French lawmakers have now launched an investigation into Israeli offensive cybersecurity company NSO Group after they learned French President Emmanuel Macron topped a list of 14 heads of states potentially targeted by the company’s spyware
The 14 world leaders were among those found on list of NSO ‘believed targets’ for its Pegasus spyware.
Amnesty International revealed Tues. the French leader was a potential spyware target, along with Presidents Imran Khan of Pakistan, Cyril Ramaphosa of South Africa & Barham Salih of Iraq. Heads of State, including PMs & the King of Morocco, Mohammed VI, were also high-profile potential targets of NSO’s software known as Pegasus.
“The unprecedented revelation … should send a chill down the spine of world leaders,” wrote Agnes Callamard, Amnesty International’s Secretary General, in a statement.
The world leaders were potential targets, states a list of 50,000 phone numbers thought linked to the NSO Group & then leaked to Amnesty International & the Paris-based journalism non-profit Forbidden Stories. This extensive list is believed to date back to 2016 & includes people of interest by clients of NSO.
On Sun., a group of 17 media partners published a ‘bombshell report’ describing what they believe is a systemic & wide use of the Pegasus spyware by sometimes repressive regimes against human rights activists, political dissidents, journalists & religious & world leaders.
French daily Le Monde, stated after it launched its own investigation into the NSO leaked data, it determined that 15 members of the French Govt. may have been among potential targets, along with Macron.
On Wed., the Paris prosecutor’s office confirmed to the Associated Press it was investigating the suspected widespread use of NSO’s Pegasus spyware on French politicians. The Washington Post also reported that France’s PM, Jean Castex, told French lawmakers at the country’s National Assembly that the Govt. had ordered investigations.
The Post published a statement by the official residence of the President of the French Republic, the Élysée Palace, stating:
“If the facts are confirmed, they are clearly very serious. All light will be shed on these press revelations. Certain French victims have already announced that they would take legal action, & therefore judicial inquiries will be launched.”
NSO Founder Denies
In an exclusive interview with publication Calcalist, NSO founder & CEO Shalev Hulio confirmed its assertion that the list of 50,000 phone numbers, potentially targeted by Pegasus spyware, is false.
“This is an engineered list unrelated to us,” Hulio suggested.
A statement by Hulio to Calcalist reads:
“Around 1 month ago we received the 1st approach from an information broker. He said that there is a list circulating in the market & that whoever holds it is saying that the NSO servers in Cyprus were hacked & that there is a list of targets there and that we should be careful.
We looked into it. We do not have servers in Cyprus and do not have these types of lists, & the number does not make sense in any way, so it has nothing to do with us.
He insisted that it does. We were later approached by 2 different clients who said that brokers have come to them claiming that they have a list related to NSO.
We eventually received some screenshots of the list the brokers managed to get a hold of and based on that we understood that this does not look like the Pegasus system, certainly on the server, & that this is an engineered list unrelated to us
‘This Was a Joke’
We looked over it with the clients & it slowly became clear to us that it is an HLR Lookup server & has nothing to do with NSO. We understood that this was a joke.”
Hulio explained it works with 45 customers a year who target an average of 100 phones a year. He maintains the list of 50,000 alleged targets has nothing to do with NSO.
Still, a deep analysis of 67 of the phones on the list 50,000 showed that 37 had traces of Pegasus software. Amnesty International & Forbidden Stories editors emphasised the list of phone numbers does not indicate that all of those phones were targeted with an attack.
Tech World Recoils
News of possible widespread use of the notorious Pegasus mobile spyware from NSO Group has drawn a sharp rebuke by those in the security community.
Reactions have been varied, with many voicing concern over the level of security in Apple’s closed ecosystem. According to reports, the NSO Group made use of a zero-click zero-day in Apple’s iMessage feature in its Pegasus mobile spyware.
Noted US Johns Hopkins University cryptographer, Matthew Green, suggests Apple could do more to improve security around its iMessage technology.
“There is good evidence that Apple realises the bind they’re in, since they tried to fix iMessage by barricading it behind a specialised “firewall” called BlastDoor.
But firewalls have not been particularly successful at preventing targeted network attacks, & there is no reason to think that Blast Door will do much better. (Indeed, we know it’s probably not doing its job now.),” he wrote in a recent blog post titled “A case against security nihilism“.
Digital Ocean, another tech firm that hosted NSO servers, told the Associated Press “All of the infrastructure outlined in the Amnesty report is no longer on Digital Ocean.”