this is the right question to ask: where do these ‘leaks’ come from?

US Takes Down Israeli Spy Software Company
Moon of Alabama, Jul 19 2021

A number of international papers report today on the Israeli hacking company NSO which sells snooping software to various regimes. The software is then used to hijack the phones of regime enemies, political competition or obnoxious journalists. All of that was already well known but the story has new legs as several hundreds of people who were spied on can now be named. How that came to pass is of interest:

The phones appeared on a list of more than 50,000 numbers that are concentrated in countries known to engage in surveillance of their citizens and also known to have been clients of the Israeli firm, NSO Group, a worldwide leader in the growing and largely unregulated private spyware industry, the investigation found. The list does not identify who put the numbers on it, or why, and it is unknown how many of the phones were targeted or surveilled. But forensic analysis of the 37 smartphones shows that many display a tight correlation between time stamps associated with a number on the list and the initiation of surveillance, in some cases as brief as a few seconds. Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International, a human rights group, had access to the list and shared it with the news organizations, which did further research and analysis. Amnesty’s Security Lab did the forensic analyses on the smartphones. The numbers on the list are unattributed, but reporters were able to identify more than 1k people spanning more than 50 countries through research and interviews on four continents.

Who might have made such a list and who would give it to Amnesty and Forbidden Stories? NSO is one of the Israeli companies that is used to monetize the work of the Israel’s military intelligence Unit 8200. ‘Former’ members of 8200 move to NSO to produce spy tools which are then sold to foreign governments. The license price is $7m to $8m per 50 phones to be snooped at. It is a shady but lucrative business for the company and for the state of Israel. NSO denies the allegations that its software is used for harmful proposes with a lot of bullshittery:

The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the “unidentified sources” have supplied information that has no factual basis and are far from reality. After checking their claims, we firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims. In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit.

The reports make, for example, the claim that the Indian government under Prime Minister Narendra Modi has used the NSO software to spy on the leader of the opposition party Rahul Gandhi. How could NSO deny that allegation? It can’t. Further down in the NSO’s statement the company contradicts itself on the issues:

As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi. We can confirm that our technology was not used to listen, monitor, track, or collect information regarding him or his family members mentioned in the inquiry. We previously investigated this claim, which again, is being made without validation. We would like to emphasize that NSO sells it technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts. NSO does not operate the system and has no visibility to the data.

How can NSO deny that the Saudi government, one its known customers, used its software for spying on the then murdered Jamal Khashoggi when it ‘does not operate the system’ and ‘has no visibility to the data’? You can’t claim both a. assure knowledge and b. to have no way to have gained it. But back to the real issue:

  • Who has the capacity to make a list of 50k phone numbers that include at least 1k who were spied on with NSO’s software?
  • Who can ‘leak’ such a list to some NGO and make sure that lots of ‘western’ media jump onto it?
  • Who has an interest in shutting NSO down or to at least make its business more difficult?

The competition I’d say. And the only real one in that field is the NSA of the US. The US often uses ‘intelligence’ as a kind of diplomatic currency that keeps other countries dependent on it. If the Saudis have to ask the US for snooping on someone it is much easier to have influence over them. NSO is disturbing that business. There is also the problem that the first class spying software NSO is selling to somewhat shady customers might well fall into the hands of some big US adversary. The ‘leak’ to Amnesty and Forbidden Stories is thus an instrument to keep some monopolistic control over client regimes and over spying technology. (The Panama Papers were a similar kind of US-sponsored ‘leak’, only in the financial field.) Edward Snowden, who once was committed NSA supporter but leaked NSA documents because he wanted it to stick to the law, is supporting this campaign:

Snowden seems to say that NSO, which sells it software only to governments, should stop doing so but that the NSA should continue the use of such spying instrument:

Speaking in an interview with the Guardian, Snowden said the consortium’s findings illustrated how commercial malware had made it possible for repressive regimes to place vastly more people under the most invasive types of surveillance.

Snowden’s opinion on this is kind of strange:

The uproar in the the media created by the NSO revelation is already having the desired effect:

Amazon Web Services (AWS) has shut down infrastructure and accounts linked to Israeli surveillance vendor NSO Group, Amazon said in a statement. The move comes as a group of media outlets and activist organizations published new research into NSO’s malware and phone numbers potentially selected for targeting by NSO’s government clients. “When we learned of this activity, we acted quickly to shut down the relevant infrastructure and accounts,” an AWS spokesperson told Motherboard in an email.

AWS has for years known about NSO’s activities. NSO has been using CloudFront, a content-delivering network owned by Amazon:

CloudFront infrastructure was used in deployments of NSO’s malware against targets, including on the phone of a French human rights lawyer, according to Amnesty’s report. The move to CloudFront also protects NSO somewhat from researchers or other third parties trying to unearth the company’s infrastructure. “The use of cloud services protects NSO Group from some Internet scanning techniques,” Amnesty’s report added.

That protection is no longer valid. NSO will have quite some problems to replace such a convenient service. Israel will whine about it but it seems to me that the US has decided to shut NSO down. For you and me that will only marginally lower the risk of being spied on.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.