Cyber Spy Weapons Software Used Against Activists and Journalists

Mexico ranks 9th in journalists deaths. Find the list here by country.

Related reading: iPhone security flaw discovered, used by cyber weapons dealer

 Geek.com

Mexican Government was spying on Journalists and Activists with Pegasus Surveillance software

Journalists and activists in Mexico accused the government of spying on them with the powerful surveillance software Pegasus developed by the NSO Group.

Journalists and activists in Mexico accused the government of spying on them with a powerful surveillance software. According to the journalists, the authorities used an Israeli spyware to hack their mobile devices. The surveillance software is the questionable Pegasus that is developed by the Israeli surveillance NSO Group and sold exclusively to the governments and law enforcement agencies.

NSO Group is owned by US private equity firm Francisco Partners Management. it made the headlines after the investigation conducted by The New York Times.

People familiar with the NSO Group confirmed that the company has an internal ethics committee that monitors the sales and potential customers verifying that the software will not be abused to violate human rights.

Officially the sale of surveillance software is limited to authorized governments to support investigation of agencies on criminal organizations and terrorist groups.

Unfortunately, its software is known to have been abused to spy on journalists and human rights activists.

“There’s no check on this,” said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “Once NSO’s systems are sold, governments can essentially use them however they want. NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place.”

The discovery is the result of an investigation conducted by Mexican NGOs and the CitizenLab organization.

R3D, SocialTic, Article 19 and CitizenLab published a report that details the surveillance illegally operated by the Mexican government through the spyware.

Authorities have been sending malicious links to individuals’ phones, in order to trick victims into opening the messages they were specifically crafted and in some cases, the attack involved also family members if the victims were not compromised.

“The targets received SMS messages that included links to NSO exploits paired with troubling personal and sexual taunts, messages impersonating official communications by the Embassy of the United States in Mexico, fake AMBER Alerts, warnings of kidnappings, and other threats.” states the report. “The operation also included more mundane tactics, such as messages sending fake bills for phone services and sex-lines. Some targets only received a handful of texts, while others were barraged with dozens of messages over more than one and a half years. A majority of the infection attempts, however, took place during two periods: August 2015 and April-July 2016″.

Mexican Govenment surveillance

The Pegasus spyware leverages zero-day exploits to compromise both iOS and Android devices.

The government targeted individuals that exposed evidence on government corruption and activists who revealed human rights violations by the Mexican Government.

The researchers observed at least two periods of intense targeting:

  • Period 1 (August 2015) when the Mexican President was officially exonerated for his role in the “Casa Blanca” scandal on which Carmen Aristegui, a well-known reporter, had first reported, and Carlos Loret de Mola was questioning the government’s role in extrajudicial killings. Aristegui revealed that President Enrique Pena Nieto’s wife had bought a $7 million Mexico City mansion from a government contractor.
  • Period 2 (April- July 2016) when revelations of government involvement in human rights abuses and extra-judicial killings were made public.

Mexican Government spyware

According to the New York Times report, at least three Mexican federal agencies have purchased some $80 million of spyware from NSO Group since 2011.

Companies like the NSO Group operate in the dark, in a sort of “legal gray area,” despite the Israeli government exercises strict control of the export of such kind of software, surveillance applications could be abused by threat actors and authoritarian regimes worldwide.

Let me close with Key Findings of the report

  • Over 76 messages with links to NSO Group’s exploit framework were sent to Mexican journalists, lawyers, and a minor child (NSO Group is a self-described “cyber warfare” company that sells government-exclusive spyware).
  • The targets were working on a range of issues that include investigations of corruption by the Mexican President, and the participation of Mexico’s Federal authorities in human rights abuses.
  • Some of the messages impersonated the Embassy of the United States of America to Mexico, others masqueraded as emergency AMBER Alerts about abducted children.
  • At least one target, the minor child of a target, was sent infection attempts, including a communication impersonating the United States Government, while physically located in the United States.

***

Then comes former National Security Council advisor for President Trump Michael Flynn.

Cyberweapons Group Sold Spyware Used Against Political Dissidents

He earned nearly $1.5 million last year as a consultant, adviser, board member, or speaker for more than three dozen companies and individuals, according to financial disclosure forms released earlier this year.

Two of those entities are directly linked to NSO Group, a secretive Israeli cyberweapons dealer founded by Omri Lavie and Shalev Hulio, who are rumored to have served in Unit 8200, the Israeli equivalent of the National Security Agency.

Flynn received $40,280 last year as an advisory board member for OSY Technologies, an NSO Group offshoot based in Luxembourg, a favorite tax haven for major corporations. OSY Technologies is part of a corporate structure that runs from Israel, where NSO Group is located, through Luxembourg, the Cayman Islands, the British Virgin Islands, and the U.S.

Flynn also worked as a consultant last year for Francisco Partners, a U.S.-based private equity firm that owns NSO Group, but he did not disclose how much he was paid. At least two Francisco Partners executives have sat on OSY’s board.

Flynn’s financial disclosure forms do not specify the work he did for companies linked to NSO Group, and his lawyer did not respond to requests for comment. Former colleagues at Flynn’s consulting firm declined to discuss Flynn’s work with NSO Group. Executives at Francisco Partners who also sit on the OSY Technologies board did not respond to emails. Lavie, the NSO Group co-founder, told HuffPost he is “not interested in speaking to the press” and referred questions to a spokesman, who did not respond to queries.

Many government and military officials have moved through the revolving door between government agencies and private cybersecurity companies. The major players in the cybersecurity contracting world ― SAIC, Booz Allen Hamilton, CACI Federal and KeyW Corporation ― all have former top government officials in leadership roles or on their boards, or have former top executives working in government.

But it’s less common for former U.S. intelligence officials to work with foreign cybersecurity outfits. “There is a lot of opportunity in the U.S. to do this kind of work,” said Ben Johnson, a former NSA employee and the co-founder of Obsidian Security. “It’s a little bit unexpected going overseas, especially when you combine that with the fact that they’re doing things that might end up in hands of enemies of the U.S. government. It does seem questionable.”

What is clear is that during the time Flynn was working for NSO’s Luxembourg affiliate, one of the company’s main products — a spy software sold exclusively to governments and marketed as a tool for law enforcement officials to monitor suspected criminals and terrorists — was being used to surveil political dissidents, reporters, activists, and government officials. The software, called Pegasus, allowed users to remotely break into a target’s cellular phone if the target responded to a text message.

Last year, several people targeted by the spyware contacted Citizen Lab, a cybersecurity research team based out of the University of Toronto. With the help of experts at the computer security firm Lookout, Citizen Lab researchers were able to trace the spyware hidden in the texts back to NSO Group spyware. After Citizen Lab publicized its findings, Apple introduced patches to fix the vulnerability. It is not known how many activists in other countries were targeted and failed to report it to experts.

NSO Group told Forbes in a statement last year that it complies with strict export control laws and only sells to authorized government agencies. “The company does NOT operate any of its systems; it is strictly a technology company,” NSO Group told Forbes.

But once a sale is complete, foreign governments are free to do what they like with the technology. Read more here.

Posted in #StopIran, Citizens Duty, Cuba, Cyber War, Department of Defense, DOJ, DC and inside the Beltway, FBI, government fraud spending collusion, Media corruption, Military, NSA Spying, Russia, Terror, The Denise Simon Experience, Whistleblower.

Denise Simon

Comments are closed.