The iPhones of nine US diplomats hacked with a spyware | Technology



The iPhones of at least nine US State Department employees were hacked by an unknown assailant using sophisticated spyware developed by Israel-based company NSO Group, according to four sources familiar with the matter. The attacks, which occurred in recent months, hit US diplomats based in Uganda or focused on issues about the East African country, two of the sources said. The intrusions, exclusively reported by Reuters, represent the widest known hack of US officials via NSO technology.

A list of potential targets for this spyware was published in 2019, but it is not clear that all hacking attempts were successful. Reuters has not been able to determine who launched the latest attacks. NSO Group said in a statement Thursday that it has no indication that its tools were used in this action, but it canceled access for relevant clients and announced an investigation. “If our investigation shows that NSO tools were used in these actions, the responsible customer will be terminated and legal action will be taken,” said a spokeswoman, adding that NSO will also cooperate with authorities.

NSO has long said that it only sells its products to governments and intelligence agencies, to help them monitor security threats, and that it is not directly involved in surveillance operations. Neither officials from the Ugandan embassy in Washington nor an Apple spokesperson wanted to comment on the information. A State Department spokesperson also declined to comment on the intrusions, but instead pointed to the Commerce Department’s recent decision to place the Israeli company on a list of entities that are difficult to do business with with US companies. .

See also  Talented Lanarkshire entrepreneur is this week's 'Say it With Flowers' recipient

The NSO program is capable of not only capturing encrypted data, messages, photos and other confidential information from infected phones, but also turning them into recording devices to keep an eye on their surroundings, according to product manuals reviewed by Reuters. In the alert that Apple sent to affected users, the company that created this program was not mentioned. The victims included US citizens easily identifiable as government employees because they associated email addresses ending in state.gov (used by US officials) with their Apple ID, according to two of the sources cited by Reuters.

Demand against NSO

They and other people in various countries who were alerted by Apple were hacked thanks to a vulnerability in the systems that Apple did not know about or fix until September. Since at least February, this error of software It allowed some NSO customers to take control of iPhones simply by sending iMessage requests to the device, according to the researchers. Victims did not even need to interact with the ad for the intrusion to be successful. A version of the NSO surveillance program commonly known as Pegasus was then installed on their phones.

Last November, the same day that Apple announced that it would notify the victims of these attacks, the company sued the NSO group, accusing it of helping its customers hack into their mobile operating system. NSO responded that their technology helps curb terrorism and that they have installed controls to prevent espionage against innocent targets. For example, NSO says that its intrusion system cannot work on phones with US numbers that begin with the country code +1. However, Ugandan officials had phones registered abroad, and therefore the country code was different.

See also  Scot suffering from long covid left with mounting debt and fears she might lose job

Elections in Uganda this year have reported irregularities and government repression. US officials had tried to meet with opposition leaders, drawing the ire of the Ugandan executive, although Reuters says it has no evidence that the hacking is related to the electoral process.

NSO’s best-known clients include Saudi Arabia, the United Arab Emirates, and Mexico. The Israeli Defense Ministry must approve the export licenses for the company, which has close ties to the Israeli defense and intelligence communities, to sell its technology internationally. In a statement, the Israeli embassy in Washington said spying on US officials would constitute a serious violation of its rules. “Cyber ​​products like the one mentioned can only be exported to governments for purposes related to the fight against terrorism and serious crime,” said a spokeswoman.

You can follow EL PAÍS TECNOLOGÍA at Facebook and Twitter or sign up here to receive our newsletter semanal.




elpais.com

Related Posts

George Holan

George Holan is chief editor at Plainsmen Post and has articles published in many notable publications in the last decade.

Leave a Reply

Your email address will not be published.