systemini

technologies

Toggle Sidebar
News Feed
Online Users
No users listed here currently.
Recent Albums
No albums listed here currently.
Leaderboard
Recent Updates
  • Post is under moderation
    Stream item published successfully. Item will now be visible on your stream.
  • Post is under moderation

    Everything We Know About NSO Group: The Professional Spies Who Hacked iPhones With A Single Text

    posted in weboga on 27th Aug, 2016

     

     

     

    Thomas Fox-Brewster ,  FORBES STAFF 

    I cover crime, privacy and security in digital and physical forms.  

     

    NSO co-founder Omri Lavie, Pegasus iPhone malware

    Omri Lavie, co-founder of NSO Group, which has just been caught exploiting iPhones with its Pegasus malware. Image from Lavie’s Google Plus account.

     

    NSO Group employees’ lives must seem no different from others in the Israeli tech scene. They turn up every morning at their office in Herzelia, in Tel Aviv’s northern district, take the lift in the plain looking complex – all grey and sandy exteriors – through smart card-lock doors and into to their similarly spartan offices. On the way they give a nod to their neighbours, fraud analysts from EMC-owned RSA, whose job it is to trawl the dark web for cybercriminals’ latest escapades. They might even have time for a brief confab with staffers at their sister company, a secure smartphone designer. Then they settle down to code.

     

    But for the last six years, their everyday routine has been nothing less than extraordinary: create the world’s most invasive mobile spy kit without ever exposing their work. Now, though, they’ve been busted exploiting iPhones in some of the most astonishing attacks yet seen in the world of private espionage. The company, according to analyses from Citizen Lab and Lookout Mobile Security, discovered three previously-unknown and unpatched iOS vulnerabilities (known as zero-days) were exploited by the firm, with just one click of a link in a text required to silently jailbreak the phone. This allowed its malware, codenamed Pegasus, to install on the phone, hoovering up all communications and locations of the targeted iPhones. That includes iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram and Skype communications, amongst other data. It can collect Wi-Fi passwords too.

     

    Apple has now patched the flaws and released an update for iOS. A spokesperson said: “We were made aware of this vulnerability and immediately fixed it with iOS 9.3.5. We advise all of our customers to always download the latest version of iOS to protect themselves against potential security exploits.”

     

    Who are NSO Group?

     

    NSO Group has been able to keep its surreptitious work under wraps until now. Previous articles only recorded their move into America and limited information on contracts: one allegedly for the former Panama president Ricardo Martinelli and another for Mexico. (Related note: I recently covered the story of Mayer Mizrachi, whose father is dating Martinelli’s sister. Like Martinelli, Mizrachi is facing a corruption probe in Panama, but over alleged discrepancies with the WhatsApp rival, Criptext, he provided to the government).

     

    Thanks to the analysis from Citizen Lab and Lookout, it’s almost certain NSO also supplies to the United Arab Emirates (UAE). Ahmed Mansoor, an internationally-recognized human rights defender, alerted Citizen Lab researchers Bill Marczak and John Scott-Railton that his iPhone 6 was targeted on 10 August. They subsequently investigated the malware (full technical details of which can be found here and here), and within 10 days of being informed Apple issued the fix. The researchers later discovered Mexican journalist Rafael Cabrera had been targeted too. And looking at the domains registered by NSO, they determined Pegasus could have been used across Turkey, Israel, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria, and Bahrain, though there was no clear evidence.

     

    NSO Group’s brochure from the early 2010s describes the firm as a leader in cyber warfare.

     

    I’ve been following NSO for the last two years. But founder Omri Lavie keeps a remarkably tight ship. He never speaks to press, recently emailing me: “I do not give interviews.” That was despite an introduction through a friend in Tel-Aviv and requests spanning over two years. In another exchange, he asked me to stop contacting current and former employees. Today, despite the furore, Lavie simply said: “I’m not interested. Thank you.” Co-founder Shalev Hulio had not responded to messages. Both are believed to be alumni of Israel’s famous Unit 8200 signals intelligence arm, as are many of the country’s security entrepreneurs.

     

    Former workers are also too afraid to speak, one telling me in June last year: “I know a lot about their products and how it works but I’m not allowed to publish them… I have a lot to lose and nothing to gain if I share all my knowledge about them.”

     

    Though it doesn’t have a website and has almost eradicated its online presence since founding, FORBES understands that in 2015, as the company expanded, NSO moved in the same office building as the anti-fraud unit of RSA. I visited the center in 2013, before NSO arrived.

     

    The company’s most recently-known owner is private equity firm Francisco Partners Management LLC which purchased NSO for $120 million in 2014. Reuters reported in 2015 it was seeking a sale that would have valued the firm at nearly $1 billion. It was said to be earning $75 million a year at the time.

     

    On his LinkedIn profile, Lavie says he’s out in Washington D.C, working with NSO’s American sales arm WestBridge Technologies, the website for which he set up in 2013. It also does not have a working website, just the domain westbridge.us. Using the same Gmail, he registered the sites lavieequity.com and lavieequity.com, as well as NSOGroup.com in 2010.

     

    Lavie and his co-entrepreneurs also founded Kaymera, a company designed to solve the exact problems NSO created: a super-secure phone for government officials. The CEO of Kaymera is Avi Rosen, former head of RSA’s Online Threats Managed Services group. One source told FORBES Rosen took some of the RSA team along to Kaymera. FORBES understands Kaymera is based just next door to NSO too. It would be little surprise if they shared resources.

     

    NSO’s many partners

     

    NSO has close partnerships with a variety of other Israeli surveillance firms as they seek to spread their spy kit across the world. These include Ability Inc, a troubled supplier of an as-yet unproven technology called the Unlimited Interception System (ULIN). The tool exploits a crucial part of the global telecoms infrastructure known as SS7, allowing interception of calls and texts, and collection of target location, all with just a phone number, according to the firm. Of NSO, Ability founder and CEO Anatoly Hurgin told me earlier this year: “I think it’s one of the best companies in this field.” That’s something even Scott-Railton agrees with: “Pegasus is really next-level stuff.” Hurgin indicated NSO and Ability worked together, Hurgin’s team covering the network side and NSO leaving malware on devices.

     

    Hurgin, Anatoly, CEO of Ability Inc.

    Anatoly Hurgin, CEO and co-founder of Ability, provider of cutting-edge surveillance technology. Image from Anatoly Hurgin’s Google+ account.

     

    According to one source, Francisco Partners, which has bases in San Francisco and London, recently brought another Israeli spy team under its wing: Circles. The company, though it’s now based between Cyprus and Bulgaria, was founded by former IDF commander Tal Dilian. Circles does similar work to Ability, hacking SS7 for government contracts, though it’s another secretive company. Neither Dilian nor Francisco Partners had responded to requests for comment at the time of publication and FORBES was not able to independently confirm the claim. From the Hacking Team files, it’s apparent Circles and the Italian firm held talks about collaborating on surveillance business too. It’s a mighty incestuous market.

     

    Another Israeli company that (unjustifiably) made headlines of late for hacking iPhones, Cellebrite, has also been in communication with NSO, though they operate at different levels of police investigations. Earlier this year, shortly after it had been linked with the hack of an iPhone 5C that belonged to San Bernardino shooter Syed Rizwan Farook, Cellebrite’s head of forensic strategy Leeor Ben Peretz told FORBES his employer was in touch with companies like NSO. He didn’t discuss their precise relationship. “NSO I would say are more involved in the intelligence world and typically they would want to be following an individual without that individual knowing,” he told FORBES, noting Cellebrite would inspect phones after they’d been seized by police, not before like NSO. “They are complementary use cases,” Peretz added. There’s been some crossover of staff between the firms too. One notable iOS exploit specialist moved from NSO Group to Cellebrite in 2013. NSO also employs ex-staffers from a variety of other notable Israeli intelligence vendors, including Nice Systems and Elbit (the latter last year purchased the former’s cyber division for $158 million).

     

    Amongst Lavie’s LinkedIn contacts is a notable individual: Chaouki Bekrar. He is the co-founder of two vulnerability research organizations: VUPEN and Zerodium. They make money from buying and selling zero-days. That included a remote iOS jailbreak, for which Zerodium paid $1 million earlier this year. It may be that the two have worked together, though neither responded to requests for comment. Citizen Lab’s Scott-Railton told FORBES he thought NSO was more than capable of doing the vulnerability research on its own. “Given NSO’s public statements about their capabilities, and the size of their company, it would not be surprising to learn they’d developed their own exploits,” he said.

     

    There are plenty of privacy concerns about NSO’s tactics, exploiting devices without informing vendors and therefore leaving every phone vulnerable when they could be fixed. “That the companies whose spyware was used to target Mansoor are all owned and operated from democracies speaks volumes about the lack of accountability and effective regulation in the cross-border commercial spyware trade,” Citizen Lab concluded in its report.

     

    But one industry source close to the company had a different take. “I think they’re much less shady than the hype would make you believe. All technology can be abused, and they of all seem to do legal, export-controlled business.”

     

    NSO Group sent a statement to FORBES via email in which it said its mission was to make the world a safer place “by providing authorized governments with technology that helps them combat terror and crime”. “The company sells only to authorized governmental agencies, and fully complies with strict export control laws and regulations. Moreover, the company does NOT operate any of its systems; it is strictly a technology company,” the statement continued.

     

    “The agreements signed with the company’s customers require that the company’s products only be used in a lawful manner.  Specifically, the products may only be used for the prevention and investigation of crimes.

     

    “The company has no knowledge of and cannot confirm the specific cases mentioned in your inquiry.”

     

    The competition

     

    NSO Group is, then, one of the most valued malware creators amongst governments. It frequently did battle with another (in)famous outfit, Italy’s Hacking Team. In one leaked email from a 2015 Hacking Team breach, a now-departed Hacking Team mobile malware specialist, Alberto Pellicione, told his colleagues that NSO only did mobile exploits. But it was able to sell an iOS 6 exploit kit for up to $18 million. “At that time they were able to exploit ios6 remotely and silently if the phone was jailbroken,” wrote Pellicione in 2014. It would appear NSO’s skills have vastly improved since then.

     

    The email notes NSO was able to hack Google’s Android OS as well as BlackBerry. But the company is not known to target PCs, something Hacking Team and rival FinFisher have long been known to exploit. Other newcomers are trying to take over the market too, from India’s Wolf Intelligence to Italy’s Area.

     

    Cyber arms dealers are no new phenomenon. As long as police and intelligence need outside help to crack into Apple and Google mobiles, expect more firms to try to take their own slice of the market. Now NSO has lost a critical iOS exploit, it’d be a good time for them to pounce.

      

     

     

    Tips and comments are welcome at TFox-Brewster@forbes.com or tbthomasbrewster@gmail.com for PGP mail. Get me on Twitter @iblametom and tfoxbrewster@jabber.hot-chilli.net for Jabber encrypted chat.

    Stream item published successfully. Item will now be visible on your stream.
  • Stream item published successfully. Item will now be visible on your stream.

Login Form

Skype Module