Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development , Security Operations

NSO Group Spyware Reportedly Used by Israeli Police Force

Local Report Indicates 'Pegasus' Used on Government Protesters, Others
NSO Group Spyware Reportedly Used by Israeli Police Force
NSO Group - file image

Spyware from controversial Israeli software firm NSO Group was reportedly used by the nation's civilian police force, according to a new report from an Israeli business publication, Calcalist. The new findings allege that the Israeli police conducted warrantless phone taps on Israeli politicians and activists, among others.

See Also: New OnDemand | Cyber Risk Graph: Solving the Data Problem of Proactive Security

According to the report, NSO Group, which was sanctioned by the U.S. Department of Commerce in November 2021, provided its flagship spyware product, Pegasus, to the police force, which in turn allegedly monitored local mayors and protesters who criticized former Prime Minister Benjamin Netanyahu.

The report - which does not disclose sources - indicates that surveillance proceeded without court supervision or oversight on data use.

Both NSO Group and a spokesperson from the Israeli embassy to the U.S. did not immediately respond to Information Security Media Group's request for comment.

But a spokesperson for the Israel Police, who did not issue a blanket denial of any history with Pegasus, told Calcalist: "Israel Police acts according to the authority granted to it by law and when necessary according to court orders and within the rules and regulations set by the responsible bodies. The police's activity in this sector is under constant supervision and inspection of the Attorney General of Israel and additional external legal entities.

"Naturally, the police don't intend to comment on the tools it uses. Nevertheless, we will continue to act in a determined manner with all the means at our disposal, in the physical and online spaces, to fight crime … to protect the safety and property of the public."

Alleged Domestic Use

Claims of Pegasus being turned inward reportedly contradict remarks made by NSO Group leaders in July 2021. At that time, the firm came under fire after a consortium of journalists unearthed some 50,000 potential Pegasus targets. NSO Group - which has maintained that its products are used for lawful purposes - said last summer that its spyware does not affect Israelis or infiltrate U.S. phone lines.

Only the country's domestic intelligence agency, the Israel Security Agency, aka Shin Bet - and not its civilian police force - is reportedly authorized to carry out such operations, with proper court documentation. Means for doing so include combating specific terrorism threats, and a senior Shin Bet official would reportedly have to approve the activity.

The Jerusalem Post, in its reporting on the claims, says: "The astounding report, if true, blew gaping holes through a number of NSO, police and potentially state prosecution narratives about the proper balance between collecting evidence and respecting citizens' privacy rights and court protections from unlawful searches and seizures."

Calcalist reporter Tomer Ganon also took to Twitter to add: "Blatant and illegal intrusion of the privacy of citizens without court orders. This is not how a democracy works."

Pegasus Use?

Calcalist writes that one of the "problematic instances" includes tracking activists in "Black Flag" protests against the Netanyahu-led government while he was in office. Related protests began in 2020 amid lockdowns due to COVID-19.

The report alleges that "Israel police had remotely planted NSO's spyware in their phones, taking over their devices and [had] the ability to listen to all their calls and read all their messages." The publication says the order was given by "high-ranking police officers without a court warrant or the supervision of a judge." Calcalist says the operations were carried out by a special operations cyber unit called SIGINT.

Pegasus was also reportedly used by SIGINT to "search for evidence of bribery in the cellphone of [a] serving mayor," with collected evidence allegedly "whitewashed as intelligence." The report also outlines alleged use against "a person close to a senior politician" to further a corruption investigation. What's more, Calcalist contends that police investigators planted Pegasus on the phones of notable activists "who objected [to a Jerusalem pride] parade."

According to Calcalist's timeline, the Israel Police allegedly first acquired Pegasus from NSO Group in December 2013. It became "operational" under then-Police Commissioner Roni Alsheikh, who had previously served as deputy head of Shin Bet.

"The acquisition and use of Pegasus also meant that employees of the private NSO were exposed to highly sensitive and secret information held in police computers as part of the technical support the company provides to its clients," Calcalist alleges.

In a statement to the same outlet, however, NSO Group said: "We would like to clarify that the company doesn't operate the systems held by its clients and isn't involved in activating them. The company's employees aren't exposed to targets, aren't exposed to information about them, and aren't involved or exposed to our clients' operational activity or any information relating to the investigations conducted by clients.

"The company sells its products under license and supervision to be used by national security and law enforcement agencies to prevent crime and terror in a legal manner and according to court orders and the local law of each country."

Israeli Public Security Minister Omer Bar Lev also took to Twitter, asserting that the police force does not wiretap or hack devices without court approval, but was seeking additional information about the report.

Source: jorono/1035 images via Pixabay

'Must Cause a Serious Reaction'

Gil Naveh, a spokesperson for Amnesty International Israel, said of the news: "This important exposé, if accurate, must cause a serious reaction, both in Israel and around the world.

"We must not believe those who have insisted for years that Pegasus is strictly used against 'legitimate targets' outside of Israel. ... These revelations demonstrate yet again why there is an urgent need for commitment from governments to stop any forms of surveillance that breaches human rights and the need for a global moratorium on the export, sale, transfer and use of surveillance equipment until a robust human rights-compliant regulatory framework is in place. The entire cyber-surveillance industry must be under tighter scrutiny, and so too should all of the Israeli security industry."

In the wake of the report, several members of Knesset, the Israeli legislature, reportedly called for an inquiry into the matter, according to The Jerusalem Post.

U.S. Sanctions

In December, NSO Group's spyware was detected on at least nine iPhones belonging to U.S. State Department officials who are located in Uganda or whose work focuses on Uganda (see: Report: NSO Group Spyware Found on State Department Phones).

In November, the U.S. Department of Commerce added NSO Group to its Entity List for allegedly engaging in activities "contrary to the national security or foreign policy interests of the U.S." (see: US Commerce Department Blacklists Israeli Spyware Firms).


About the Author

Dan Gunderman

Dan Gunderman

Former News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covered governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or CSHub.com, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as NorthJersey.com, Patch.com and CheatSheet.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.