Palestinian activists’ mobile phones hacked using NSO spyware, says report

Investigation finds rights activists working for groups accused by Israel of being terrorist were previously targeted by NSO spyware

NSO has said it sells its Pegasus spyware only to government clients for the purposes of fighting serious crime. Photograph: Joel Saget/AFP/Getty

The mobile phones of six Palestinian human rights defenders, some of whom work for organisations that were recently – and controversially – accused by Israel of being terrorist groups, were previously hacked by sophisticated spyware made by NSO Group, according to a report.

An investigation by Front Line Defenders (FLD), a Dublin-based human rights group, found that the mobile phones of Salah Hammouri, a Palestinian rights defender and lawyer whose Jerusalem residency status has been revoked, and five others were hacked using Pegasus, NSO’s signature spyware. In one case, the hacking was found to have occurred as far back as July 2020.

FLD’s findings were independently confirmed with “high confidence” by technical experts at Citizen Lab and Amnesty International’s security lab, the world’s leading authorities on such hacks.

The revelation is likely to provoke further criticism of Israel’s recent decision to target Palestinian human rights activists. UN human rights experts have called the designation of the groups as terror organisations a “frontal attack” on the Palestinian human rights movement and on human rights everywhere, and said it appeared to represent an abuse of the use of anti-terrorism legislation by Israeli authorities.

Investigations by the Guardian and other media outlets have found multiple cases of governments using NSO spyware to target journalists and human rights advocates who are perceived as threats, often by autocratic regimes such as Saudi Arabia that have been sold the technology. Targets in the past have included the fiancee and wife of the murdered journalist Jamal Khashoggi, as well as Carine Kanimba, the daughter of the jailed Rwandan dissident Paul Rusesabagina. NSO has said it investigates all allegations of abuse and that its technology is meant to be used by governments to fight terrorism and other serious crimes.

The case of the six Palestinians also raises new questions about how Israel itself may use spyware to target critics of the government or others who are seen as threatening the country.

The Biden administration placed NSO on a US blacklist last week, a move that will make it exceedingly difficult for the Israeli company to buy any US-originating technology or services. The administration said it took the decision after it found evidence that the Israeli spyware maker had acted “contrary to the foreign policy and national security interests of the US”.

There is no technical evidence confirming that the state of Israel ordered the hacks of the six Palestinians, but three of the six individuals work for organisations that have been targeted and accused of crimes by Israeli authorities. NSO has said it sells its spyware only to government clients for the purposes of fighting serious crime and terrorism, and the company is closely regulated by the Israeli ministry of defence. 

A spokesperson for NSO Group said: “Due to contractual and national security considerations, we cannot confirm or deny the identity of our government customers. As we stated in the past, NSO Group does not operate the products itself; the company licence approved government agencies to do so, and we are not privy to the details of individuals monitored.

“NSO Group develops critical technologies for the use of law enforcement and intelligence agencies around the world to defend the public from serious crime and terror. These technologies are vital for governments in the face of platforms used by criminals and terrorists to communicate uninterrupted.”

The Israeli government did not immediately respond to a request for comment by the Guardian. The Israeli prime minister’s office and the defence ministry denied that Pegasus had been used to hack the Palestinians’ phones, according to the New York Times.

NSO building
A branch of NSO Group near the southern Israeli town of Sapir. The Biden administration placed NSO on a US blacklist last week. Photograph: Sebastian Scheiner/AP

The groups concerned are known to document allegations of human rights abuses by Israel and the Palestinian Authority. The six are Al-Haq, Addameer, Defense for Children International – Palestine, the Bisan Center for Research and Development, the Union of Palestinian Women’s Committees, and the Union of Agricultural Work Committees.

Three of the six activists who were hacked agreed to be identified. They are Hammouri, who is also a French national, Ubai Al-Aboudi, the executive director at the Bisan Center, who is also a US citizen, and Ghassan Halaika, a researcher for Al-Haq.

Ron Deibert, a Canadian professor and the head of Citizen Lab at the University of Toronto, noted that the group’s own forensic analysis showed that the hacking of the individuals had occurred prior to Israel’s designation of the groups as terrorist organisations.

Pegasus gives government operators complete control over a victim’s device, including being able to use microphones and cameras remotely. “The possibility that a government operator could plant falsely incriminating data on a victim’s phone can also not be excluded, given this total control,” said Deibert.

The Israeli defence ministry has previously claimed that the six organisations were linked to the Popular Front for the Liberation of Palestine (PFLP), a secular political movement with an armed wing that has in the past carried out attacks against Israel.

The groups “were active under the cover of civil society organisations, but in practice belong and constitute an arm of the [PFLP] leadership, the main activity of which is the liberation of Palestine and destruction of Israel”, the ministry said.

FLD’s report was shared with Forbidden Stories, the French nonprofit that coordinated a recent investigation into NSO and the use of its Pegasus software by its government clients by a consortium of media outlets, including the Guardian.

FLD condemned the hacking of individuals. It examined 75 phones and found that six contained traces of malware specifically associated with Pegasus. FLD also claimed that the hacking of the Palestinians – some of whom are dual nationals – would have allowed authorities to spy on conversations between the individuals and others, including Israeli citizens, who could also have been surveilled. FLD said any such surveillance if it occurred, would be a breach of Israeli law.

All Rights Reserved for Stephanie Kirchgaessner and Michael Safi

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.