Palestinian activists’ mobile phones hacked using NSO spyware, says report
The mobile phones of six Palestinian human rights defenders who work for organisations that were recently – and controversially – accused by Israel of being terrorist groups were previously hacked by sophisticated spyware made by NSO Group, according to a report.
An investigation by Front Line Defenders (FLD), a Dublin-based human rights group, found that the mobile phones of Salah Hammouri, a Palestinian rights defender and lawyer whose Jerusalem residency status has been revoked, and five others were hacked using Pegasus, NSO’s signature spyware. In one case, the hacking was found to have occurred as far back as July 2020.
FLD’s findings were independently confirmed with “high confidence” by technical experts at Citizen Lab and Amnesty International’s security lab, the world’s leading authorities on such hacks.
The revelation is likely to provoke further criticism of Israel’s recent decision to accuse the six prominent Palestinian human rights groups of being terrorist organisations. UN human rights experts have called the designation a “frontal attack” on the Palestinian human rights movement and on human rights everywhere, and said it appeared to represent an abuse of the use of anti-terrorism legislation by Israeli authorities.
The Biden administration placed NSO on a US blacklist last week, a move that will make it exceedingly difficult for the Israeli company to buy any US-originating technology or services. The administration said it took the decision after it found evidence that the Israeli spyware maker had acted “contrary to the foreign policy and national security interests of the US”.
There is no technical evidence that confirms the state of Israel ordered the hacks of the six Palestinians, but each of the individuals work for organisations that have been targeted and accused of crimes by Israeli authorities. NSO has said it sells its spyware only to government clients for the purposes of fighting serious crime and terrorism, and the company is closely regulated by the Israeli ministry of defence.
A spokesperson for NSO Group said: “Due to contractual and national security considerations, we cannot confirm or deny the identity of our government customers. As we stated in the past, NSO Group does not operate the products itself; the company license approved government agencies to do so, and we are not privy to the details of individuals monitored.
“NSO Group develops critical technologies for the use of law enforcement and intelligence agencies around the world to defend the public from serious crime and terror. These technologies are vital for governments in the face of platforms used by criminals and terrorists to communicate uninterrupted.”
The Israeli government did not immediately respond to a request for comment by the Guardian.
The six groups are known to document allegations of human rights abuses by Israel and the Palestinian Authority. The six are Al-Haq, Addameer, Defense for Children International – Palestine, the Bisan Center for Research and Development, the Union of Palestinian Women’s Committees, and the Union of Agricultural Work Committees.
Three of the six activists who were hacked agreed to be identified. They are Hammouri, who is also a French national, Ubai Al-Aboudi, the executive director at the Bisan Center, who is also a US citizen, and Ghassan Halaika, a researcher for Al-Haq.
Ron Deibert, a Canadian professor and the head of Citizen Lab at the University of Toronto, noted that the group’s own forensic analysis showed that the hacking of the individuals had occurred prior to Israel’s designation of the groups as terrorist organisations.
Pegasus gives government operators complete control over a victim’s device, including being able to use microphones and cameras remotely.
“The possibility that a government operator could plant falsely incriminating data on a victim’s phone can also not be excluded, given this total control,” said Deibert.
The Israeli defence ministry has previously claimed that the six organisations were linked to the Popular Front for the Liberation of Palestine (PFLP), a secular political movement with an armed wing that has in the past carried out attacks against Israel.
The groups “were active under the cover of civil society organisations, but in practice belong and constitute an arm of the [PFLP] leadership, the main activity of which is the liberation of Palestine and destruction of Israel”, the ministry said.
FLD’s report was shared with Forbidden Stories, the French nonprofit that coordinated a recent investigation into NSO and the use of its Pegasus software by its government clients by a consortium of media outlets, including the Guardian.
FLD condemned the hacking of the individuals. It examined 75 phones and found six contained traces of malware specifically associated with Pegasus. FLD also claimed that the hacking of the Palestinians – some of whom are dual nationals – would have allowed authorities to spy on conversations between the individuals and others, including Israeli citizens who could also have been surveilled. FLD said any such surveillance, if it occurred, would be a breach of Israeli law.