U.S. State Department phones hacked with Israeli company spyware – sources

WASHINGTON / SAN FRANCISCO, Dec. 3 (Reuters) – Apple Inc. iPhones owned by at least nine State Department employees were hacked by an unknown attacker using sophisticated spyware developed by Israel’s NSO Group, according to four people familiar with the matter.

The hacks, which have taken place in recent months, hit US officials either based in Uganda or focused on matters affecting the East African country, two of the sources said.

The break-ins reported here for the first time represent the largest known hacks by US officials by NSO technology. Previously, when reporting on NSO, a list of numbers with potential targets including some American officials appeared, but it was not clear whether an intrusion always occurred attempted or succeeded.

Register now for FREE unlimited access to reuters.com

to register

Reuters has not been able to determine who launched the latest cyberattacks.

The NSO Group said in a statement on Thursday that it had no indication of the use of its tools, but was canceling access for the relevant customers and would investigate based on the Reuters request.

“If our investigation shows that these actions actually took place using NSO’s tools, that customer will be permanently terminated and legal action will be taken,” said an NSO spokesman, who added that NSO also “is working with and working with all relevant government agencies.” will submit the complete documents ”. Information we shall have. “

NSO has long said it only sells its products to government law enforcement and intelligence customers to help them monitor security threats and is not directly involved in surveillance operations.

Officials from the Ugandan embassy in Washington did not comment. An Apple spokesman declined to comment.

A State Department spokesman declined to comment on the break-ins, referring instead to the Commerce Department’s recent decision to put the Israeli company on a company list, making it difficult for US companies to do business with.

NSO Group and another spyware company were added to the Entity List “on the basis of a determination that they had developed and delivered spyware to overseas governments that use the tool to maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers “. The Ministry of Commerce announced in a statement last month.

Easily recognizable

In addition to capturing encrypted messages, photos and other sensitive information from infected phones, the NSO software can also turn them into recording devices to monitor the environment, based on product manuals verified by Reuters.

Apple’s warning to affected users did not name the creator of the spyware used in this hack.

Victims notified by Apple included American citizens and were easily identifiable as US government employees by assigning their Apple IDs to email addresses ending in state.gov, two of the people said.

You and other targets reported by Apple in multiple countries were infected by the same graphics processing vulnerability that Apple only learned about and fixed in September, the sources said.

Since at least February, this software bug has allowed some NSO customers to take control of iPhones by simply sending invisible but contaminated iMessage requests to the device, researchers who investigated the espionage campaign said.

The victims would not have to see a prompt or interact with it for the hack to succeed. Versions of the NSO monitoring software, commonly known as Pegasus, could then be installed.

Apple’s announcement to notify victims came the same day it sued NSO Group last week, accusing numerous customers of helping numerous customers break into Apple’s iOS mobile software.

In a public response, NSO said its technology is helping stop terrorism and that they have installed controls to curb espionage against innocent targets.

For example, NSO says its intrusion system cannot work on phones with US numbers that begin with the country code +1.

But in the Uganda case, the targeted State Department employees used iPhones registered with foreign phone numbers, two of the sources said, without the US country code.

Uganda was rocked this year by elections with reported irregularities, protests and government action. US officials have attempted to meet with opposition leaders, which has drawn the ire of the Ugandan government. Read more Reuters has no evidence that the hacks were related to current events in Uganda.

A senior Biden government official said on condition that he could not be identified, saying the threat to U.S. personnel overseas is one of the reasons the government is cracking down on companies like NSO and a new global discussion about espionage limits lead.

The official added that the government has observed “systemic abuse” involving NSO’s Pegasus spyware in several countries.

Senator Ron Wyden, a member of the Senate Intelligence Committee, said, “Companies that allow their customers to hack US government officials are and should be treated as a threat to US national security.”

The NSO Group’s best-known customers in the past have included Saudi Arabia, the United Arab Emirates and Mexico.

Israel’s Defense Ministry must approve export licenses for NSO, which has close ties to Israel’s defense and intelligence communities, to sell its technology internationally.

In a statement, the Israeli embassy in Washington said it was a grave violation of its rules to target American officials.

“Cyber ​​products like the one mentioned are monitored and licensed for export to governments only for counter-terrorism and serious crime-related purposes,” said an embassy spokesman. “The license terms are very clear, and if these claims are true, it is a serious violation of those terms.”

Register now for FREE unlimited access to reuters.com

to register

Reporting by Christopher Bing and Joseph Menn; Adaptation by Chris Sanders and Edward Tobin

Our Standards: The Thomson Reuters Trust Principles.

https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/