Spyware Maker NSO Won Cellphone Hack of the Year But No One Picked Up the Award
source link: https://www.vice.com/en/article/jgp5jx/spyware-maker-nso-won-cellphone-hack-of-the-year-but-no-one-picked-up-the-award
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Spyware Maker NSO Won Cellphone Hack of the Year But No One Picked Up the Award
Spyware Maker NSO Won Cellphone Hack of the Year But No One Picked Up the Award
The controversial spyware maker NSO Group won an award at one of the biggest cybersecurity conferences in the world for an iPhone exploit that allegedly allowed their customers to hack dozens of dissidents and journalists all over the world.
Every year, security researchers give out the Pwnie Awards—a play on the word “pwn,” a variation of the world “own,” which is used to indicate somebody getting hacked. The ceremony is a jovial, tongue-in-cheek celebration of the best and worst hacks, and the worst company responses of the year.
This year, NSO Group was nominated for the Best Mobile Bug, for the exploit known as Forced Entry, an iPhone exploit that didn’t require any interaction from the victim, meaning targets could get hacked without realizing anything happened. Security researchers praised the technical sophistication of the exploit, calling it “mind-bending,” a bug that “goes into ‘holy smokes, what?!’ area,” with “several truly beautiful aspects,” and “absolutely stunning.”
“I didn’t even know that we were nominated,” Shalev Hulio, one of the founders of NSO Group, told Motherboard in an online chat.
When Motherboard told him that the reward was a cute little pony, he said: “Ah nice :)”
When one of the Pwnie Awards organizers Sophia D’Antoine announced the prize, she asked if anyone from NSO was present to pick it up, or if anyone else would pick it up on behalf of NSO. No one from the attendees came to pick up the prize.
Do you work for NSO Group or another lawful intercept company? Or do you have information cases of government spyware abuse? We’d love to hear from you. From a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected]
John Scott-Railton, a senior researcher at Citizen Lab, a digital rights watchdog housed at the University of Toronto's Munk School that has investigated companies NSO Group for years said that the award should actually go to “Loujain al-Hathloul, the Saudi women's rights activist who bravely came forward to be checked.”
NSO Group is the second government spyware vendor to win a Pwnie Award, after the now-defunct Hacking Team won the “Epic 0wnage” award in 2015 for the devastating hack that the company suffered at the hands of the vigilante hacker Phineas Fisher.
Apple Announces 'Extreme' Privacy Mode for Targets of Government Spyware
In an attempt to protect its most vulnerable users, Apple has announced an upcoming feature designed to thwart hacking attempts from government malware. Apple’s announcement specifically called malware created by the Israeli spyware firm NSO Group, which was recently caught spying on dozens of journalists, government officials, and dissidents..
The new feature is called “Lockdown Mode” and Apple described it as “extreme” and “groundbreaking” security capability in its press release published on Wednesday.
“Lockdown Mode—the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura—is an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security,” Apple wrote in the announcement.
A screenshot of the upcoming Lockdown Mode for iPhones.
An Apple spokesperson told Motherboard that some of the features in Lockdown Mode could not previously be manually turned on by a user.
Apple also announced a new category in its bug bounty program. If researchers find bypasses to Lockdown Mode, they could be eligible for a reward of up to $2 million. The company is also offering a grant of $10 million to “to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware.”
Cybersecurity experts with experience investigating cases where governments have used spyware made by companies such as NSO Group or the now-defunct Hacking Team praised Apple’s new feature.
A screenshot that shows Lockdown Mode running on an iPhone with iOS 16 beta.
“We have story after story and report after report which shows that NSO Group has compromised tens of thousands of iPhones. This makes up a very small percentage of their users, but they are also some of their most vulnerable and/or their most influential,” Eva Galperin, director of cybersecurity at activist organization the Electronic Frontier Foundation,director of cybersecurity at activist organization the Electronic Frontier Foundation,, told Motherboard in an online chat. “I am guessing that people will ask why this level of protection will not be made standard for every iPhone user and the answer to that is that this protection comes at the expense of usability. For most people, this is simply not a worthwhile tradeoff. If you think you're likely to be targeted by Pegasus, the calculus is suddenly very different, and the tradeoff may be worthwhile.”
Do you have information about government malware vendors? Or cases of spyware abuse? We’d love to hear from you. From a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected]
John Scott-Railton, a senior researcher at Citizen Lab, a digital rights watchdog housed at the University of Toronto's Munk School, said that this is something people had been asking for a long time to protect high-risk users.
“It’s a radical reduction in the threat surface for whole categories of attacks. It’s a pretty promising step forward,” Scott-Railton said in a phone call. “The things that Apple is pairing off are some of the places we know exploit devs and mercenary spyware companies were using to get malware onto devices and do zero-day attacks.”
Joseph Cox contributed reporting.
Woman Tells Congress What It’s Like to Be Hacked by NSO’s Pegasus
On June 14 of last year, the daughter of Paul Rusesabagina, a former hotel manager credited with saving hundreds of lives during the genocide in Rwanda who is now in prison in the country, met with the Belgian foreign affairs minister to discuss her father’s situation. On the same day, her phone was hacked using tools made by spyware vendor NSO Group, according to forensic analysis of her phone.
On Wednesday, the daughter, whose name is Carine Kanimba, testified in front of Congress in a hearing on the threat of the proliferation of commercial spyware made by companies like NSO Group. In front of the House Permanent Select Committee on Intelligence committee, Kanimba shared her experience as the victim of sophisticated government spyware.
“I was mortified, and I am terrified,” Kanimba said.
Kanimba said she believes NSO Group’s spyware was used by the Rwandan government to keep an eye on her and her family’s efforts to secure the release of her father, who in 2020 was abducted in Dubai and later convicted in Rwanda on terrorism charges. Kanimba explained the psychological pain she’s suffered because of the surveillance.
“I am frightened by what the Rwandan government will do to me and my family next,” she said. “It keeps me awake that they knew everything I was doing, where I was, who I was speaking with, my private thoughts, and actions at any moment they wanted.”
Even now that her case is public, Kanimba said the Rwandan government could still “reinfect” her phone.
“So I still do not feel safe,” she said. “On a personal level, I am a 29-year-old woman and I use my phone quite often, not only in the efforts to secure my father's release, but in my social, my private conversations with my friends. And the fact that the same government that tortured my father, that is holding him hostage, and that has been trying to silence him from all these years, now also has access to my private messages and my conversations and my location—it is very, very scary.”
Do you have information similar cases of government spyware abuse? We’d love to hear from you. From a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected]
Kanimba is one of dozens of victims who were hacked with NSO Group’s spyware and have been identified as part of the Pegasus Project, an investigative effort conducted by Amnesty International and a group of media partners including the Guardian and The Washington Post.
Activist groups such as Amnesty International and Citizen Lab have for years been detailing cases where governments around the world have allegedly used spyware made by companies like NSO Group or the now-defunct Hacking Team to target human rights defenders and journalists.
In the last year, the US government has taken steps to address these abuses.
In November of last year, the Commerce Department put NSO Group and Candiru, another Israeli spyware maker, on a list that bars American companies or individuals from selling or providing services to them. Then in February of this year, the Department of Justice indicted a Mexican citizen who used to work as a reseller of Hacking Team’s spyware in the country. The citizen, Carlos Guerrero, pleaded guilty to selling the hacking tools to government clients knowing that they “could and likely would” use it for “political purposes, not just for law enforcement purposes.”
According to experts, as well as a source with knowledge of that investigation, this case may be the beginning of a larger effort by the U.S. government to curb the use of commercial spyware by foreign countries.
“Thank you for letting me share my story and the story of my father Paul Rusesabagina,” Kanimba said at the end of her introductory statement during the hearing. “I hope that you find it useful in considering how to regulate the type of tools used to target my family, and my father.
Researchers Find Vulnerability in Software Underlying Discord, Microsoft Teams, and Other Apps
A group of security researchers found a series of vulnerabilities in the software underlying popular apps like Discord, Microsoft Teams, Spotify and many others, which are used by tens of millions of people all over the world.
In all these cases, the researchers submitted vulnerabilities to Electron to get them fixed, which earned them more than $10,000 in rewards. The bugs were fixed before the researchers published their research.
Aaditya Purani, one of the researchers who found these vulnerabilities, said that “regular users should know that the Electron apps are not the same as their day-to-day browsers,” meaning they are potentially more vulnerable.
In the case of Discord, the bug Purani and his colleagues found only required them to send a malicious link to a video. With Microsoft Teams, the bug they found could be exploited by inviting a victim to a meeting. In both cases, if the targets clicked on these links, hackers would have been able to take control of their computers, Purani explained in the talk.
In an interview with Motherboard after the talk, he admitted that he doesn’t run Electron apps, instead opting for using apps like Discord or Spotify inside his browser, which is more hardened against hackers.
“If you are more paranoid, I recommend using the website itself because then you have the protection which Chromium has, which is much larger than the Electron,” Purani said.
Still, Purani said that it’s a good thing to have Electron underlie so many apps because “if you have just one framework, which is running all the apps, then you can just focus on hardening that same framework.”
For him, one of the main takeaways of their research is that Electron is risky precisely because users are very likely to click on links shared in Discord or Microsoft Teams.
“Don't click on shady links,” Purani said.
The US Crackdown on Spyware Vendors Is Only Beginning
On Tuesday, the Department of Justice announced that a Mexican businessman had pleaded guilty to conspiring to sell surveillance and hacking tools made by Hacking Team, a notorious spyware vendor that is now defunct.
The case, according to experts, shows that the U.S. government is willing to go after individuals who acted as middlemen between well-known international spyware vendors and foreign countries like Mexico, signaling a potential escalation in the U.S. government’s crackdown on spyware vendors.
In its press release, U.S. authorities made it clear that this case wasn’t just about Guerrero.
“Today’s guilty plea helps stem the proliferation of digital tools used for repression and advances the digital security of both U.S. and Mexican citizens,” U.S. Attorney Randy Grossman is quoted as saying.
“I bet a few spyware distributors will have a terrible sleep tonight, and think twice before flying to the U.S. any time soon.”
In the plea agreement, Carlos Guerrero, who was the head of a company that distributed surveillance technology called Elite by Carga, admitted that he sold Hacking Team spyware knowing that the Mexican authorities who were purchasing it “could and likely would” use it for “political purposes, not just for law enforcement purposes.”
The agreement cites a few cases in particular. In one, Guerrero and his employee Daniel Moreno helped the mayor of a town in the state of Morelos to hack a political rival and access their Twitter, Hotmail, and iCloud accounts. In another case in December 2015, Guerrero and one of his employees used “an interception device” to wiretap the phone calls of “a business competitor.” And in another instance in February 2017, “one or more Elite by Carga employees agreed to hack the phone and email account of a Florida- based sales representative of a large Mexican business in exchange for an approximately $25,000 payment from the Mexican business.”
A screenshot of the plea agreement between Carlos Guerrero and the US government.
The plea agreement doesn’t include more details about the two cases.
Guerrero’s lawyer did not immediately respond to a request for comment and a spokesperson for the U.S. Attorney’s Office of the Southern District of California, which prosecuted the case, declined to comment, saying “that’s all the information that is publicly available at this time.”
But a person with knowledge of the case, who asked to remain anonymous as they were not authorized to speak to the press, told Motherboard that the investigation is still ongoing and there will be more developments in the next few months.
John Scott-Railton, a senior researcher at the Citizen Lab, a digital rights watchdog housed at the University of Toronto's Munk School that has investigated companies like Hacking Team and Israeli spyware vendor NSO Group for years, told Motherboard that he was pleased with the news, and that this case “sends another signal” that the U.S. government is very interested “in mercenary spyware abuses.”
“Clearly, they have a long memory,” he said in an online chat. “I bet a few spyware distributors will have a terrible sleep tonight, and think twice before flying to the U.S. any time soon.”
Do you have more information about this case? Or similar cases of spyware abuse? We’d love to hear from you. From a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email [email protected]
The indictment of Guerrero, according to Scott-Railton and another researcher who has been investigating surveillance in Mexico, is yet another case that shows abuses in the country were rampant.
“It also helps cement our understanding of Mexican spyware customers as serial abusers. Nobody should be selling them spyware right now,” Scott-Railton said.
“The acquisition and use of surveillance tech by mexican authorities is out of control, full of corruption, abuse and impunity,” Luis Fernando García, the director of Red en Defensa de los Derechos Digitales (R3D), a Mexican digital rights organization, said in an online chat. “Although I can’t speculate on what the USG motives or strategy is, certainly any actions by the US justice system that hold vendors and abusers accountable are very welcomed.”
According to Mexican news outlet El Punto Norte, Guerrero and his government contacts were investigated in the country as well, but the inquiry was closed.
Guerrero’s case comes months after the US government announced that it had added NSO to a list of companies that are restricted from purchasing products and services from US companies, effectively making it hard for them to procure crucial equipment and technology. More recently, a European watchdog suggested that European governments should halt the development and purchase of any technology like the spyware developed by NSO.
Guerrero is out of jail awaiting the sentencing hearing, which is scheduled for May 13.
Aggregate valuable and interesting links.
Joyk means Joy of geeK