Spyware from the NSO group was used to hack US State Department phones

Spyware from the NSO group was used to hack US State Department phones

The State Department investigation is a sign that the thriving market for hacking tools sold by private firms is increasingly a threat to not just human rights, but also US national security. The Commerce Department last month blacklisted NSO Group and another Israeli spyware firm, Candiru, accusing the companies of providing spyware to foreign governments that “used these tools to maliciously target” journalists, embassy workers and activists. NSO Group’s main spyware product, known as Pegasus, is capable of remotely infecting mobile phones and eavesdropping on calls or text messages, according to security researchers.

Washington, D.C. (CNN) According to a senior US official involved with the inquiry and another source familiar with the case, the iPhones of approximately a dozen US State Department officials serving in Africa were hacked with spyware manufactured by Israeli technology firm NSO Group in recent months. According to a US official, the State Department is investigating who had access to the compromised materials on these phones and how the attack occurred. The official speculated that the scenario may have arisen as a result of US staff receiving new iPhones and the Pegasus spyware software remained on the devices even after they were wiped clean.

Highlights

  • Apple and other US tech firms have been ramping up pressure on NSO Group for alleged human rights and privacy abuses — allegations the firm denies. Apple sued NSO Group last month for allegedly violating a federal anti-hacking law by selling Pegasus to clients, who allegedly used the software to spy on Apple customers. In a statement then, NSO Group did not address the lawsuit directly but said that the firm provides “lawful tools” to fight terrorists and criminals. John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, which has investigated NSO’s spyware, said that the latest revelation about the alleged targeting of State Department phones shows that the department’s Bureau of Diplomatic Security needs to do more to secure those devices. “NSO has been a plain-sight national security threat for years, and the fact that these breaches happened and Apple is required to do the notification, shows that the threat was not being taken seriously enough,” Scott-Railton told CNN.

  • The State Department would not confirm the phones had been hacked. “While we are unable to confirm, generally speaking the Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected,” a State Department spokesperson said. “Like every large organization with a global presence, we closely monitor cybersecurity conditions, and are continuously updating our security posture to adapt to changing tactics by adversaries.” The Biden administration has been “acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to U.S. personnel,” a National Security Council spokesperson said, pointing to recent additions to Treasury Department’s entity list. There is also a government-wide effort to go after commercial hacking tools, the spokesperson said.