U.S. State Department phones hacked with Israeli company spyware - sources
By Christopher Bing and Joseph Menn
WASHINGTON/SAN FRANCISCO, Dec 3 (Reuters) - Apple Inc APPL.O iPhones of at least nine U.S. State Department employees were hacked by an unknown assailant using sophisticated spyware developed by the Israel-based NSO Group, according to four people familiar with the matter.
The hacks, which took place in the last several months, hit U.S. officials either based in Uganda or focused on matters concerning the East African country, two of the sources said.
The intrusions, first reported here, represent the widest known hacks of U.S. officials through NSO technology. Previously, a list of numbers with potential targets including some American officials surfaced in reporting on NSO Link but it was not clear whether intrusions were always tried or succeeded.
Reuters could not determine who launched the latest cyberattacks.
NSO Group said in a statement on Thursday that it did not have any indication their tools were used but canceled access for the relevant customers and would investigate based on the Reuters inquiry.
"If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," said an NSO spokesperson, who added that NSO will also "cooperate with any relevant government authority and present the full information we will have."
NSO has long said it only sells its products to government law enforcement and intelligence clients, helping them to monitor security threats, and is not directly involved in surveillance operations.
Officials at the Uganda embassy in Washington did not comment. A spokesperson for Apple declined to comment.
A State Department spokesperson declined to comment on the intrusions, instead pointing to the Commerce Department's recent decision to place the Israeli company on an entity list, making it harder for U.S. companies to do business with them.
NSO Group and another spyware firm were "added to the Entity List based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers," the Commerce Department said in an announcement Link
Israel,%2C%20academics%2C%20and%20embassy%20workers last month.
NSO software is capable of not only capturing encrypted messages, photos and other sensitive information from infected phones, but also turning them into recording devices to monitor surroundings, based on product manuals reviewed by Reuters.
Apple's alert to affected users Link did not name the creator of the spyware used in this hack.
The victims notified by Apple included American citizens and were easily identifiable as U.S. government employees because they associated email addresses ending in state.gov with their Apple IDs, two of the people said.
They and other targets notified by Apple in multiple countries Link were infected through the same graphics processing vulnerability that Apple did not learn about and fix until September, the sources said.
Since at least February, this software flaw allowed some NSO customers to take control of iPhones simply by sending invisible yet tainted iMessage requests to the device, researchers who investigated the espionage campaign said.
The victims would not see or need to interact with a prompt for the hack to be successful. Versions of NSO surveillance software, commonly known as Pegasus, could then be installed.
In a public response, NSO has said its technology helps stop terrorism and that they've installed controls to curb spying against innocent targets.
For example, NSO says its intrusion system cannot work on phones with U.S. numbers beginning with the country code +1.
But in the Uganda case, the targeted State Department employees were using iPhones registered with foreign telephone numbers, said two of the sources, without the U.S. country code.
Uganda has been roiled this year by an election with reported irregularities Link protests Link and a government crackdown. U.S. officials have tried to meet with opposition leaders, drawing ire from the Ugandan government.
Reuters has no evidence the hacks were related to current events in Uganda.
A senior Biden administration official, speaking on condition he not be identified, said the threat to U.S. personnel abroad was one of the reasons the administration was cracking down on companies such as NSO and pursuing new global discussion about spying limits.
The official added that the government has seen "systemic abuse" in multiple countries involving NSO's Pegasus spyware.
Sen. Ron Wyden, who is on the Senate Intelligence Committee, said: "Companies that enable their customers to hack U.S. government employees are a threat to America's national security and should be treated as such."
Historically, some of NSO Group's best-known past clients included Saudi Arabia, the United Arab Emirates and Mexico.
The Israeli Ministry of Defense must approve export licenses for NSO, which has close ties to Israel's defense and intelligence communities, to sell its technology internationally.
In a statement, the Israeli embassy in Washington said that targeting American officials would be a serious breach of its rules.
"Cyber products like the one mentioned are supervised and licensed to be exported to governments only for purposes related to counter-terrorism and severe crimes," an embassy spokesperson said. "The licensing provisions are very clear and if these claims are true, it is a severe violation of these provisions." (Reporting by Christopher Bing and Joseph Menn; editing by Chris Sanders and Edward Tobin
Descargo de responsabilidades: Cada una de las entidades de XM Group proporciona un servicio de solo ejecución y acceso a nuestra plataforma de trading online, permitiendo a una persona ver o usar el contenido disponible en o a través del sitio web, sin intención de cambiarlo ni ampliarlo. Dicho acceso y uso están sujetos en todo momento a: (i) Términos y Condiciones; (ii) Advertencias de riesgo; y (iii) Descargo completo de responsabilidades. Por lo tanto, dicho contenido se proporciona exclusivamente como información general. En particular, por favor tenga en cuenta que, los contenidos de nuestra plataforma de trading online no son ni solicitud ni una oferta para entrar a realizar transacciones en los mercados financieros. Operar en cualquier mercado financiero implica un nivel de riesgo significativo para su capital.
Todo el material publicado en nuestra plataforma de trading online tiene únicamente fines educativos/informativos y no contiene –y no debe considerarse que contenga– asesoramiento ni recomendaciones financieras, tributarias o de inversión, ni un registro de nuestros precios de trading, ni una oferta ni solicitud de transacción con instrumentos financieros ni promociones financieras no solicitadas.
Cualquier contenido de terceros, así como el contenido preparado por XM, como por ejemplo opiniones, noticias, investigaciones, análisis, precios, otras informaciones o enlaces a sitios de terceros que figuran en este sitio web se proporcionan “tal cual”, como comentarios generales del mercado y no constituyen un asesoramiento en materia de inversión. En la medida en que cualquier contenido se interprete como investigación de inversión, usted debe tener en cuenta y aceptar que dicho contenido no fue concebido ni elaborado de acuerdo con los requisitos legales diseñados para promover la independencia en materia de investigación de inversiones y, por tanto, se considera como una comunicación comercial en virtud de las leyes y regulaciones pertinentes. Por favor, asegúrese de haber leído y comprendido nuestro Aviso sobre investigación de inversión no independiente y advertencia de riesgo en relación con la información anterior, al que se puede acceder aquí.