Arab Countries Spy on their Citizens through an Israeli Program

The Spanish newspaper, Publico, has highlighted the threat to activists, politicians and journalists committed to defending human rights and who denounce abuses by any authority.

This new threat is represented by the Israeli spyware "Pegasus", which was developed in theory as a tool for public safety, but has been used to target dissidents, journalists and activists.

The newspaper said: The investigation conducted by Forbidden Stories, in cooperation with Amnesty International (published on July 21), shows how the powerful monitoring tool, Pegasus, capable of penetrating any phone, including iPhones, got into the hands of several countries. 

The most prominent of these countries are Saudi Arabia, the United Arab Emirates, Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Morocco, Mexico, Rwanda and Togo.

It should be noted that not all of these countries are proponents of human rights, says the newspaper.

Serious Leaks

The newspaper added that Amnesty International considers that the investigation mainly revealed that "the program of the Israeli NSO company has been used to facilitate the commission of widespread human rights violations around the world."

This conclusion was made based on the leakage of more than 50,000 phone numbers to potential espionage targets, including heads of state, activists and journalists, including the family of journalist Jamal Khashoggi, who was assassinated by the Saudi regime in Istanbul in 2018.

The newspaper pointed out that these leaks revealed that this malicious program targeted at least a thousand people from more than 50 countries, including some members of the Arab royal families.

It also targeted 65 senior officials, 85 human rights activists, 189 journalists and more than 600 politicians, ministers and military personnel.

In this sense, Amnesty International Secretary-General Agnes Callamard commented, "The number of journalists identified as targets of this malicious program clearly shows that Pegasus is being used as a tool to intimidate critical media."

The newspaper quoted that there are many companies in the world that develop software tools for technological control or for espionage tasks directly. The "NSO" group is one of the most famous, but it is not the only one.

Specifically in 2011, a malicious computer worm infecting the Windows system, Stuxnet, which was jointly developed by the US and Israeli governments, was discovered to attack nuclear equipment and infrastructure.

Soon later, the Spanish spyware, Carito, an electronic spy used against Morocco was discovered. In addition to this group, the French Babar program.

The newspaper indicated that companies such as the Italian Hacking Team and the German Gamma Group openly devote their work to these tasks.

These companies develop all kinds of malware that they insist on selling only to governments and not to individuals or groups.

In particular, Morocco purchased a spyware program from Hacking Team years ago capable of hacking certain web pages, such as "Mamfakinch" (meaning we will not compromise in Moroccan dialect). It is the Moroccan version of the Arab Spring.

This virus allows to infect the device and enable remote access to all its contents.

 

Constant Espionage

The newspaper indicated that reports of espionage with which NSO is linked have been frequent for years.

For example, in 2018, Citizen Lab warned of a series of various attacks in 45 countries through the Pegasus program.

Two years ago, it was found that this program had spied on human rights activists.

In Spain, the Publico newspaper revealed, earlier, that spyware was illegally purchased to spy on Catalan politicians in 2015.

On the way the malicious program works, the newspaper explained that Pegasus is a highly sophisticated spying program that can be installed remotely on a smartphone, meaning that it does not require any action by its owner.

However, it is difficult to explain the technical operation of this malware, which is also far-fetched: we know that it has been installed on the mobile phones of some citizens only thanks to a leak.

Once installed, full control of the device is possible, including access to encrypted messages such as WhatsApp and Signal, geolocation of the phone, and operation of the microphone and camera.

How was more than 50,000 identities the target of spying leaked, as the authors of the investigation reveal?

Diligent researcher on attacks on human rights in networks Marcelino Madrigal points out that this kind of data and resources are sold on the dark web.

That is what apparently happened in this case, where a former employee of the NSO Group offered the powerful tool for sale, in 2017.

This still unknown tool is capable of exploiting vulnerabilities, even for the very secure iOS.

The newspaper noted that cases such as Pegasus or the case of the Kandero company, also Israeli, unveil two terrifying facts that can be better understood together.

 

Against Civil Societies

Although these companies sell their products "exclusively" to states in order to fight crimes, they can be used for other purposes against civil society.

The newspaper pointed out that no one is safe from these malicious programs, because the nature of this type of spyware is disguised.

Usually it does not require any action from the target person, such as downloading a file or clicking on some strange address in a spam email.

On the other hand, attack vectors revealed by the investigation in the AI ​​technical laboratory indicate that they exploit vulnerabilities, such as those in some applications, or infiltrate mobile phones through SMS or WhatsApp, which contains a link to a malicious website to install the program.

The newspaper reported that the purpose of this malware varies depending on who controls it, because these types of tools are part of the main weapons of electronic warfare.

In particular, these programs are often used to spy, locate opposition, learn about the prevailing social pattern and of course repression and murder.

On the other hand, in an increasingly polarized society, this tool can be used to fight crime or terrorism, but also to restrict human rights.

For example, on the list of "Victims of Pegasus" are journalists from Azerbaijan, Hungary, India and Morocco, countries where repression against independent media has intensified.

The spyware also targeted the phone of journalist Cecilio Pineda a few weeks before his murder in 2017.

There are journalists from the Associated Press, CNN, The New York Times and Reuters who have been spied on. Rola Khalaf, director of the Financial Times, also appears on this list.

In our time, we are caught up in surveillance, both in the real and digital worlds, the paper says.

At the same time, it is becoming increasingly difficult to detect intrusions into privacy, which remains a fundamental right.

Research highlights the complexity of surveillance systems, which, in this and many other cases, were developed by private companies.

The newspaper said, “The insufficient monitoring and lack of transparency towards these programs means that they can be used for illegal purposes.”

It is similar to what is happening in the arms market by states and criminal groups of all kinds. The newspaper called for maximum transparency.