CTech: Israeli police used NSO’s Pegasus to spy on local mayors, their relatives

CTech: Israeli police used NSO’s Pegasus to spy on local mayors, their relatives. “After last week’s multi-part exposé detailed how police’s SIGINT unit had been allegedly employing the controversial Pegasus malware to spy on civilians, Calcalist is revealing that law enforcement tapped the phones of at least three mayors and heads of local councils for the purposes of ‘phishing’ – all under the guise of intelligence activities.”

CTech: Israel police uses NSO’s Pegasus to spy on citizens

CTech: Israel police uses NSO’s Pegasus to spy on citizens. “Israel police uses NSO’s Pegasus spyware to remotely hack phones of Israeli citizens, control them and extract information from them, Calcalist has revealed. Among those who had their phones broken into by police are mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, former governmental employees, and a person close to a senior politician. Calcalist learned that the hacking wasn’t done under court supervision, and police didn’t request a search or bugging warrant to conduct the surveillance.”

Wired: Google Warns That NSO Hacking Is On Par With Elite Nation-State Spies

Wired: Google Warns That NSO Hacking Is On Par With Elite Nation-State Spies. “The company’s products have been so abused by its customers around the world that NSO Group now faces sanctions, high-profile lawsuits, and an uncertain future. But a new analysis of the spyware maker’s ForcedEntry iOS exploit—deployed in a number of targeted attacks against activists, dissidents, and journalists this year—comes with an even more fundamental warning: Private businesses can produce hacking tools that have the technical ingenuity and sophistication of the most elite government-backed development groups.”

Facebook: Taking Action Against the Surveillance-For-Hire Industry

Facebook: Taking Action Against the Surveillance-For-Hire Industry. “Recently, there has been an increased focus on NSO, the company behind the Pegasus spyware (software used to enable surveillance) that we enforced against and sued in 2019. However, NSO is only one piece of a much broader global cyber mercenary industry. Today, as part of a separate effort, we are sharing our findings about seven entities that we removed from our platform for engaging in surveillance activity and we will continue to take action against others as we find them.”

Motherboard: Apple Patches Zero-Click iMessage Hack Used by NSO

Motherboard: Apple Patches Zero-Click iMessage Hack Used by NSO. “The hack relied on an unknown vulnerability—also known as a zero-day—in iMessage, which allowed the hackers to take over a target’s phone by sending them a message that was effectively invisible. These kinds of attacks are called zero-click exploits, as they don’t require the victim to click on anything. Citizen Lab wrote in a blog post that it believes this zero-day was being used since at least February of this year.”

NSO/Pegasus: 17 journalists from 7 countries join RSF’s complaint in Paris and before the UN (Reporters Without Borders)

Reporters Without Borders: NSO/Pegasus: 17 journalists from 7 countries join RSF’s complaint in Paris and before the UN. “Seventeen journalists from seven countries who were listed as potential or actual victims of Pegasus spyware have filed complaints with prosecutors in Paris, against NSO Group and all other persons the investigation will identify. Their complaints complement the one Reporters Without Borders (RSF) and two journalists with French and Moroccan dual nationality already filed on 20 July. RSF has also referred their cases to the United Nations.”

The Daily Beast: Scandal, Spyware, and 69 Pounds of Weed

The Daily Beast: Scandal, Spyware, and 69 Pounds of Weed. “Amid the furor over the abuse of NSO’s powerful spyware, the story of how the company landed its first contract with Mexico has largely escaped attention. It’s a deal that might never have come together were it not for the behind-the-scenes efforts of an influential, twice-convicted Republican powerbroker: Elliott Broidy.”

Washington Post: Human rights activist and close ally of detained Dubai princess had phone hacked by NSO spyware, forensic test finds

Washington Post: Human rights activist and close ally of detained Dubai princess had phone hacked by NSO spyware, forensic test finds. “A phone belonging to a prominent supporter of two princesses who fled Dubai was infected with Pegasus spyware last year, a new forensic examination shows, offering more evidence that government clients of the Israeli surveillance giant NSO Group have used its phone-hacking tool to target human rights activists.”

Motherboard: Amazon Shuts Down NSO Group Infrastructure

Motherboard: Amazon Shuts Down NSO Group Infrastructure. “Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli surveillance vendor NSO Group, Amazon said in a statement. The move comes as a group of media outlets and activist organizations published new research into NSO’s malware and phone numbers potentially selected for targeting by NSO’s government clients.”

MIT Technology Review: The man who built a spyware empire says it’s time to come out of the shadows

MIT Technology Review: The man who built a spyware empire says it’s time to come out of the shadows. “Shalev Hulio wants to explain himself. Normally, silence and secrecy are inherent in the spy business. For nine full years, Hulio never talked publicly about his billion-dollar hacking company—even when his hacking tools were linked to scandal or he was accused of being complicit in human rights abuses around the world. Lately, though, he’s speaking up.”

CNN: Facebook sues surveillance company NSO Group over alleged WhatsApp hack

CNN: Facebook sues surveillance company NSO Group over alleged WhatsApp hack. “The lawsuit, filed on Tuesday, alleges that NSO Group was responsible for a security flaw that allowed potential hackers to install spyware through a phone call, first reported in May by the Financial Times. Targeted victims didn’t need to pick up the phone or take any action to get infected, and it affected both iPhones and Android devices.”