State Department employees’ phones hacked in months’-long cyberattack 

by mcardinal

Chris Lange, FISM News

 

The phones of at least nine U.S. State Department employees were hacked by an unknown person using sophisticated Israeli spyware. Four sources “familiar with the matter” reported that the unknown attacker, using Israeli NSO Group spyware, targeted the iPhones of state officials either working in Uganda or involved, in some official capacity, with the East African country, according to Reuters.

The incident signifies the largest known cyberattack to date of U.S. government officials using NSO technology. Previous reports of the discovery of a list of numbers belonging to presumed potential targets, including some U.S. government officials, did not yield findings of attempted or successful intrusions, making this a significant development. 

NSO Group issued a statement in response to the discovery Thursday through which they denied any knowledge of their spyware being used in the malfeasance but said they canceled access for the “relevant customers” and have launched an investigation into the matter. 

“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” said an NSO spokesperson, who added that NSO will “cooperate with any relevant government authority and present the full information we will have.”

NSO has maintained that its products are only sold to governmental law enforcement and intelligence clients for their use in monitoring potential security threats and that it has no direct involvement in any surveillance operations. 

Based in Herzliya near Tel Aviv, Israel, NSO Group Technologies is perhaps best known for its proprietary spyware, Pegasus, which was reportedly used in the cyberattack. The spyware has the capability to remotely surveil smartphones with zero-click technology, which does not require human interaction to infect a phone. In other words, a  phone can be infected without requiring the user to click a link, making it virtually impossible to detect the threat of infection. Reuters reports that a review of NSO product manuals reveals that the software is capable of seizing sensitive information, including encrypted messages and images, and can even turn phones into recording devices. 

The U.S. Dept. of Commerce last month placed NSO on its Entity List imposing restrictions on U.S. companies in doing business with them, “based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.” 

Apple, Inc. notified the affected users of the hack but did not name the creator of the spyware used. The cyberattack was carried out by exploiting a graphics-processing vulnerability in iPhones of which Apple had been unaware of until September, when they took corrective action. Using the NSO software, hackers managed to control victims’ smartphones by sending invisible, infected iMessage requests to their devices, enabling them to then install the spyware undetected. The cyberattacks date back to as early as Feb. 2021. Apple sued NSO Group last week over accusations it helped multiple customers hack into its mobile software, iOS. 

Responding to the lawsuit, NSO defended its technology as a crucial aid in counter-terrorism, adding that it has installed controls designed to prohibit spying on innocent targets.  

“On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full information we will have,” said a spokesperson, according to The Hill. “Once the software is sold to the licensed customer, NSO has no way to know who the targets of the customers are, as such, we were not and could not have been aware of this case.”

While it is not clear why officials working with Uganda were targeted, the country has been plagued in recent months with political upheaval, reports of election irregularities, protests, and government crackdowns. 

DONATE NOW