Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Victim of Private Spyware Warns It Can be Used Against US

Months after her father was lured back to Rwanda under false pretenses and jailed, Carine Kanimba discovered her own phone had been hacked using private spyware.

Months after her father was lured back to Rwanda under false pretenses and jailed, Carine Kanimba discovered her own phone had been hacked using private spyware.

Kanimba is the youngest daughter of Paul Rusesabagina, who is credited with saving more than 1,200 lives during the 1994 Rwandan genocide in a story that inspired the movie “Hotel Rwanda.” An opponent of Rwandan President Paul Kagame, Rusesabagina is now serving a 25-year prison sentence on charges that he has dismissed as politically motivated.

Researchers have alleged Pegasus was used to spy on Kanimba and her cousin as Rusesabagina’s family was advocating for his release from Rwanda, which received $160 million in foreign aid from the United States in the last budget year.

“Unless there are consequences for countries and their enablers which abuse this technology, none of us are safe,” she told the House Intelligence Committee on Wednesday.

Kanimba and technology experts urged Congress to oppose the use of commercial spyware in the U.S. and discourage investment in spyware that has been used to hack the phones of dissidents, journalists, and even U.S. diplomats.

Pegasus infiltrates phones to control their camera and microphone and siphon off data without requiring the user to click on a malicious link. It is part of a burgeoning international market for states to acquire cyber tools that were once available only to the most technically advanced governments. Researchers at Google have identified at least 30 vendors selling “zero click” exploits or other spyware.

NSO Group says its software can’t be activated against phone numbers with a U.S. country code unless used by an American agency. But there are several documented reports of American officials and citizens having their data captured by Pegasus.

Advertisement. Scroll to continue reading.

One committee member, Rep. Jim Himes, D-Conn., suggested that off-the-shelf spyware felt “like a very serious threat to our democracy and to democracies around the world.” Himes questioned whether spyware could be deployed from another country against American officials and he criticized companies that invest in it.

Among the investors in a private equity firm that held majority ownership of NSO Group were the Oregon state employee pension fund and the Alaska Permanent Fund Corporation.

U.S. officials and many lawmakers in both parties are concerned about foreign interference in future elections and the prospect of Americans trying to overturn a lawful vote by force.

“Nobody, not Mike Pence, not Nancy Pelosi, not Kevin McCarthy … are immune from having their most private deliberations watched,” Himes said. “And that may be just enough to interfere in our elections, just enough to end our democracy.”

U.S. law enforcement and intelligence agencies have long been in the market themselves for ways to hack into phones.

The Biden administration last year imposed export limits on NSO Group and three other firms. But the FBI has acknowledged buying a license for Pegasus for what it said was “product testing and evaluation only.” While spyware companies make huge profits in the Middle East and Europe, it is American business and investment that “legitimizes what they’re doing,” said John Scott-Railton, senior researcher at Citizen Lab, which has long studied how the programs work.

“Doing business with the U.S. government, getting acquired by a U.S. company or even doing business with an American police department is the golden price for many in the spyware industry,” he said. “As long as that remains as a possibility for problematic actors, they’re going to get support from investors.”

The committee is pushing U.S. spy agencies to “decisively act against counterintelligence threats posed by foreign commercial spyware,” according to the public version of its latest bill authorizing intelligence activities. The bill, which has not yet been voted on by the full House, proposes that the director of national intelligence “may prohibit” individual U.S. agencies from acquiring or using foreign commercial spyware.

But the bill would also allow any intelligence agency chief to seek a waiver from the director if the waiver “is in the national security interest of the United States.”

In a statement, NSO Group noted that the discussion over spyware “at times lacks balance (by) intentionally omitting their lifesaving benefits.”

“NSO reiterates that it thoroughly investigates any claim for illegal use of its technology by customers, and terminates contracts when illegal use is found,” the company said. “Nonetheless, it is critical to consider the benefits and alternatives to these critical technologies.”

Kanimba testified that she was alerted last year by a collective of journalists working with Citizen Lab and Amnesty International that there was reason to believe that she had been spied on. A subsequent forensic analysis of her phone revealed that she had been targeted by Pegasus spyware, she said.

She said the surveillance was triggered as she walked with her mother into a meeting with Belgium’s minister of foreign affairs – Rusesabagina holds Belgian citizenship and U.S. residency – and was active during calls with the State Department and with the office of the U.S. government’s special presidential envoy for hostage affairs.

Her family lives in San Antonio. Democratic Rep. Joaquin Castro, a committee member who represents that city, noted that his office’s communications may have been captured by Rwanda because he was advocating for Rusesabagina’s release.

The Rwandan Embassy in Washington did not respond to a request for comment.

Rusesabagina was sentenced for terrorism offenses related to his alleged links to the armed wing of his opposition political platform. Rusesabagina has denied supporting violence and called the verdict a “sham.”

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: US Puts New Controls on Israeli Spyware Company NSO Group

Related: Apple Ships Urgent Patch for FORCEDENTRY Zero-Days

Related: Apple Confirms New Zero-Day Attacks on Older iPhones

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...