Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Israeli Police: Possible Improper Surveillance by Our Own

Israel’s national police force on Tuesday said it had found evidence pointing to improper use of sophisticated spyware by its own investigators to snoop on Israeli citizens’ phones.

Israel’s national police force on Tuesday said it had found evidence pointing to improper use of sophisticated spyware by its own investigators to snoop on Israeli citizens’ phones.

The announcement came two weeks after an Israeli newspaper reported a string of instances of the police using the NSO Group’s Pegasus software to surveil protesters, politicians and criminal suspects without authorization from a judge. The report caused outrage in Israel and prompted the attorney general and lawmakers to launch investigations.

Last month, police said a preliminary internal investigation had found no evidence of misuse of the controversial spyware. But on Tuesday, the police said a secondary inspection “found additional evidence that changes certain aspects of the state of affairs.”

The statement made no mention of NSO, indicating that surveillance products developed by other Israeli firms might be under scrutiny. The company had no comment.

The police had previously denied the newspaper’s findings and said they operate according to the law.

In light of the police’s findings, Israel’s outgoing attorney general, Avichai Mandelblit, said he had instructed the police “to adopt procedures immediately in order to prevent breach of authority.” Mandelblit, who completed his six-year term on Tuesday, also said he instructed his fact-finding team to submit a report about allegations of unlawful surveillance of civilians by July 1.

NSO is Israel’s best-known maker of offensive cyberware, but it is far from the only one. Its flagship product, Pegasus, allows operators to seamlessly infiltrate a target’s mobile phone and gain access to the device’s contents, including messages and contacts, as well as location history.

NSO has faced mounting scrutiny over Pegasus, which has been linked to snooping on human rights activists, journalists and politicians across the globe.

In November, the U.S. Commerce Department blacklisted NSO, along with an Israeli competitor, Candiru, barring the company from using certain U.S. technologies, saying its tools had been used to “conduct transnational repression.”

Confirmed or presumed targets have included Mexican and Saudi journalists, the ex-wife of Dubai’s ruler, Palestinian human rights activists, Uganda-based U.S. diplomats and Finnish diplomats.

NSO does not identify its clients but says it sells its products only to state security agencies after receiving approval from Israel’s Defense Ministry. It says the products are intended to be used against criminals and terrorists and says it has strict safeguards in place to prevent abuses. Still, it says it does not control how its clients use the software and has no knowledge of who is targeted.

NSO says it has cut off several customers after discovering abuses but, comparing itself to other weapons makers, it says it cannot be held responsible for the actions of clients.

RelatedIsrael Spyware Firm NSO Operates in Shadowy Cyber World

RelatedJournalists’ Phones Hacked via iMessage Zero-Day Exploit

Related: Spyware by Israel’s NSO Used Against Journalist: Amnesty

Related: Israel Court Rejects Amnesty Petition Against Spyware Firm NSO

Related: NSO Group: Israeli Firm Accused of Cyberespionage

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack