www.cnet.com
Open in
urlscan Pro
2a04:4e42:4d::666
Public Scan
Submitted URL: https://t.co/qMAwN6CAIQ
Effective URL: https://www.cnet.com/tech/mobile/pegasus-spyware-on-state-department-phones-what-you-need-to-know/
Submission: On December 04 via api from US — Scanned from DE
Effective URL: https://www.cnet.com/tech/mobile/pegasus-spyware-on-state-department-phones-what-you-need-to-know/
Submission: On December 04 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
GET /search/
<form class="smartSearch_form" method="get" action="/search/"
data-auto-suggest-options="{"url":"\/smartsearch\/xhr\/","selectorMenu":".searchResults","selectorSuggestions":".searchResults_imgResults a, .searchResults_linkResults a","clickable":true}"
data-component="["formTrim","autoSuggest"]" section="brand_nav|top" data-searchtracking="null">
<input data-search-input="null" class="smartSearch_formInput" type="search" placeholder="Search" name="query" value="" autocomplete="off"><button class="smartSearch_button" type="submit">
<div class="button button_type_secondary button_size_medium "><span data-item="buttonText">Go</span></div>
</button>
</form>/email/subscribe-validate/send/?ecode=e798
<form class="newsletter-form" action="/email/subscribe-validate/send/?ecode=e798" data-newsletter="1013568" data-component="newsletterAjax"
data-newsletter-ajax-options="{"messageThankYou":"<span class=\u0022thanksHed\u0022>Thanks for signing up!<\/span>","tracking":"reengage-nl-sub-1013568"}" novalidate="novalidate">
<input type="hidden" name="appId" value="431">
<div class="fields">
<div class="form-input">
<label for="newsletterSubscribe_email">
<input type="email" id="newsletter_subscribe_email" name="newsletter_subscribe[email]" required="required" data-validate="["email","mailcheck"]" placeholder="Add your email" class=" js-bound">
</label>
</div>
<div class="cnetInsiderCheckbox">
<span class="checkboxContainer"><input type="checkbox" id="newsletter_subscribe_checkboxOptionalSignup" name="newsletter_subscribe[checkboxOptionalSignup]" checked="checked" value="1"></span>
<span class="checkboxTerms">Yes, I also want to receive the CNET Insider newsletter, keeping me up to date with all things CNET.</span>
</div>
<div class="row">
<button class="col-2 button button_type_secondary button_size_medium" type="submit" data-follow-topic="null">
<span data-item="buttonText">Sign Me Up!</span>
</button>
<div class="col-5 signUpTerms">
<p>By signing up, you agree to our <a href="https://redventures.com/CMG-terms-of-use.html" target="_blank">Terms of Use</a> and acknowledge the data practices in our
<a href="https://redventures.com/privacy-policy.html" target="_blank">Privacy Policy</a>. You may unsubscribe at any time.</p>
</div>
</div>
<input type="hidden" id="newsletter_subscribe_grp" name="newsletter_subscribe[grp]" value="1013568">
<input type="hidden" id="newsletter_subscribe__token" name="newsletter_subscribe[_token]" value="dqx1zNSiQYkOgmPsZ8zAwKQWO6ukutZAZoeJOTzCFc0">
</div>
</form>Text Content
Free COVID at-home test kits Omicron vs. delta New Google Maps features Jack
Reacher trailer Walmart PS5 and Xbox Series X restock Cyber Week deals
TECH
TECH
Hi,
Settings
My Profile Sign Out
Join / Sign In
Editions
Editions
English France Germany Japan Korea
Search
Go
Featured Mobile Computing Gaming Home Entertainment Services & Software
PEGASUS SPYWARE ON STATE DEPARTMENT PHONES: WHAT YOU NEED TO KNOW
Software that targeted activists, journalists and executives was reportedly
found on US government phones, too. Apple sued NSO Group, its Israeli maker.
Stephen Shankland
Dec. 3, 2021 5:01 p.m. PT
Listen
- 10:40
* *
*
*
*
Angela Lang/CNET
It's a doozy of a case in digital spying. Security researchers have revealed
evidence of attempted or successful installations of Pegasus, software made by
Israel-based cybersecurity company NSO Group, on 37 phones belonging to
activists, rights workers, journalists and businesspeople. They appear to have
been targets of secret surveillance by software that's intended to help
governments pursue criminals and terrorists.
One of the most powerful objections to Pegasus came from the US government, and
now one reason for the wrath could have emerged Friday: The spyware was found on
the phones of at least nine State Department employees whom Apple notified about
the hack, Reuters reported. The officials were either based in Uganda or
involved in matters associated with the African country, but it's unclear who
hacked the phones, the report said, citing unnamed sources. The New York Times
corroborated the report, saying at least 11 employees were affected.
GET THE CNET APPLE REPORT NEWSLETTER
Receive the latest news and reviews on Apple products, iOS updates and more.
Delivered Fridays.
Yes, I also want to receive the CNET Insider newsletter, keeping me up to date
with all things CNET.
Sign Me Up!
By signing up, you agree to our Terms of Use and acknowledge the data practices
in our Privacy Policy. You may unsubscribe at any time.
Pegasus has been a politically explosive issue that's put Israel under pressure
from activists and from governments worried about misuse of the software. In
November, the US federal government took much stronger action, blocking sale of
US technology to NSO by putting the company on the government's Entity List. NSO
has suspended some countries' Pegasus privileges but has sought to defend its
software and controls it tries to place on its use.
Apple sued NSO Group in November, seeking to bar the company's software from
being used on Apple devices, require NSO to locate and delete any private data
its app collected, and disclose the profits from the operations. "Private
companies developing state-sponsored spyware have become even more dangerous,"
said Apple software chief Craig Federighi.
The phones were on an activist organization's list of more than 50,000 phone
numbers for politicians, judges, lawyers, teachers and others. Also on that list
are 10 prime ministers, three presidents and a king, according to an
international investigation released in mid-July by The Washington Post and
other media outlets, though there's no proof that being on the list means an
attack was attempted or successful.
Pegasus is the latest example of how vulnerable we all are to digital prying.
Our phones store our most personal information, including photos, text messages
and emails. Spyware can reveal directly what's going on in our lives, bypassing
the encryption that protects data sent over the internet.
The 50,000 phone numbers are connected to phones around the world, though NSO
disputes the link between the list and actual phones targeted by Pegasus. The
devices of dozens of people close to Mexican President Andrés Manuel López
Obrador were on the list, as were those belonging to reporters at CNN, the
Associated Press, The New York Times and The Wall Street Journal. Several phones
on the list, including one belonging to Claude Mangin, the French wife of a
political activist jailed in Morocco, were infected or attacked. Other cases of
Pegasus infection have emerged since the initial revelations.
Here's what you need to know about Pegasus.
WHAT IS NSO GROUP?
It's a company that licenses surveillance software to government agencies. The
company says its Pegasus software provides a valuable service because encryption
technology has allowed criminals and terrorists to go "dark." The software runs
secretly on smartphones, shedding light on what their owners are doing. Other
companies provide similar software.
Chief Executive Shalev Hulio co-founded the company in 2010. NSO also offers
other tools that locate where a phone is being used, defend against drones and
mine law enforcement data to spot patterns.
NSO has been implicated by previous reports and lawsuits in other hacks,
including a reported hack of Amazon founder Jeff Bezos in 2018. A Saudi
dissident sued the company in 2018 for its alleged role in hacking a device
belonging to journalist Jamal Khashoggi, who had been murdered inside the Saudi
embassy in Turkey that year.
WHAT IS PEGASUS?
Pegasus is NSO's best-known product. It can be installed remotely without a
surveillance target ever having to open a document or website link, according to
The Washington Post. Pegasus reveals all to the NSO customers who control it --
text messages, photos, emails, videos, contact lists -- and can record phone
calls. It can also secretly turn on a phone's microphone and cameras to create
new recordings, The Washington Post said.
General security practices like updating your software and using two-factor
authentication can help keep mainstream hackers at bay, but protection is really
hard when expert, well-funded attackers concentrate their resources on an
individual.
Pegasus isn't supposed to be used to go after activists, journalists and
politicians. "NSO Group licenses its products only to government intelligence
and law enforcement agencies for the sole purpose of preventing and
investigating terror and serious crime," the company says on its website. "Our
vetting process goes beyond legal and regulatory requirements to ensure the
lawful use of our technology as designed."
Human rights group Amnesty International, however, documents in detail how it
traced compromised smartphones to NSO Group. Citizen Lab, a Canadian security
organization at the University of Toronto, said it independently validated
Amnesty International's conclusions after examining phone backup data.
In September, though, Apple fixed a security hole that Pegasus exploited for
installation on iPhones. Malware often uses collections of such vulnerabilities
to gain a foothold on a device and then expand privileges to become more
powerful. NSO Group's software also runs on Android phones.
SECURITY CHECKUP
* 7 things data privacy experts wish you knew about app security
* Browser privacy settings you need to change right away: Chrome, Firefox and
more
* Top US Catholic church official resigns amid link to brokered cellphone data
* Venmo settings to change ASAP: Start by making your transactions private
WHY IS PEGASUS IN THE NEWS?
Forbidden Stories, a Paris journalism nonprofit, and Amnesty International, a
human rights group, shared with 17 news organizations a list of more than 50,000
phone numbers for people believed to be of interest to NSO customers.
The news sites confirmed the identities of many of the individuals on the list
and infections on their phones. Of data from 67 phones on the list, 37 exhibited
signs of Pegasus installation or attempted installation, according to The
Washington Post. Of those 37 phones, 34 were Apple iPhones.
The list of 50,000 phone numbers includes French President Emmanuel Macron,
Iraqi President Barham Salih and South African President Cyril Ramaphosa. Also
on it are seven former prime ministers and three current ones, Pakistan's Imran
Khan, Egypt's Mostafa Madbouly and Morocco's Saad-Eddine El Othmani. King
Mohammed VI of Morocco also is on the list.
The episode hasn't helped Apple's reputation when it comes to device security.
"We take any attack on our users very seriously," Federighi said. The company
said it'll donate $10 million and any damages from the lawsuit to organizations
that are advocating for privacy and are pursuing research on online
surveillance. That's a drop in the bucket for Apple, which reported a profit of
$20.5 billion for its most recent quarter, but it can be significant for much
smaller organizations, like Citizen Lab.
WHOSE PHONES DID PEGASUS INFECT?
In addition to Mangin, two journalists at Hungarian investigative outlet
Direkt36 had infected phones, The Guardian reported.
A Pegasus attack was launched on the phone of Hanan Elatr, wife of murdered
Saudi columnist Jamal Khashoggi, The Washington Post said, though it wasn't
clear if the attack succeeded. But the spyware did make it onto the phone of
Khashoggi's fiancee, Hatice Cengiz, shortly after his death.
Seven people in India were found with infected phones, including five
journalists and one adviser to the opposition party critical of Prime Minister
Narendra Modi, The Washington Post said.
And six people working for Palestinian human rights groups had Pegasus-infected
phones, Citizen Lab reported in November,
WHAT ARE THE CONSEQUENCES OF THE PEGASUS SITUATION?
The US cut off NSO Group as a customer of US products, a serious move given that
the company needs computer processors, phones and developer tools that often
come from US companies. NSO "supplied spyware to foreign governments" that used
it to maliciously target government officials, journalists, businesspeople,
activists, academics and embassy workers. These tools have also enabled foreign
governments to conduct transnational repression," the Commerce Department said.
Macron changed one of his mobile phone numbers and requested new security
checks, Politico reported. He convened a national security meeting to discuss
the issue. Macron also raised Pegasus concerns with Israeli Prime Minister
Naftali Bennett, calling for the country to investigate NSO and Pegasus, The
Guardian reported. The Israeli government must approve export licenses for
Pegasus.
Israel created a review commission to look into the Pegasus situation. And on
July 28, Israeli defense authorities inspected NSO offices in person.
European Commission chief Ursula von der Leyen said if the allegations are
verified, that Pegasus use is "completely unacceptable." She added, "Freedom of
media, free press is one of the core values of the EU."
The Nationalist Congress Party in India demanded an investigation of Pegasus
use.
Edward Snowden, who in 2013 leaked information about US National Security Agency
surveillance practices, called for a ban on spyware sales in an interview with
The Guardian. He argued that such tools otherwise will soon be used to spy on
millions of people. "When we're talking about something like an iPhone, they're
all running the same software around the world. So if they find a way to hack
one iPhone, they've found a way to hack all of them," Snowden said.
WHAT DOES NSO HAVE TO SAY ABOUT THIS?
NSO acknowledges its software can be misused. It cut off two customers in recent
12 months because of concerns about human rights abuses, according to The
Washington Post. "To date, NSO has rejected over US $300 million in sales
opportunities as a result of its human rights review processes," the company
said in a June transparency report.
However, NSO strongly challenges any link to the list of phone numbers. "There
is no link between the 50,000 numbers to NSO Group or Pegasus," the company said
in a statement.
"Every allegation about misuse of the system is concerning me," Hulio told the
Post. "It violates the trust that we give customers. We are investigating every
allegation."
In a statement, NSO denied "false claims" about Pegasus that it said were "based
on misleading interpretation of leaked data." Pegasus "cannot be used to conduct
cybersurveillance within the United States," the company added.
Regarding the alleged infection of State Department phones, NSO Group didn't
immediately respond to a request for comment. But it told Reuters it canceled
relevant accounts, is investigating, and will take legal action if it finds
misuse.
NSO will try to reverse the US government's sanction. "We look forward to
presenting the full information regarding how we have the world's most rigorous
compliance and human rights programs that are based the American values we
deeply share, which already resulted in multiple terminations of contacts with
government agencies that misused our products," an NSO spokesperson said.
In the past, NSO had also blocked Saudi Arabia, Dubai in the United Arab
Emirates and some Mexican government agencies from using the software, The
Washington Post reported.
HOW CAN I TELL IF MY PHONE HAS BEEN INFECTED?
Amnesty International released an open-source utility called MVT (Mobile
Verification Toolkit) that's designed to detect traces of Pegasus. The software
runs on a personal computer and analyzes data including backup files exported
from an iPhone or Android phone.
First published on July 19, 2021 at 5:33 p.m. PT.
Mobile Cybersecurity Government surveillance software
Notification on
Notification off
Apple
x
player version3.2.1playback state1duration20current time4.00buffer
length0.00average dropped (fps)0.00
Replay video Large play-pause toggle
Soundbars: What to know before you buy 00:04 00:20 Live Settings
Play Sound
Learn More
MORE FROM CNET
iPhone 13
4th stimulus check status
Best VPN service of 2021
The best Wi-Fi routers for 2021
Windows 10 tips and tricks
About
About CNET
Newsletter
Sitemap
Careers
Help Center
Licensing
Policies
Privacy Policy
Terms of Use
Cookie Settings
Do Not Sell My Information
Follow
© 2021 CNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED.
Cookie Settings
PRIVACY SETTINGS
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer. More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
BACK BUTTON BACK
Vendor Search Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
* 33ACROSS
HOST DESCRIPTION
VIEW COOKIES
* Name
cookie name
* 33ACROSS
View Privacy Notice
Confirm My Choices