This year marks a record for the discovery of so-called zero days, secret software flaws like the one that NSO used to install its spyware.
Shalev Hulio, a co-founder of NSO Group, vehemently denied the list’s accuracy, telling The Times, “This is like opening up the white pages, choosing 50,000 numbers and drawing some conclusion from it.”
It also included 14 heads of state, including President Emmanuel Macron of France, President Cyril Ramaphosa of South Africa, Prime Minister Mostafa Madbouly of Egypt, Prime Minister Imran Khan of Pakistan, Saad-Eddine El Othmani, who until recently was the prime minister of Morocco, and Charles Michel, the head of the European Council. The consortium did not disclose how it had obtained the list, and it was unclear whether the list was aspirational or whether the people had actually been targeted with NSO spyware.Īmong those listed were Azam Ahmed, who had been the Mexico City bureau chief for The Times and who has reported widely on corruption, violence and surveillance in Latin America, including on NSO itself and Ben Hubbard, The Times’s bureau chief in Beirut, Lebanon, who has investigated rights abuses and corruption in Saudi Arabia and wrote a recent biography of the Saudi crown prince, Mohammed bin Salman. In July, NSO became the subject of further scrutiny after Amnesty International, the human rights watchdog, and Forbidden Stories, a group that focuses on free speech, teamed up with a consortium of media organizations on “The Pegasus Project” to publish a list of 50,000 phone numbers, including some used by journalists, government leaders, dissidents and activists, that they said had been selected as targets by NSO’s clients. Using the zero-click infection method, Pegasus can turn on a user’s camera and microphone, record messages, texts, emails, calls - even those sent via encrypted messaging and phone apps like Signal - and send them back to NSO’s clients at governments around the world. Known as a “zero click remote exploit,” it is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into someone’s device without tipping the victim off. The spyware, called Pegasus, used a novel method to invisibly infect Apple devices without victims’ knowledge. Apple issued emergency software updates for a critical vulnerability in its products on Monday after security researchers uncovered a flaw that allows highly invasive spyware from Israel’s NSO Group to infect anyone’s iPhone, iPad, Apple Watch or Mac computer without so much as a click.Īpple’s security team had worked around the clock to develop a fix since Tuesday, after researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that a Saudi activist’s iPhone had been infected with an advanced form of spyware from NSO.
0 kommentar(er)
