Examining phones of 2 alleged police targets, cyber firm finds evidence of hacking

ZecOps says high likelihood devices of former ministry chiefs were infected with malware, which was oddly removed in recent days; 3rd ex-ministry head hands in phone for probe

From left to right: Keren Terner Eyal, former director general of the Transportation Ministry; former Justice Ministry director general Emi Palmor; and Shai Babad, the former director general of the Finance Ministry. (Flash90)
From left to right: Keren Terner Eyal, former director general of the Transportation Ministry; former Justice Ministry director general Emi Palmor; and Shai Babad, the former director general of the Finance Ministry. (Flash90)

An Israeli cybersecurity company has examined the phones of two alleged targets of Israel Police spyware attacks, and believes that their devices were likely infiltrated with malware — though it is not known who by.

ZecOps, which specializes in phone hacking, examined the phones of Shai Babad, the former director-general of the Finance Ministry, and Keren Terner Eyal, also a former director-general of that ministry as well as the Transportation Ministry.

Its initial findings indicate a 90 percent probability that the phones were hacked. Malicious activity appeared to have begun in early 2020. Suspiciously, the malware appeared to have been removed in recent days: in Babad’s phone on February 1, and in Terner Eyal’s phone on February 10.

The ZecOps investigation was reported on by Haaretz, Walla and Maariv.

Both former top officials were named by Calcalist on Monday as targets of police hacking. The first Calcalist report on alleged illegal police use of spyware tools was published last month.

ZecOps could not say where the attacks originated, but was continuing its examination of the phones.

Then Justice Ministry director-general Emi Palmor speaks at the Jerusalem Conference of the ‘Besheva’ group, on February 11, 2019. (Noam Revkin)

Emi Palmor, a former director-general of the Justice Ministry who has also been named by Calcalist as a hacking target, has also handed in a phone for examination, though it is a relatively new device and she is searching for her previous phone.

Calcalist’s reports, which have alleged unsupervised use of spyware against Israeli civilians by law enforcement, have spurred an investigation and statements of concern from lawmakers, including Prime Minister Naftali Bennett.

A special team is aiding the state prosecution in probing the claims, including cyber experts from the Mossad and the Shin Bet agencies.

Police have continuously denied any wrongdoing.

Calcalist specifically pointed a finger at NSO Group and its Pegasus spyware, which has made headlines due to its alleged use by countries around the world as an undemocratic means to spy on dissidents and quash opposition.

On Thursday, NSO sent a letter to Calcalist threatening legal action. The company said Calcalist has published “sensationalist” claims without providing any evidence to back them up.

Israel Police Commissioner Kobi Shabtai speaks during a ceremony in Nazareth, on November 9, 2021. (Michael Giladi/Flash90)

The letter appeared to be threatening action in response to a Tuesday report by Calcalist that said NSO Group allows clients to hide their footprints when using its technology, which could undermine investigations into its use. Previous reports have largely alleged wrongdoing by police using NSO’s technology, not illegality by the company itself.

Calcalist on Monday published specific, but unsourced, allegations of hacking against 26 targets by police, including the three former ministry directors-general. The bombshell report said the Pegasus program was deployed against senior government officials, mayors, activist leaders, journalists and former prime minister Benjamin Netanyahu’s family members and advisers, all without judicial authority or oversight.

In response to Thursday’s report, NSO wrote to Calcalist that the relevant systems “include full documentation of the actions performed in them,” and that the records are kept for legal purposes and to prevent tampering with evidence. It further denied the newspaper report’s claim that it had sold client software that does not include the documentation feature or only in a limited way.

Calcalist published an interview with an unnamed source “with very close knowledge” of the architecture of NSO’s Pegasus spyware, who claimed that the company’s tech can be configured so as to not create data logs of everything the spyware does. According to Calcalist, without the data logs, a complete investigation of who was targeted with the spyware and what data was gleaned is not possible.

The source told the newspaper that deniability is built into the architecture of the spyware, as clients had requested the feature for various reasons, including the possible exposure of sources or targets if the information was demanded by a court, or a change in a regime in their countries that would then use the records for other purposes.

An Illustration of a man holding his phone with NSO Group logo on a computer screen in the background, in Jerusalem, on February 7, 2022. (Yonatan Sindel/Flash90)

Police have insisted that any use of spyware to access phones was done under strict adherence to court orders, denying media reports of widespread abuse of their powers to spy on innocent citizens without court oversight.

After the allegations of spying against 26 individuals, police said an internal probe found that only three of them had been targeted, only one successfully, and all with judicial oversight. The police report was delivered to Bennett.

Police Commissioner Kobi Shabtai and police officers involved in using the spyware have insisted that their actions were legal and supervised.

Publicly addressing the scandal for the first time on Wednesday, former police chief Roni Alsheich, who was in office between 2015-2018 when some of the alleged spying took place, denied any police wrongdoing under his watch, saying the allegations had “no connection to reality.”

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed