Appears to be first use of software on Israeli phones

Report: Palestinian activists’ phones hacked with controversial NSO Group tech

Code linked to firm’s Pegasus program found on devices belonging to members of 3 groups recently designated terrorist organizations by Israel in move that drew wide criticism

A branch of the Israeli NSO Group company, near the southern Israeli town of Sapir, on August 24, 2021. (AP Photo/Sebastian Scheiner)
A branch of the Israeli NSO Group company, near the southern Israeli town of Sapir, on August 24, 2021. (AP Photo/Sebastian Scheiner)

Cellphones belonging to at least six Palestinian rights activists were hacked using the contentious Israeli cyber-surveillance firm NSO Group’s Pegasus software, according to independent investigations published Monday by the University of Toronto and Amnesty International.

The report did not specify who was behind the alleged hacking, but NSO Group’s export license prohibits the firm from allowing foreign customers to hack Israeli phones — indicating that either NSO Group violated its license or that the hacking was done by Israel, in what would be the first documented case of the technology being used against phones served by Israeli carriers.

The allegations came amid international criticism of Israel after the Defense Ministry and the military outlawed six Palestinian rights groups, accusing them of acting as fronts for the Popular Front for the Liberation of Palestine terror group, which the organizations have denied.

Three of the hacked phones belonged to members of three of these groups.

According to the University of Toronto’s Citizen Lab and Amnesty’s Security Lab, pieces of code linked to NSO Group’s powerful Pegasus surveillance tool were found on the six Palestinians’ phones by the human rights organization Front Line Defenders. The investigators then matched processes undertaken by the phones with that code to activity on NSO Group’s servers at similar times.

In its report, Citizen Lab said NSO Group has “implicitly acknowledged that this methodology” correctly identifies that a phone has been breached with its software and that this technique has stood up to scrutiny in several countries.

In response to the allegations, an NSO Group spokesperson said that “contractual and national security considerations” prevented them from revealing the identity of their clients.

“As we stated in the past, NSO does not operate the products itself; the company license approved government agencies to do so. We are not privy to the details of individuals monitored,” the spokesperson said.

At a press conference in Ramallah, officials from Palestinian rights groups demanded an investigation by the international community.

“We don’t know who’s behind this, and we don’t know what kind of information they got. Because of that, we’re demanding a transparent, international investigation,” said Tahseen Eliyan, a researcher at the Palestinian rights group al-Haq.

Pegasus is considered one of the most powerful cyber-surveillance tools available on the market, giving operators the ability to effectively take full control of a target’s phone, download all data from the device or activate its camera or microphone without the user knowing. In older versions of the system, the owner of the phone needed to unknowingly download a file or click on a link to give operators access to the device, but newer iterations have done away with this requirement, giving away control of the phone without the user needing to do anything.

Three of the Palestinian rights activists whose phones were targeted agreed to be identified by name: Ghassan Halaika, a field researcher for Al-Haq; Ubai Aboudi, executive director at the Bisan Center for Research and Development; and Salah Hammouri, a lawyer and researcher for Addameer, a group that advocates on behalf of Palestinian prisoners.

All three came from groups that were declared terrorist organizations by Israel last month. The other three activists whose phones were hacked declined to be publicly identified.

Hammouri, who holds French citizenship, was sentenced in 2008 to seven years in prison for his alleged involvement in a PFLP plot to assassinate the prominent Israeli rabbi Ovadia Yosef. He denies all the charges against him.

Hammouri was released in 2011, but has been detained by Israel several times in the intervening years. Last year Israel’s Interior Ministry revoked Hammouri’s residency status due to alleged renewed involvement in terrorist activities, according to the Israeli Foreign Ministry.

Aboudi also has both Palestinian and American passports.

“This just proves that no Palestinian is immune to these kinds of violations — not even those, like Saleh Hammouri and myself, who hold foreign passports. As long as you’re Palestinian, you can be targeted,” Aboudi said at the press conference in Ramallah on Monday.

Aboudi was arrested by Israel in 2020 for prior involvement in the student wing of the Popular Front for the Liberation of Palestine. He later accepted a plea bargain that saw him serve around a year in prison. Aboudi argues that his plea bargain was motivated by high conviction rates in Israeli military courts, rendering a legal battle costly and risky.

Two of the six activists had phones with Palestinian service carriers, while four of them had sim cards with Israeli companies, three of them through Cellcom and one through HOT Mobile. Though Citizen Lab has identified cases of Pegasus being used against Palestinian phones in the past, this would be the first documented case of the technology being used on Israeli devices.

The Israel Police, Israel Defense Forces and Shin Bet security service generally rely on their own internally developed capabilities to hack phones, rather than relying on civilian companies like NSO Group.

According to Citizen Lab, Halaika’s phone was likely hacked in July 2020, Aboudi’s in February 2021 and Hammouri in April 2021. The other three phones were hacked in November 2020, February 2021 and April 2021.

This summer, news outlets around the world revealed the scope of NSO Group’s activities based on Citizen Lab and Amnesty International’s investigations, finding that the firm’s software had been used by many countries with poor human rights records to hack the phones of thousands of activists, journalists and politicians.

Earlier this week, NSO Group was blacklisted by the United States for developing and supplying “spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” according to a US Commerce Department statement.

The alleged use of NSO Group’s technology by Morocco against French President Emmanuel Macron also sparked a minor diplomatic squabble between Jerusalem and Paris, which the two countries agreed to put behind them last week, following a meeting between Macron and Prime Minister Naftali Bennett.

Last month, Defense Minister Benny Gantz declared Al-Haq, the Bisan Center and Addameer, along with Defense for Children International-Palestine, the Union of Palestinian Women’s Committees and the Union of Agricultural Work Committees, to be terrorist organizations.

Gantz’s designation had little immediate impact, as the groups operate within the West Bank and are thus officially outside of Israel’s jurisdiction. Still, the terrorist classification caused some of the groups’ funders to pull their financial support, fearing financial sanctions.

But last week, the head of the Israel Defense Forces Central Command, who has formal legal authority over the West Bank as military governor of the area, officially designated the groups “unauthorized organizations,” empowering the army to shutter the groups’ offices and arrest members.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed