NSO group faces new backlash after helping Bahrain’s repressive government hack iPhones of politicians and activists
A new Citizen Lab report revealed that the controversial NSO group provided surveillance tools to the still repressive Bahraini government between June 2020 and February 2021.
The company has faced a backlash since it was revealed that it was helping dozens of organizations spy on world leaders, activists, journalists and others using Pegasus spyware. .
The latest Citizen Lab report – authored by Ali Abdulemam, Noura Al-Jizawi, Bill Marczak, Siena Anstis, Kristin Berdan, John Scott-Railton and Ron Deibert – indicates that nine activists in Bahrain saw their iPhones hacked with spyware from NSO Group, and some have been attacked through clickless iMessage exploits.
The KISMET 2020 exploit and the FORCEDENTRY 2021 exploit were used by the Bahraini government to hack the phones of local human rights activists, political groups, a politician and even Bahraini dissidents living in London.
âAt least four of the activists have been hacked by LULU, a Pegasus operator whom we attribute with great confidence to the government of Bahrain, a well-known spyware abuser. One of the activists was hacked in 2020 hours after revealing in an interview that their phone was hacked with Pegasus in 2019, âthe report’s authors said.
âTwo of the hacked activists now reside in London, and at least one was in London when they were hacked. In our research, we never saw the Bahraini government spying on Bahrain and Qatar using Pegasus, never in Europe.”
The report notes that the activist in London may have been hacked by another Pegasus operator who then passed the information on to the Bahraini government.
Citizen Lab coordinated with Forbidden stories – the organization that exposed NSO Group’s work – and confirmed that at least five of the devices hacked by the Bahraini government were on Project Pegasus’ list of potential targets for NSO Group customers.
Bahrain is a dictatorship that has long crushed dissent and rolled out draconian measures to control public debate online, blackmail government opponents, torture activists and commit other human rights violations.
The report notes that other Western tech companies have in the past faced backlash for helping the Bahraini government censor the internet, disrupt protests, and monitor opponents both in Bahrain and abroad. .
Canadian company Netsweeper is used by Bahrain to block numerous websites for Bahraini citizens and the Home Office Cybercrime Unit, alongside other government weapons, bought spyware from FinFisher, Verint Systems , Cellebrite, Hacking Team, Trovicor GmbH and NSO Group, according to the report.
Citizen Lab researchers found that the Bahraini government first purchased Pegasus spyware in 2017 and started using it in Bahrain and Qatar.
The organization saw an increase in the use of Pegasus in July 2020 and coordinated with government targets to analyze how they were targeted and how their phones were hacked.
Moosa Abd-Ali and Yusuf Al-Jamri, two Bahraini activists living outside Bahrain, agreed to be named in the report, but the others whose phones were hacked only wanted to be identified by organizations for which they were working.
Abd-Ali stood out in the report because he had previously sued FinFisher after Bahraini officials used the company’s spyware to hack his computer in 2011. His iPhone 8 was hacked before September 2020.
The report explains that officials have tried numerous ways to hack the phones, even using fake DHL package tracking notifications that Citizen Lab traced to a Bahraini government operator of Pegasus. Sometimes government operators would use the zero click exploit and in other cases it took one or two clicks on links to infect a device with spyware.
âWe noted that all three of these domains were hosted on shared web hosting providers. In other words, the IP addresses they were pointing to also had dozens of other harmless domains pointing to them. In previous iterations. of NSO Group’s Pegasus infrastructure, each domain name pointed to a separate IP address, âthe researchers found.
The government has taken extreme measures to curb dissent and diminish the influence of activists or protest leaders for decades, but efforts have taken a technological turn in recent years, especially since the start of the Arab Spring protests around 2010. The government violently cracked down on the nascent protest movement. in 2011, arresting and torturing hundreds of Bahrainis.
Citizen Lab has been monitoring government spyware usage for years, tracking their usage of ProxySG devices and PacketShaper devices as well as internet filtering technology produced by Netsweeper, Inc.
The government eventually bought spyware tools from the former subsidiary of Nokia Siemens Networks Trovicor GmbH in 2011, according to Bloomberg.
In one notable case, the government used spyware from FinFisher, a British and German company, to blackmail a well-known Bahraini lawyer. Government officials hacked into his computer and then sent him a CD threatening to post an intimate video of himself and his wife if he didn’t stop defending human rights activists. The video had been obtained thanks to a hidden camera which had been secretly planted in his house.
The government eventually released the video to the public after the lawyer refused to back down.
Members of the government have also been accused of using other tools to de-anonymize pseudonymous Twitter accounts critical of the government.
Researchers behind the report said it showed the NSO Group’s repeated claims of innocence and human rights work run counter to the reality that their tools are being used by dictatorships. .
âDespite half a decade of being involved in human rights abuses, NSO Group consistently asserts that it is, in fact, committed to protecting human rights. However, this alleged concern is contradicted by a growing mountain of evidence that its spyware is being used by authoritarian regimes against human rights activists, journalists and other members of civil society, âthe report said.
âWhile NSO Group regularly attempts to discredit reports of abuse, its client list includes many notorious abuses of surveillance technology. products such as Trovicor, FinFisher, Cellebrite and, now, NSO Group. “
The researchers called the Bahraini government’s abuse of the spyware “predictable” and said it was “gross negligence in the name of profit” on the part of the NSO group to sell the tool to a government with Bahrain’s record on human rights.
While the report says that victims of the hack may have been able to protect their devices by turning off iMessage and FaceTime, it notes that the NSO group has found other ways to spread malware through other messaging apps like WhatsApp. .
Experts like Paul Bischoff, privacy advocate for Comparitech, said the report was further evidence that there was no real legitimate use of NSO Group malware.
âThese authorities wouldn’t have the same espionage capabilities without NSO Group,â Bischoff told ZDNet.
“We should immediately declare an international moratorium on private sales of spyware.”