US officials’ phones hacked using Israeli NSO Group spyware

NSO Group is a cybersecurity tech startup you’ve probably never heard of. Founded about 12 years ago, the Tel Aviv, Israel-based NSO Group develops technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe. The news of rogue nations, state actors using NSO spyware to hack into US tech companies has been going for the past three years now. NSO is known for its Pegasus malware, which is used by intelligence agencies to obtain private data from people’s smartphones.

As we first warned in 2018, The NSO Group spyware is used by private companies and government agencies to spy on their citizens. The NSO Group’s military-grade Pegasus spyware is also licensed to governments around the globe and can infect phones without a click. NSO’s Pegasus software has been used to record conversations and gain access to photos, text messages, and smartphones.

The NSO Group is not new to allegations. In 2018, the startup was accused of placing spyware on the smartphone of murdered Saudi journalist Jamal Khashoggi, though the Israeli firm denies the accusations. According to a lawsuit filed by a friend of Khashoggi, NSO was accused of using its software to spy on the inner circle of Jamal Khashoggi just before his murder.

In early summer, former NSA whistleblower Edward Snowden revealed a new terrifying leak that he said is going to be “the story of the year.” Snowden sounded the alarm bell about the NSO’s Pegasus spyware. But his warnings fell on deaf ears as new revelations of NSO spyware hacking into Biden administration officials came to light.

According to multiple reports, at least nine iPhones of US state department officials were hacked by a government using NSO Group spyware. The revelation comes just weeks after the Biden administration placed NSO on a US blacklist.

The hacks were carried out by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to Reuters, citing four people familiar with the matter. Two of the sources told Reuters that the hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country.

Other reports also indicated that there were indications that some American citizens may have also been targeted using Pegasus, but Reuters stated it only has confirmation that the breaches against US officials were successful:

“The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO, but it was not clear whether intrusions were always tried or succeeded.”

Responding to the spyware attack, Snowden wrote on Twitter:

“If a Russian company was behind this, Russia would be facing double-sanctions by lunchtime. No, triple-sanctions! Oprah would be handing out sanctions to everyone in the audience. Do you think the US will be sanctioning the host nation for this company?”

If a Russian company was behind this, Russia would be facing double-sanctions by lunchtime. No, triple-sanctions! Oprah would be handing out sanctions to everyone in the audience.

Do you think the US will be sanctioning the host nation for this company?https://t.co/SI43lTrsN1

— Edward Snowden (@Snowden) December 3, 2021

In July, Snowden had warned about hidden microphones in smartphones. In a blog post on SubStack, Snowden started out talking about the smartphones we use and how they have become the most “the most dangerous item” we possess. Snowden explained how he first removed the hidden microphones in his phone before he starts to use it.

“The first thing I do when I get a new phone is take it apart. I don’t do this to satisfy a tinkerer’s urge, or out of political principle, but simply because it is unsafe to operate. Fixing the hardware, which is to say surgically removing the two or three tiny microphones hidden inside, is only the first step of an arduous process, and yet even after days of these DIY security improvements, my smartphone will remain the most dangerous item I possess.”

Snowden then went on to explain that before the news of NSO Group made the headlines, “most smartphone manufacturers along with much of the world press collectively rolled their eyes at him whenever he publicly identified a fresh-out-of-the-box iPhone as a potentially lethal threat.”

Meanwhile, an investigation conducted by The Washington Post and 16 media partners found NSO has 15,000 clients around the world. NSO Pegasus spyware was used by governments for tracking terrorists and criminals. However, the same Pegasus software was also used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives, and two women close to murdered Saudi journalist Jamal Khashoggi.

“The numbers on the list are unattributed, but reporters were able to identify more than 1,000 people spanning more than 50 countries through research and interviews on four continents: several Arab royal family members, at least 65 business executives, 85 human rights activists, 189 journalists, and more than 600 politicians and government officials — including cabinet ministers, diplomats, and military and security officers, as well as several heads of state and prime ministers. The purpose of the list could not be conclusively determined,” The Post reported.

Other reports also revealed that the spyware has been used with WhatsApp to send malware to more than 1,400 phones by exploiting a zero-day vulnerability. According to the report, by simply placing a WhatsApp call to a target device, the malicious Pegasus code could be installed on the phone, even if the target never answer.

Founded in 2009 by Omri Lavie and Shalev Hulio, alumni of elite IDF intelligence unit 8200, Hulio was formerly a company commander with the Israel Defense Forces, according to his LinkedIn profile. Lavie was an employee of the Israeli government.

The Herzliya, Israel-based NSO Group helps governments spy on cellphones. The company first made headlines in 2018 after the highly sophisticated Pegasus spyware it developed reportedly took advantage of previously undisclosed weaknesses in Apple’s mobile operating system. The system was used in a botched attempt to break into the iPhone of an Arab activist in the United Arab Emirates.

NSO Group develops mobile device surveillance and cyber espionage software capable of completely taking over devices. NSO’s spyware was also allegedly used by people purported to be Mexican government officials to target Mexican journalists, lawyers, and activists, according to report by Citizen Lab at the University of Toronto.

NSO Group Founders: Omri Lavie and Shalev Hulio