. Tests on the remaining 30 proved inconclusive, the consortium mentioned.

Two of the focused telephones had been owned by Szabolcs Panyi and Andras Szabo, investigative reporters in Hungary who commonly cowl authorities corruption. Another belonged to Hatice Cengiz, the fiancée of Mr. Khashoggi, whose cellphone was penetrated in the times after his homicide.

Pegasus can permit spies to achieve entry to an contaminated cellphone’s laborious drive and consider photographs, movies, emails and texts, even on purposes that provide encrypted communication. The software program may let spies report conversations made on or close to a cellphone, use its cameras and find the whereabouts of its customers.

Ronen Bergman reported from Tel Aviv and Patrick Kingsley from Jerusalem.