Israeli spyware targets cloud services

Israeli company NSO whose spyware hacked Whatsapp claimed that it could gather an individual’s data from servers of Microsoft, Apple, Google, Facebook and Amazon.

Background 

NSO Group Technologies is an Israeli based tech company founded by Omri Lavie and Shalev Hulio in 2010. It is one of the most valued malware creators amongst governments.  According to Forbes, both the founders are believed to be alumni of Israel’s Unit 8200 signals intelligence arms. 

NSO develops cyber technology that allows government agencies to identify and disrupt terrorist and criminal plots. The company has close partnerships with a variety of other Israeli surveillance firms. These include Ability Inc, with a tool called the Unlimited Interception System (ULIN). The tool exploits crucial parts of the global telecoms infrastructure known as SS7, permitting interception of calls and texts, and collection of target location, all with just a phone number. In 2014, NSO was purchased by US-based Francisco Partners.  Francisco also has another Israeli spy team called 'Circles'. 

In 2019, European private equity firm, Novalpina Capital purchased NSO group from Francisco Partners. Since then, they have been taking heat for Pegasus’ human rights record. 

Analysis         

An Israeli tech firm, NSO has promoted its potential - to access the personal data on servers of Google, Facebook, Amazon, Microsoft and Apple without the knowledge of the user or the tech giants. 

According to the company’s sales pitch, the new technique developed by the NSO can copy authentication keys of cloud services from an infected phone. Then, a separate server impersonates the phone without prompting a 2 step verification or warning email on target device. The number of people whose cloud accounts may have been targeted by the latest alleged technique is not yet known.

In May 2019, Amnesty International filed a petition against NSO for developing spyware that could be injected into the target’s phone by ringing up their Whatsapp call function. 

Minutes after the attacker dials, "the target phone starts revealing its encrypted content, mirrored on a computer screen halfway across the world. It then transmits back the most intimate details such as private messages or location and even turns on the camera and microphone to live-stream meetings. Pegasus ability to hack using Whatsapp meant that the intelligence agencies could hack phones outside their jurisdiction. 

Danna Ingleton, deputy director of Amnesty Tech noted that “The Israeli Ministry of Defence has ignored mounting evidence linking NSO Group to attacks on human rights defenders”. The Human Rights Group demanded the revocation of the defense export license of cyber surveillance firm NSO Group.Whatsapp fixed the issue with an update for its 1.5bn users.

In response, NSO said its technology is licensed only to government agencies "for the sole purpose of fighting crime and terror," and that it does not operate the system itself. The malware has been used by intelligence agencies and governments to harvest data from targeted individuals’ smartphones. Israeli defence ministry regulates the sale of Pegasus. 

Pegasus has been installed in the phones of human rights activists and journalists around the world. Researchers at the University of Toronto believe that Pegasus has been used in 45 countries including Bahrain, Morocco, Saudi Arabia and UAE. 

The NSA whistleblower, Edward Snowden claimed that Saudi journalist Jamal Khashoggi was killed by Saudi state operatives using NSO hacking tools. An Israeli lawsuit said that the UAE, an NSO client, asked a company representative to hack the mobile phones of Qatar’s emir. 

Silicon Valley’s technology giants are trusted by billions of its users to keep critical information from potential hackers. Security teams in these affected companies are investigating the authentication technique which until now has been thought to be secure. “This has got to be a serious wake-up call for a lot of companies,” said John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, who has been following the use of Pegasus. He noted that it “accelerates the need for stronger forms of device authentication”.

Counterpoint

NSO’s co-entrepreneurs also founded Kaymera, a company designed to solve the exact problems NSO created: a super-secure phone for government officials. The vulnerability of smartphones has become a national security issue in Israel and the military has developed its own secure phone for its officers to use.

Assessment 

  • As long as products like Pegasus are marketed without proper control and oversight, the rights and safety of people are at risk. We feel that an embargo on the export, sale transfer of the privately developed surveillance tool is essential until a human rights compliant safeguards regime is in place. Victims of state-level hacking are better protected than casual users. 
  • The development of spy malware will hinder the rapid adoption of a cloud-based ecosystem by individuals and corporates. We believe that stronger authentication mechanisms can block unauthorized cloud access and account hijacking. 
  • There are other companies that possess the same skill as the NSO group, to exploit vulnerabilities in the smartphone.
  • Many nations are isolating themselves from the internet and smartphones due to the increasing threat of cyberattacks. Russia has most likley prohibited the military from using smartphones, a move intended to mask its soldiers’ digital trail. 
  • We feel that as much as Russia and China are accused of illegal hacking, it is not likely that countries will advocate against a product which is used by many nations for ‘white hat’ hacking. 

 

Image Source - Public Domain  

Comments