Two global attacks on politicians’, journalists’ and activists’ phones have been revealed over a few days. In both cases, Israel-made malware is said the be used to spy on phones.
A number of respected newspapers published an investigative news story saying Israeli malware is used to spy on journalists, activists and lawyers around the world. Microsoft and Toronto-based Citizen Lab some days earlier announced that they had identified and stopped the use of an Israeli malware used to spy on journalists and politicians.
The newspapers said there is a list with up to 50,000 phone numbers of people believed to be of interest to clients of the Israeli company, NSO and leaked to major news outlets.
It is not clear where the list came from – or whose phones had actually been hacked.
NSO denies any wrongdoing. It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records.
In a statement, NSO said the investigation by Paris-based NGO Forbidden Stories and the Amnesty International, was “full of wrong assumptions and uncorroborated theories”.
The allegations about use of the software, called Pegasus, were published by 17 newspapers including the Washington Post, the Guardian and Le Monde.
Pegasus infects iPhones and Android devices and operators can access messages, photos and emails, record calls and secretly activate microphones.
“Pegasus is a vile and loathsome tool, invented by digital mercenaries and prized by ‘press freedom predators’ for use in persecuting journalists,” said Reporters without Borders’ secretary-general ,Christophe Deloire. RSF announced its intention to bring legal action against those responsible for the mass surveillance.
Microsoft said that together with Citizen Lab has disrupted the use of cyberweapons manufactured and sold by a group called Sourgum that the company suspects is an Israel-based private sector company called Candiru.
“The weapons disabled were being used in precision attacks targeting more than 100 victims around the world including politicians, human rights activists, journalists, academics, embassy workers and political dissidents.”
Microsoft said it built protections against the unique malware Sourgum created, and shared those protections with the security community. It has also issued a software update that will protect Windows customers from exploits Sourgum was using to help deliver its malware.
“Sourgum generally sells cyberweapons that enable its customers, often government agencies around the world, to hack into their targets’ computers, phones, network infrastructure and internet-connected devices. These agencies then choose who to target and run the actual operations themselves,” Microsoft said in a blog post.
The work started after receiving a tip from Citizen Lab about malware used by Sourgum that Microsoft has called Devil’s Tongue.