The ruling represents a significant victory for privacy advocates and those opposing NSO Group's controversial Pegasus software. The Israeli company has become the most prominent example of the largely hidden spyware industry, which governments increasingly employ to monitor dissidents, journalists, and politicians. NSO Group has consistently rejected criticism, arguing that its Pegasus spyware has been used beneficially, such as in capturing high-profile criminals.

This court decision marks the latest development in legal proceedings that began in 2019, Politico reported. The ruling requires NSO Group to pay WhatsApp punitive damages of around $167 million in addition to more than $440,000 in compensatory damages following one day of jury deliberation, a Meta spokesperson said.

The case stems from an operation connected to NSO Group that attempted to exploit video calling systems and deliver malware to approximately 1,400 WhatsApp users in 2019, many working for civil society organizations, Politico reported. WhatsApp filed a legal complaint after discovering the scheme.

NSO Group had previously been found liable for hacking the WhatsApp user accounts, establishing a precedent for organizations targeted by spyware to take legal action against companies that create such malicious software.

Meta published a post shortly after the ruling celebrating the victory and indicated that WhatsApp will seek a court order to "prevent NSO from ever targeting WhatsApp again." The post added that Meta will make an unspecified donation to digital rights organizations that work to expose spyware abuses. Additionally, WhatsApp plans to release transcripts of deposition videos from NSO Group executives and others to help researchers understand the full extent of spyware use globally.

"Today's verdict in WhatsApp's case is an important step forward for privacy and security as the first victory against the development and use of illegal spyware that threatens the safety and privacy of everyone," the post reads.

Apple had also filed a lawsuit against NSO Group, seeking damages for spyware used against its customers. However, Apple ultimately dropped the case last year after concluding that pursuing it might expose sensitive Apple user data.

Gil Lainer, vice president of global communications for NSO Group, said in a statement Tuesday that the decision is "another stope in a lengthy judicial process," and that "we firmly believe that our technology plays a critical role in preventing serious crime and terrorism and is deployed responsibly by authorized government agencies."

"We will carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal," Lainer said, adding that the company "remains fully committed to its mission to develop technologies that protect public safety" while working within legal frameworks.

NSO Group was added to the Commerce Department's entity list in 2021, making it difficult for the company to conduct business in the US. Meanwhile, the European Parliament has established a committee to investigate Pegasus use across EU nations.

The post Israeli spyware firm slapped with massive fine over alleged WhatsApp hacks appeared first on www.israelhayom.com.

The Israeli tech company NSO Group on Sunday filed a libel lawsuit against an Israeli newspaper after it published a series of explosive articles claiming Israeli police unlawfully used its spyware on dozens of public figures.

Follow Israel Hayom on Facebook, Twitter, and Instagram

The articles by the Israeli business newspaper Calcalist published over recent weeks triggered an uproar over what the newspaper claimed was the police's unfettered use of sophisticated phone hacking software on a broad swath of figures. An investigation into the reports, which were unsourced, found no indication of abuse.

The NSO suit targets a specific article published earlier this month, which said the company allowed clients to delete traces of their use of the spyware, a claim it denies. But the company, which has faced a growing backlash over its product, questioned the overall credibility of the reports, calling the series of articles "one-sided, biased and false."

"The thorough investigation that was carried out pulls the rug out from under another attempt to discredit the company and its workers and serves as additional proof that not every journalistic investigation with a sensational headline about NSO is indeed based on facts," the company said in a statement.

NSO was asking for 1 million shekels ($310,000) in damages that it said would be donated to charity.

The Calcalist reports said police spied on politicians, protesters and even members of former Prime Minister Benjamin Netanyahu's inner circle, including one of his sons. The paper said police used Pegasus, the controversial spyware program developed by NSO, without obtaining a court warrant.

The investigation led by Israel's deputy attorney general found no evidence to support the claims, although the journalist, Tomer Ganon, has stood by his work. The investigation's findings were a rare piece of good news for NSO, which has faced mounting criticism over the spyware.

Pegasus is a powerful tool that allows its operator to infiltrate a target's phone and sweep up its contents, including messages, contacts and location history.

NSO has been linked to snooping on human rights activists, journalists and politicians in countries ranging from Saudi Arabia to Poland to Mexico to the United Arab Emirates. In November, the US Commerce Department blacklisted the company, saying its tools had been used to "conduct transnational repression."

NSO says it sells the product only to government entities to fight crime and terrorism, with all sales regulated by the Israeli government.

The company does not identify its clients and says it has no knowledge of who is targeted. Although it says it has safeguards in place to prevent abuse, it says it ultimately does not control how its clients use the software.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Israel's NSO suing paper overs claims Israel Police used its spyware on civilians appeared first on www.israelhayom.com.

Former Israel Police Commissioner Roni Alsheikh said Wednesday that the troubling reports accusing the law enforcement agency of using NGO Group's Pegasus surveillance technology illegally are "completely unfounded."

Follow Israel Hayom on Facebook, Twitter, and Instagram

A series of exposés by financial daily Calcalist alleging an unprecedented use of the spyware, originally developed as a counterterrorism measure, against civilians, including politicians and government functionaries, social activists, protesters, public servants, journalists, and businesspeople, has rattled the political system.

According to the reports, this "intelligence phishing expedition" was conducted prior to any official investigation against the targets and without judicial warrants, despite police officials knowing that any information obtained sans such warrants was inadmissible in court.

Lawmakers from across the political spectrum have demanded an independent commission of inquiry be named to investigate the matter in full.

Channel 12 News reported Wednesday that during Alsheikh's term as police chief, from 2015 to 2018, the police used or tried to use the spyware on 90 individuals. However, between 2018 and 2020, when then-acting Police Commissioner Motti Cohen was in office, 150 individuals were targeted.

Alsheikh said that "as someone who knew the system closely, I have no doubt that the picture painted by these reports has no bearing on reality."

Speaking with Channel 13 News, the former police chief explained that he has refrained from commenting until now because the report cites issues pertaining to ongoing legal proceedings, namely Former PM Benjamin Netanyahu trial, where it is believed the phones of key witnesses were hacked.

"Two days ago we were exposed to dramatic headlines according to which the Israel Police in general, and my leadership in particular, ignored the law and turned activity that was supposed to be pinpointed and regulated into a platform for uncontrollable phishing.

"My close friends, like many citizens of Israel, were stunned by the many publications and turned to me for answers. This was the turning point for me," he explained.

He reiterated that using wiretaps in general, especially tools as sophisticated as Pegasus, mandates a court order, and maintained that the police had cause to surveil public officials named in Calcalist's report as hacking victims.

"The various investigative tools operated against them were used legally, by order of a judge and in accordance with every law. Unfortunately, I saw with what contempt the findings of the police inspections were received," he noted.

"The enormous damage done to law enforcement requires clearer and more comprehensive answers from all those involved," Alsheikh told Channel 13 News. "I intend to present my position in a thorough and comprehensive manner. However, the time for that will come when I am convinced that this does not, God forbid, cause harm to a legal proceeding, or to any open investigation."

Tuesday saw Attorney General Gali Baharav-Miara order the Israel Security Agency and Mossad intelligence agency to weigh in on the investigation into the police's alleged abuse of spyware technology and the Pegasus software in particular.

The decision to include Shin Bet and Mossad cyber experts in the investigation stems from the fact that these are the only two intelligence agencies in Israel that are familiar with the full scope of Pegasus and similar spyware.

As the police cannot review themselves in this case, and as NSO is a private company whose employees cannot access police computer systems without supervision, it is necessary to involve cyber experts from the intelligence community in the investigation.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Former police chief says reports of spyware abuse 'completely unfounded' appeared first on www.israelhayom.com.

Attorney General Gali Baharav-Miara on Tuesday ordered the Israel Security Agency and Mossad intelligence agency to weigh in on the investigation into the Israel Police's alleged illegal use of NSO Group's Pegasus surveillance technology.

Follow Israel Hayom on Facebook, Twitter, and Instagram

A series of exposés by financial daily Calcalist revealed an unprecedented use of the spyware, originally developed as a counterterrorism measure, against civilians, including politicians and government functionaries, social activists, protesters, public servants, and businesspeople.

According to the reports, this "intelligence phishing expedition" was conducted prior to any official investigation against the targets and without judicial warrants, despite police officials knowing that any information obtained sans such warrants was inadmissible in court.

So far, 26 people have been identified as victims of the Pegasus hack, including several ministries' directors-general, former PM Benjamin Netanyahu's son, Avner, key witnesses in the corruption case against Netanyahu, union leaders, and several mayors: Miriam Feirberg (Netanya), Yoram Shimon (Mevaseret Zion), Yaakov Peretz (Kiryat Ata), and Motti Sasson (Holon).

Prime Minister Naftali Bennett has ordered a full review of the names listed in Calcalist's report ahead of the final decision on whether the investigation into the spyware fiasco will be headed by a parliamentary, ministerial, independent or state commission of inquiry, as each could wield different authority over the procedure.

The decision to include in Shin Bet and Mossad cyber experts in the investigation stems from the fact that these are the only two intelligence agencies in Israel that are familiar with the full scope of Pegasus and similar spyware.

As the police cannot review themselves in this case, and as NSO is a private company whose employees cannot access police computer systems without supervision, it is necessary to involve cyber experts from the intelligence community in the investigation.

Meanwhile, as calls for the formation of an independent commission of inquiry grow, Israel Hayom has learned that a parliamentary commission of inquiry already looked into the issue of wiretapping 15 years ago.

The panel presented its findings in 2009, following two years of work, but the 34-page report, which included legislative amendments that perhaps could have prevented the Pegasus scandal, but were largely ignored.

Among the articles in the report were recommendations for further study of legislative issues, enhancing the police's own oversight system, creating quality indices to examine wiretapping orders that will be submitted to the court at various points of the procedure, as well as limiting the number of judges who can issue such orders and requiring those who do to undergo special training.

Sources familiar with the work of the 2007 committee told Israel Hayom on Tuesday that the Pegasus scandal "proves that the Israel Police not only sidelined the recommendations made at the time, they ignored it completely."

"In many ways, the conclusions of the commission of inquiry that will be set up now were written as early as 2009, but the police preferred to ignore them and act independently without supervision," one official said.

The fact that the police so blatantly ignored past recommendations, he added, "means that the next investigation must be held by a state commission of inquiry, as clearly, findings submitted by a committee set up by a political entity will again be ignored."

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post AG orders Shin Bet, Mossad to weigh in on Pegasus scandal probe appeared first on www.israelhayom.com.

Israeli officials from across the political spectrum were outraged to learn Monday of the scope of the Israel Police's use of Pegasus, NSO Group's now-infamous surveillance technology, which reportedly extended to dozens of civilians, ranging from politicians and government functionaries to social activists and journalists.

Follow Israel Hayom on Facebook, Twitter, and Instagram

NSO Group's Pegasus software allows its users to remotely access mobile phones infected with the spyware. It exploits security vulnerabilities in cellular operating systems to retrieve a device's content, including text and email messages, photos, call history, and location data.

Lawmakers demanded an independent inquiry into what the police classified as "technological and data-oriented policing" but was, in fact, an intelligence phishing expedition conducted against dozens of individuals prior to any official investigation against them, without judicial warrants, and despite police officials knowing that any information obtained sans such warrants was inadmissible in court.

President Isaac Herzog issued a statement saying, "Law enforcement cannot cut corners when doing its job. When you enforce the law you must be beyond reproach. We cannot lose our democracy. We cannot lose our police and we cannot afford to have the public lose faith in either. This matter mandates a thorough investigation."

Prime Minister Naftali Bennett called the revelations in Calcalist "very serious," saying, "Pegasus and similar tools are very important in the war on terror and in the fight against serious crime, but they are not intended for widespread phishing among Israeli citizens or public figures.

"We need to understand exactly what happened. The deputy attorney general is looking into the matter. Once we know what happened we will not leave the public to wonder – we understand how serious this is."

The incidents in question allegedly took place under the command of former police chief Roni Alsheikh. Police Commissioner Yaakov Shabtai, who has already appointed a task force to examine the issue, appealed on Monday afternoon to Public Security Minister Omer Barlev to form an external review board on the matter.

"In light of recent publications regarding the use of technological systems by the Israel Police in the years prior to my command, I have asked the public security minister to order the establishment of an external, independent judicial review of the matter, to examine every aspect of this issue. This means to both regulate the use of such technology by the police and restore the public's faith in it.

"Any irregularities and failures found will be dealt with in accordance with the law," the commissioner, who is on a historic visit to the UAE, said in a statement.

Barlev has ordered the formation of a governmental commission of inquiry into the police spyware scandal and tasked it with "investigating the scope of the privacy violations against civilians."

He noted that reports of the privacy abuses "indicate that these failures – if they indeed happened – took place under previous commissioners, previous public security ministers, and previous governments. I can look Israeli citizens in the eye and promise – the commission of inquiry will review the length and breadth of these allegations.

"The police are under my responsibility and my authority. Such failures will not take place on my watch," he asserted, adding that the investigative panel "will be vested with the same authorities as a state commission of inquiry in terms of summoning witnesses, questioning them under warning, and seizing documents – regardless of how senior they may be in the political echelon, judiciary, or the Israel Police."

'We have to make sure this never happens again'

Israel Police spokesperson Eli Levi told Tel-Aviv-based 103FM Radio that the reports in Calcalist "wrong police officers. ... We need to let the commission of inquiry run its course. The police are open to any review, with full transparency. Police work in Israel has never before been called into question and if officers exceeded authority they will be prosecuted accordingly."

Levi noted that the police were "unfazed by the possibility of a commission of inquiry. We practice full transparency. Right now, we need to stop slandering the police."

Interior Minister Ayelet Shaked said, "If this is true, it is an earthquake. These acts characterize dark regimes to which we cannot be similar.

"Mass privacy violation is nothing short of lawlessness and it must end today. We have to form an external commission of inquiry. This is not the purpose for which the police procured this software. The Knesset and the public deserve answers, now."

Constitution, Law, and Justice Committee Chairman MK Gilad Kariv called for a legislative change, saying, "The current laws were drafted before anyone could even imagine what powerful tools would be at [the police's] disposal. We have to make sure that the legislation keeps up with technology and that strict oversight is in place.

Environmental Protection Minister Tamar Zandberg tweeted, "The revelations regarding this spyware leave no room for doubt: it is an earthquake that requires no less than a state commission of inquiry. The idea that a democratic state spies on its citizens as if it was a dictatorship should keep us all awake at night. There is no room for any excuse."

Blue and White MK Eitan Ginzburg said, "This is a difficult day for democracy. The police's ability to monitor anyone without evidence of a criminal offense and without a court order is appalling. Only an independent commission of inquiry can find out what was going on and until that happens, the commissioner must pull the plug on any use of this software."

Likud MK Miki Zohar tweeted, "This government commission of inquiry is a joke. They want to bury the story even though it is the most serious violation of Israeli democracy since the inception of the state."

Religious Zionist Party leader Bezalel Smotrich said that Alsheikh and any other police officer involved in the hacking "should be arrested without delay and interrogated by an independent counsel with the broadest possible jurisdiction. Simultaneously, a state commission of inquiry must be formed to understand how something like this could have happened in the first place and make sure it never happens again."

The Movement for Quality Government in Israel welcomed the decision to form a commission of inquiry into the explosive allegations, calling the move "vital."

The Privacy Protection Authority echoed the statement, saying that the implication of the allegations, if true, would be "beyond far-reaching."

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Massive scope of police Pegasus scandal rattles Israeli politics appeared first on www.israelhayom.com.

The growing list of individuals whose phones were apparently illegally hacked by the Israel Police grew by dozens of names on Monday, as financial daily Calcalist revealed that despite previously alleging that the use of Pegasus – NSO Group's now-infamous surveillance technology – was limited to special cases, it was, in fact, extensively used to obtain information from civilians ranging from politicians and government functionaries to social activists and journalists.

Follow Israel Hayom on Facebook, Twitter, and Instagram

The daily first revealed the police's use of Pegasus last month. Initial denials were quickly replaced with an admission that the police "misused" the spyware, but police officials insisted that all was above board in terms of the "few instances" when the surveillance technology was employed.

Monday's report in Calcalist, however, revealed that the measure – classified by the police as "technological and data-oriented policing" – was not limited to special cases, rather became a routine tool in intelligence-gathering. Moreover, the wide-ranged use of Pegasus was done without court orders or authorization from the Attorney General's Office, as required by law.

NSO Group's Pegasus software allows its users to remotely access mobile phones infected with the spyware. It exploits security vulnerabilities in cellular operating systems to retrieve a device's content, including text and email messages, photos, call history, and location data.

The spyware has been the focus of a global scandal since mid-July, when the Pegasus Project, a group of 17 media organizations – having been provided with information by Amnesty International, the Citizen Lab of University of Toronto and Forbidden Stories – revealed that the classified technology was being used to hack the phones of journalists, government officials and human rights activists around the world.

The latest installment in Calcalist's exposé on the matter said that under then-police chief Roni Alsheikh's command, officers with the Signals Intelligence Unit had hacked the phones of dozens of Israelis in what the daily described as an "intelligence phishing expedition."

These efforts were conducted prior to any official investigation against the targets and without judicial warrants, despite knowing that any information obtained sans such warrants was inadmissible in court.

Among the victims listed in the report as having been hacked are then-directors-general of the Transportation, Finance and Justice ministries Keren Turner, Shai Babad and Emi Palmor, respectively, as well as the leaders of social protest movements, including anti-Netanyahu activists, social activists for disability rights and Israelis of Ethiopian descent. Several mayors were also hacked, including Miriam Feirberg (Netanya), Yoram Shimon (Mevaseret Zion), Yaakov Peretz (Kiryat Ata), and Motti Sasson (Holon).

The Pegasus spyware was also installed on the phone of witnesses and persons of interest in Case 4,000 against then-PM Benjamin Netanyahu, Bezeq chief's wife Iris Elovich, who is a defendant in the case, former Communications Ministry chiefs Shlomo Filber and Avi Berger, Bezeq CEOs Stella Hendler and Dudu Mizrahi, Walla CEO Ilan Yeshua, former Walla editor-in-chief Aviram Elad and other journalists at the newsoutlet.

Netanyahu's son, Avner, was also hacked, as were the phones of several members of the now-opposition leader's inner circle, including advisers Topaz Luk and Yonatan Urich.

Other prominent public figures whose phones were infected with the spyware include Businessman Rami Levy, and Yair Katz, the chairman of the workers union at Israel Aerospace Industries.

The Israel Police said in a statement that they are "cooperating with the Attorney General's Office review of the matter."

Outgoing Attorney General Avichai Mendelblit ordered an investigation into the spyware scandal last week in one of his last decrees before leaving office.

After the original story broke, Pegasus developer NGO Group issued a statement stressing that "the company does not operate the systems in its customers' possession and is not involved in their operation. NGO Group's employees are not privy to the purpose for which the software is used, nor are they privy to the information derived as part of the investigations conducted by clients.

"The company sells its products under the license and supervision of state security and law enforcement agencies to legally prevent crime and terrorism, according to court orders and local laws."

An NSO Group official told Calcalist, "There is no way for company employees to be exposed to the information gathered by clients" using Pegasus.

The revelation prompted immediate calls for a commission of inquiry into the scandal.

Interior Minister Ayelet Shaked said, "If this is true, it is an earthquake. These acts characterize dark regimes to which we cannot be similar.

"Mass privacy violation is nothing short of lawlessness and it must end today. We have to form an external commission of inquiry. This is not the purpose for which the police procured this software. The Knesset and the public deserve answers, now."

Constitution, Law, and Justice Committee Chairman MK Gilad Kariv called for a legislative change, saying, "The current laws were drafted before anyone could even imagine what powerful tools would be at [the police's] disposal. We have to make sure that the legislation keeps up with technology and that strict oversight is in place.

The Privacy Protection Authority also called for the formation of a commission of inquiry saying the implication of the report, if true, are "beyond far-reaching."

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Lawmakers demand independent inquiry into police Pegasus scandal appeared first on www.israelhayom.com.

The State Comptroller has opened an investigation into the alleged use of sophisticated spyware on Israeli citizens by law enforcement agencies following a report by financial newspaper Calcalist.

Follow Israel Hayom on Facebook, Twitter, and Instagram 

The State Comptroller's office said it "places special emphasis on protecting the privacy of Israeli citizens and residents. The technological means serve as evidence in criminal proceedings and raise questions as to the balance between their usefulness and the violation of the right to privacy and additional freedoms. These means also pose risks of leaking personal information and the misuse of databases. As a result, State Comptroller Matanyahu Englman decided to include in the long-established office work plan the issue of law enforcement agencies' use of technologies for enforcement purposes."

According to the Calcalist report, police used the NSO spyware Pegasus to surveil leaders of protests against Opposition Leader Benjamin Netanyahu in 2020, who was then prime minister. It said police also hacked the phones of two sitting mayors suspected of corruption and numerous other Israeli citizens, all without a court order or a judge's oversight.

The Israel Police denied the allegations, saying they operate according to the law, and the NSO Group said it does not identify its clients.

The company says its products are intended to be used against criminals and terrorists, and that it does not control how its clients use the software. Israel, which regulates the company, has not said whether its own security forces use the spyware.

The report, which cited no current or formal officials from the government, police or NSO corroborating the paper's claims, referred to eight alleged examples of the police's secretive signal intelligence unit employing Pegasus to surveil Israeli citizens, including hacking phones of a murder suspect and opponents of the Jerusalem Pride Parade. The report did not name any of the people whose phones were allegedly hacked by the police.

"In all the cases mentioned in the article, and in other instances, use of Pegasus was made at the sole discretion of senior police officers," the report said. "The significance is that with Pegasus, the police can effectively hack without asking a court, without a search or entry warrant, without oversight, to all cell phones."

The Privacy Protection Authority said it was concerned by reports that the Israel Police was allegedly using the Pegasus program to monitor Israeli citizens and had contacted Israel Police Commissioner Yaakov Shabtai to "examine the repercussions of the use of the program for citizens' personal information."

The authority emphasized "that to the extent that the police use the Pegasus software to monitor Israeli citizens, this is a serious violation of the privacy of the citizens on whom the surveillance is carried out." 

Refraining from commenting specifically on the Calcalist report, the authority said, "The use of technological systems for monitoring citizens, including within the framework of the war on crime, is a mechanism that inevitably includes a serious violation of citizens' privacy, and implies a violation of the autonomy of each and every one of us, an individual's ability to exercise their full rights, and the democratic nature of Israeli society." It noted "an urgent meeting was requested with the police commissioner and at the same time, for the police to respond to the authority's request for clarifications on the matter. "

The report sparked an outcry across Israel's political spectrum.

Energy Minister Karine Elharrar told Army Radio that such surveillance "was something that a democratic country cannot allow."

Likud MK Yuval Steinitz said that surveillance of citizens by law enforcement without judicial oversight is improper and that if the claims are correct, it should be investigated.

Public Security Minister Omer Barlev, whose department oversees the police, tweeted that he would verify that police received explicit authorization from a judge to use the spyware.

Shas has called on the Knesset speaker to launch a parliamentary investigation. Yesh Atid MK Merav Ben Ari, who heads the Knesset's public security committee, said the panel would hold a hearing into the report's claims.

The Israel Police issued a statement after the report's publication, saying that "there's no truth to the claims raised in the article" and that "all police operations in this field are in accordance with the law, in line with court orders and meticulous protocols."

Senior police officials asked for any evidence of illegal wiretapping to be handed over to the police. They noted the Israel Police's National Cyber Crime Unit "was established in light of the need to fight major crime in the digital era, to prevent murders, car explosions, and public vandalism, among other things solely in accordance with the law." 

They emphasized that on the issue of wire-tapping, "We operate with internal oversight, from the issuance of an order, its implementation, through providing a report to the [police] commissioner, and all this in an orderly report to the Knesset and the Law and Justice Committee."

The police do not wire-tap protesters, they said, noting, "We only use [such] tools to combat crime. The activity is not used on normative citizens. These are regulated tools that receive the relevant legal authorizations before they are brought into service. You cannot contend with crime by relying on tools from 1948. And we therefore need advanced technology.

Likud MK Amir Ohana, who was public security minister during the protests, said he had no knowledge of the reported surveillance.

The Black Flag protest movement, whose leaders were allegedly surveilled during weekly demonstrations in recent years calling on Netanyahu to resign, called on the police to release the names of the people whose phones were hacked. Spokesman Roee Neuman said the protest leaders only learned of the digital surveillance following the publication of the report.

Pegasus software surreptitiously grants full access to a person's cellphone, including real-time communications.

Tuesday's report was the latest blow for the company, which has faced growing scrutiny and criticism for its software's use by repressive governments.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Did Israel Police use NSO spyware against anti-Netanyahu protesters? appeared first on www.israelhayom.com.

European Parliament lawmakers called Wednesday for a committee to investigate alleged rights abuses by European Union governments using powerful spyware produced by Israel's NSO Group.

Follow Israel Hayom on Facebook, Twitter, and Instagram

Meanwhile, the Polish Senate formally approved the formation of a committee to investigate evidence that three critics of the country's right-wing government were hacked with the spyware. Sen. Marcin Bosacki, who will lead the inquiry, said the step was needed "due to the deepest concern for our democracy and the future of the Polish state."

Renew Europe, a liberal political group that is the third-largest in the European Parliament, made its appeal for the European-wide inquiry following reports that NSO Group's Pegasus software has been used to hack the smartphones of opposition politicians, lawyers, journalists and critics of the right-wing governments in Hungary and Poland.

"We need a full inquiry into the Pegasus spyware scandal. European democracy is being undermined and the EU should act accordingly," said Sophie in 't Veld, a Dutch member of the European Parliament. "We cannot let this pass. Our democracy is at stake."

She said the European Commission, the executive branch for the 27-nation bloc, should follow the example of the US government and "quickly blacklist Pegasus' parent company NSO."

The Biden administration put new export limits in November on Israel's NSO Group, saying its tools have been used to "conduct transnational repression."

Renew said in a statement that it hopes other groups will support its call, noting that an inquiry would constitute the first action on the matter from an EU institution.

Pegasus is a powerful surveillance tool sold to government agencies to fight terrorism and other serious crimes. But investigations have been turning up evidence that in many places it is being used to target domestic critics and rivals.

An investigation by a global media consortium published in July showed that Pegasus was used in Hungary to infiltrate the digital devices of a range of targets – including at least 10 lawyers, one opposition politician and several government-critical journalists.

In late December, The Associated Press reported that three Polish critics of the government were also hacked, based on investigations by the Citizen Lab, a research institute at the University of Toronto. Last week ruling party leader Jaroslaw Kaczynski, Poland's most powerful politician, acknowledged that the country had the spyware but denied it was used against the opposition.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

Among the Polish victims are a lawyer, a prosecutor and a senator who was hacked multiple times in 2019 when he was running the opposition's parliamentary election campaign. Text messages stolen from Senator Krzysztof Brejza's phone were doctored and aired by state-controlled TV in Poland as part of a smear campaign in the heat of the race, which the populist ruling party went on to narrowly win.

The hacking revelations have rocked Poland, drawing comparisons to the 1970s Watergate scandal in the United States.

However, Kaczynski and other top members of the ruling Law and Justice party say they see no reason for an investigation into the hacking. The party can block a probe thanks to its majority in the lower house, or Sejm.

The Senate, where the opposition holds a slim majority, voted 52-45 on Wednesday to launch its committee. One of its aims will be to determine whether the hacking of Brejza's phone altered the outcome of the 2019 elections. The head of committee, Sen. Bosacki, said a state in which secret services have an influence on the election process ceases to be a democracy.

Only the Sejm, whose roles include supervising the government, can launch an inquiry with full investigative powers, including calling witnesses. The Senate can invite witnesses but not require them to appear. Law and Justice senators refused to accept the seats it was offered on the committee.

The post EU lawmakers urge inquiry into alleged abuse of NSO spyware appeared first on www.israelhayom.com.

Poland's most powerful politician has acknowledged that the country bought advanced spyware from the Israeli surveillance software maker NSO Group, but denied that it was being used to target his political opponents.

Follow Israel Hayom on Facebook, Twitter, and Instagram

Jaroslaw Kaczynski, the leader of Poland's ruling conservative party, Law and Justice, said in an interview that the software, Pegasus, is now being used by secret services in many countries to combat crime and corruption. He noted that Pegasus represents a technological advancement over earlier monitoring systems, which did not allow the services to monitor encrypted messages.

"It would be bad if the Polish services did not have this type of tool," Kaczynski said in an interview to be published in the Monday edition of the weekly Sieci, excerpts of which were published Friday by the wPolityce.pl news portal.

The interview follows exclusive reports by The Associated Press that Citizen Lab, a cyber watchdog group at the University of Toronto, found that three Polish government critics were hacked with NSO's Pegasus spyware.

On Thursday, Amnesty International independently verified the finding by Citizen Lab that Sen. Krzysztof Brejza had been hacked multiple times in 2019 when he was running the opposition's parliamentary election campaign. Text messages stolen from Brejza's phone were doctored and aired by state-controlled TV as part of a smear campaign in the heat of the race, which the populist ruling party went on to narrowly win.

Brejza now maintains that the election was not fair since the ruling party would have had access to his campaign's tactical thinking and plans.

The revelations have rocked Poland, drawing comparisons to the 1970s Watergate scandal in the United States and eliciting calls for an investigative commission in parliament.

Kaczynski said he sees no reason to set up such a commission, and he denied that the surveillance played any role in the outcome of the 2019 elections.

"There is nothing here, no fact, except the hysteria of the opposition. There is no Pegasus case, no surveillance," Kaczynski said. "No Pegasus, no services, no secretly obtained information played any role in the 2019 election campaign. They lost because they lost. They shouldn't look for such excuses today."

The other two Polish targets confirmed by Citizen Lab were Roman Giertych, a lawyer who represents opposition politicians in a number of politically sensitive cases, and Ewa Wrzosek, an independent-minded prosecutor.

Kaczynski's allies had previously denied that Poland purchased and used Pegasus.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

Polish Prime Minister Mateusz Morawiecki called the Citizen Lab-AP findings "fake news" and suggested a foreign intelligence service could have done the spying – an idea dismissed by critics who said no other government would have any interest in the three Polish targets.

Deputy Defense Minister Wojciech Skurkiewicz in late December said "the Pegasus system is not in the possession of the Polish services. It is not used to track or surveil anyone in our country."

Media reports say Poland purchased Pegasus in 2017, using money from the so-called Justice Fund, which is meant to help the victims of crimes and rehabilitate criminals. According to investigations by the TVN broadcaster and Gazeta Wyborcza daily, it is used by the Central Anti-Corruption Bureau, a special service created to combat corruption in public life that is under the political control of the ruling party.

"The public money was spent on an important public purpose, related to the fight against crime and the protection of citizens," Kaczynski said.

Dozens of high-profile cases of Pegasus abuse have been uncovered since 2015, many by a global media consortium last year, with the NSO Group malware employed to eavesdrop on journalists, politicians, diplomats, lawyers and human rights activists from the Middle East to Mexico.

The Polish hacks are considered particularly egregious because they occurred not in a repressive autocracy but in a European Union member state.

The post Polish leader denies NSO Group's spyware used to hack political opponents appeared first on www.israelhayom.com.

Security researchers said Thursday they found two kinds of commercial spyware on the phone of a leading exiled Egyptian dissident, providing new evidence of the depth and diversity of the abusive hacker-for-hire industry.

Follow Israel Hayom on Facebook and Twitter

One piece of malware recently found on an iPhone belonging to Ayman Nour, a dissident and 2005 Egyptian presidential candidate who subsequently spent three years in jail, originated with the increasingly embattled NSO Group of Israel. That company was recently blacklisted by Washington. The other was from a company called Cytrox, which also has Israeli ties. This was the first documentation of a hack by Cytrox, a little-known NSO Group rival.

The spyware was uncovered by digital sleuths at the University of Toronto's Citizen Lab, who said two different governments hired the competing mercenaries to hack Nour's phone. Both instances of malware were simultaneously active on the phone, investigators said after examining its logs. The researchers said they traced the Cytrox hack to Egypt but didn't know who was behind the NSO Group infection.

The researchers said in a report that the intrusions highlight how "hacking civil society transcends any specific mercenary spyware company."

In detailing the Cytrox infection, the researchers said they found the phone of a second Egyptian exile, who asked not to be identified, also hacked with Cytrox's Predator malware. But the bigger discovery, in a joint probe with Facebook, was that Cytrox has customers in countries beyond Egypt including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.

Facebook's owner, Meta, announced on Thursday a flurry of takedowns of accounts affiliated with seven surveillance-for-hire firms – including Cytrox – and notified about 50,000 people in more than 100 countries including journalists, dissidents and clergy who may have been targeted by them. It said it deleted about 300 Facebook and Instagram accounts linked to Cytrox, which appears to operate out of North Macedonia.

Cytrox's last known CEO, Ivo Malinkovski, could not be located for comment. He scrubbed his LinkedIn page earlier this month to remove mention of his Cytrox affiliation – though a coffee mug with the company name was in his profile photo. The business intelligence website Crunchbase says Cytrox was founded in a Tel Aviv suburb in 2017.

Citizen Lab researcher Bill Marzak said investigators found the malware on Nour's iPhone after it was "running hot" in June. He said the Cytrox malware appears to pull the same tricks as NSO Group's Pegasus product – in particular, turning a smartphone into an eavesdropping device and siphoning out its vital data. One captured module records all sides of a live conversation, he said.

Nour said in an interview from Turkey that he was not surprised by the discovery, as he's sure he has been under Egyptian surveillance for years. Nour said he suspected Egyptian military intelligence in the Cytrox hack. An Egyptian foreign ministry spokesman did not respond to calls and texts requesting comment.

Cytrox was part of a shadowy alliance of surveillance tech companies known as Intellexa that was formed to compete with NSO Group. Founded in 2019 by a former IDF officer and entrepreneur named Tal Dilian, Intellexa includes companies that have run afoul of authorities in various countries for alleged abuses.

Four executives of one such firm, Nexa Technologies, were charged in France this year for "complicity of torture" in Libya while criminal charges were filed against three company executives for "complicity of torture and enforced disappearance" in Egypt. The company allegedly sold spy tech to Libya in 2007 and to Egypt in 2014.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

On its website, Intellexa describes itself as "EU-based and regulated, with six sites and R&D labs throughout Europe," but lists no address. Its web page is vague about its offerings, although as recently as October it said that in addition to "covert mass collection" it provides systems "to access target devices and networks" via Wi-Fi and wireless networks. Intellexa said its tools are used by law enforcement and intelligence agencies against terrorists and crimes including financial fraud.

The Associated Press left messages for Dilian and also tried to reach Intellexa through a form on its website, but received no response.

In addition to his involvement in Intellexa, Dilian ran afoul of authorities in Cyprus in 2019 after showing off a "spy van" there to a Forbes reporter. His company was reportedly fined $1 million as result. He also founded and later sold to NSO Group a company called Circle Technologies, which geolocated cellphones.

The hacker-for-hire industry is facing increased scrutiny as well as regulatory and legal pressure. That includes a call by a group of US lawmakers this week to sanction NSO Group, Nexa and their top executives.

The Biden administration last month added NSO Group and another Israeli firm, Candiru, to a blacklist that bars US companies from providing them with technology. And Apple announced last month that it was suing NSO Group, with the tech giant calling the company's employees "amoral 21st century mercenaries." Facebook sued NSO Group in 2019 for allegedly violating its WhatsApp messenger app.

Earlier this month, the Defense Ministry said it was tightening oversight over cybersecurity exports to prevent abuse.

Citzen Lab researchers, who have been tracking NSO Group exploits since 2015, are skeptical. If NSO Group were to disappear tomorrow, competitors could step in without missing a beat with off-the-shelf replacement spyware, they say.

The firms targeted by Facebook in the takedowns announced Thursday included four Israeli companies: Cobwebs, Cognyte, Black Cube, and Bluehawk CI, as well India-based BellTroX and an unknown organization in China. They provide a variety of different kinds of surveillance activity, ranging from simple intelligence collection through fake accounts to wholesale intrusion.

Nour urged international action against hacker-for-hire firms, "whether it comes from Israel or anywhere else. In the end, the biggest problem is those who use these digital monsters to eat and kill innocent people." That includes nonviolent activists and journalists including Nour's late friend, Jamal Khashoggi.

The Saudi journalist was slain in 2018 at his country's Istanbul consulate and is also believed to have been targeted by phone-surveillance software.

The post Watchdog group exposes how deep spyware industry runs appeared first on www.israelhayom.com.