Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Pegasus Scandal Shows Risk of Israel’s Spy-tech Diplomacy: Experts

Reports that Israel-made Pegasus spyware has been used to monitor activists, journalists and politicians around the world highlight the diplomatic risks of nurturing and exporting “oppressive technology”, experts warned Monday.

Reports that Israel-made Pegasus spyware has been used to monitor activists, journalists and politicians around the world highlight the diplomatic risks of nurturing and exporting “oppressive technology”, experts warned Monday.

Private Israeli firm NSO Group has denied media reports its Pegasus software is linked to the mass surveillance of journalists and rights defenders, and insisted that all sales of its technology are approved by Israel’s defence ministry.

Founded in 2010 and based in Herzliya, north of Tel Aviv, NSO says it develops tools that allow governments to pursue criminals who might evade authorities through encrypted communications. 

But the Washington Post, the Guardian, Le Monde and other news outlets that collaborated on an investigation reported on a leaked list of up to 50,000 phone numbers believed to have been identified as people of interest by clients of NSO since 2016, not all of whom were hacked. 

NSO spokesman Oded Hershkovitz told Israel’s Army Radio the list of phone numbers was “not connected” to NSO, but rather to other companies and open-source software. 

“We didn’t receive until today a bit of evidence that on this list someone indeed was attacked by the Pegasus system,” Hershkovitz said.

The software enables phones to be infiltrated and tracked, with the microphone and camera activated remotely to monitor the user.

– ‘Incubator for oppressive technology’ –

Advertisement. Scroll to continue reading.

Israeli experts recalled the country’s long history of using the export of cutting edge weaponry to foster diplomatic relations, but warned that burgeoning sales of advanced surveillance systems could cause more harm than benefit. 

“Israeli weapons exports helped the country forge all kind of ties,” said Yoel Guzansky from the Institute for National Security Studies in Tel Aviv.

He cited quiet ties in the Middle East, Africa and Asia built through the weapons trade.

“Sometimes the damage is bigger than the benefit,” Guzansky told AFP. “Israel might be seen as someone who helps autocratic regimes suppress civil society.”

Jonathan Klinger, an Israeli cyber law attorney and privacy specialist, agreed, charging that “Israel is an incubator for oppressive technology”.

But he said “a big problem” is that NSO’s reported exports do not amount to a crime under Israeli law.

Klinger criticised what he called an “unfortunate business model,” helped by Israel’s readiness to test new surveillance systems on Palestinians in the occupied West Bank, Gaza and annexed east Jerusalem. 

But the market is substantial, he added, because “there’s a limited number of liberal democracies, and there’s more dictatorships worldwide.”

NSO’s Hershkovitz told Army Radio the firm is a “Zionist company that operates only from Israel”, and only with approval from the defence ministry.

Last month, NSO said it considers the “past human rights performance and governance standards” of its clients.

Contracts require customers to “respect human rights”, including “rights to privacy and freedom of expression,” NSO said.

As a result, NSO had blacklisted 55 countries and rejected more than $300 million in potential “opportunities”.

In 12 complaints it considered about the use of its product last year, NSO said one had resulted in termination of a contract.

– ‘Dark side’ –

The leaked list of potential hacking targets was obtained by rights group Amnesty International and Forbidden Stories, a Paris-based media non-profit organisation.

Israel’s defence ministry said it did not have access to information gathered by NSO’s clients.

Israel “approves the export of cyber products exclusively to governmental entities, for lawful use, and only for the purpose of preventing and investigating crime and counter terrorism,” it said.

NSO does not reveal which governments buy its products. 

But the reported list of targeted phone numbers were clustered in 10 countries including Azerbaijan, Bahrain, Morocco, Saudi Arabia and the United Arab Emirates.

Israel reached historic normalisation agreements with Bahrain, Morocco, Sudan and the UAE last year.

Guzansky said access to surveillance software was not the only reason for the deepening ties with Arab nations. “But of course, it helps,” he said.

Israeli concerns about NSO technology are not new. 

In 2019, then-head of the Israel Innovation Authority Aharon Aharon said he believed the firm was part of “the dark side” of technological advancement.

Israeli cybersecurity expert May Brooks-Kempler said that despite the outcry over NSO’s tools being used to possibly abuse rights, she did not think the company faced an existential threat.

“The customers of a company like that are government agencies,” she said.

“It may mean a bit more scrutiny by the [Israeli] ministry of defence, but at the end of the day, tyrants don’t care about global news outlets.”

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...