Israel’s national police force on Tuesday said it had found evidence pointing to improper use of sophisticated spyware by its own investigators to snoop on Israeli citizens’ phones.
The announcement came two weeks after an Israeli newspaper reported a string of instances of the police using the NSO Group’s Pegasus software to surveil protesters, politicians and criminal suspects without authorization from a judge. The report caused outrage in Israel and prompted the attorney general and lawmakers to launch investigations.
Last month, police said a preliminary internal investigation had found no evidence of misuse of the controversial spyware. But on Tuesday, the police said a secondary inspection “found additional evidence that changes certain aspects of the state of affairs.”
The statement made no mention of NSO, indicating that surveillance products developed by other Israeli firms might be under scrutiny. The company had no comment.
The police had previously denied the newspaper’s findings and said they operate according to the law.
In light of the police’s findings, Israel’s outgoing attorney general, Avichai Mandelblit, said he had instructed the police “to adopt procedures immediately in order to prevent breach of authority.” Mandelblit, who completed his six-year term on Tuesday, also said he instructed his fact-finding team to submit a report about allegations of unlawful surveillance of civilians by July 1.
NSO is Israel’s best-known maker of offensive cyberware, but it is far from the only one. Its flagship product, Pegasus, allows operators to seamlessly infiltrate a target’s mobile phone and gain access to the device’s contents, including messages and contacts, as well as location history.
NSO has faced mounting scrutiny over Pegasus, which has been linked to snooping on human rights activists, journalists and politicians across the globe.
In November, the U.S. Commerce Department blacklisted NSO, along with an Israeli competitor, Candiru, barring the company from using certain U.S. technologies, saying its tools had been used to “conduct transnational repression.”
Confirmed or presumed targets have included Mexican and Saudi journalists, the ex-wife of Dubai’s ruler, Palestinian human rights activists, Uganda-based U.S. diplomats and Finnish diplomats.
NSO does not identify its clients but says it sells its products only to state security agencies after receiving approval from Israel’s Defense Ministry. It says the products are intended to be used against criminals and terrorists and says it has strict safeguards in place to prevent abuses. Still, it says it does not control how its clients use the software and has no knowledge of who is targeted.
NSO says it has cut off several customers after discovering abuses but, comparing itself to other weapons makers, it says it cannot be held responsible for the actions of clients.
Related: Israel Spyware Firm NSO Operates in Shadowy Cyber World
Related: Journalists’ Phones Hacked via iMessage Zero-Day Exploit
Related: Spyware by Israel’s NSO Used Against Journalist: Amnesty
Related: Israel Court Rejects Amnesty Petition Against Spyware Firm NSO