TEHRAN (FNA)- The mobile phones of at least two dozen Pakistani governmentofficials were allegedly targeted earlier this year with technology ownedby the Israeli spyware company NSO Group, The Guardian reported.
Scores of Pakistani senior defence and intelligence officials were amongthose who could have been compromised, according to sources familiar withthe matter who spoke on the condition of anonymity.
The alleged targeting was discovered during an analysis of 1,400 peoplewhose phones were the focus of hacking attempts in a two-week periodearlier this year, according to the sources.
All the suspected intrusions exploited a vulnerability in WhatsApp softwarethat potentially allowed the users of the malware to access messages anddata on the targets’ phones.
The discovery of the breach in May prompted WhatsApp, which is owned byFacebook, to file a lawsuit against NSO in October in which it accused thecompany of “unauthorised access and abuse” of its services.
The lawsuit claimed intended targets included “attorneys, journalists,human rights activists, political dissidents, diplomats, and other seniorforeign government officials”.
NSO has said it will vigorously contest the claim and has insisted that itstechnology is only used by law enforcement agencies around the world tosnare criminals, terrorists and paedophiles.
The alleged targeting of Pakistani officials gives a first insight into howNSO’s signature “Pegasus” spyware could have been used for “state-on-state”espionage.
The details also raise fresh questions about how NSO’s clients use itsspyware.
“This kind of spyware is marketed as designed for criminal investigations.But the open secret is that it also winds up being used for politicalsurveillance and government-on-government spying,” said John Scott-Railton,a senior researcher at the Citizen Lab, an academic research group locatedat the University of Toronto that has worked with WhatsApp to help identifyvictims of the alleged hacks.
“Spyware companies are clearly contributing to the proliferation ofstate-on-state technological espionage. No government seems particularlyimmune. This is probably further stretching the patience of governmentsaround the world with this industry,” he added.
The Pakistani embassies in London and Washington declined multiple requestsfor comment. WhatsApp declined to comment.
Representatives for NSO declined to comment on questions about whether thecompany’s software had been used for government espionage.
The company has previously said it considered it a “misuse” of its productif the software was used for anything other than the prevention of “seriouscrime and terrorism”.
While it is not clear who wanted to target Pakistani government officials,the details are likely to fuel speculation that India could have been usingNSO technology for domestic and international surveillance.
Read Top Stories
The government of the Indian prime minister, Narendra Modi, is facingquestions from human rights activists about whether it has bought NSOtechnology after it emerged that 121 WhatsApp users in India were allegedlytargeted earlier this year.
The figure included about two dozen alleged victims who are journalists,activists and human rights lawyers, a fact that prompted Modi opponents inthe Indian National Congress to seek a supreme court inquiry into thematter.
Pakistan has not publicised the alleged hack, but there are signs thegovernment, led by the prime minister, Imran Khan, is taking steps toaddress the matter.
Dr Arslan Khalid, who serves as Khan’s top adviser on digital issues, hassaid in local press reports that the government is working on developing analternative to WhatsApp to be used for sensitive government data and otherclassified information.
Government officials in Pakistan’s ministry of information technology havealso reportedly advised officials to stop sharing classified informationover WhatsApp and replace smartphones that were purchased before May 2019,according to local press reports.
NSO has repeatedly said that its spyware is only meant to be used to combatterrorism and other crimes, such as child abduction and sex crimes. Thecompany has claimed that the use of its spyware by governments has saved“thousands of lives”.
NSO has also put a new human rights policy in place that is meant to“prevent and mitigate” abuse of its spyware. The policy states that NSOcustomers have “contractual obligations” to limit the use of the company’sproducts to the “prevention and investigation of serious crimes, includingterrorism, and to ensure the products will not be used to violate humanrights”.
NSO has not commented on whether it has pursued any internal investigationsinto the alleged WhatsApp hack.
India was first linked to NSO in 2018, when a report by the Citizen Labidentified 36 Pegasus “operators” who were found to be using the malware in45 countries. One operator, which the Citizen Lab identified and codenamed“Ganges”, was found to have been active since 2017 and had infected mobilephones in five locations: India, Bangladesh, Brazil, Hong Kong andPakistan. The Citizen Lab did not identify who it believed was behind“Ganges” but the data in its report indicated that most of the networkswith infections were in India.
Apar Gupta, the executive director of the Internet Freedom Foundation(IFF), said in an interview with The Guardian that the Modi government hadbeen evasive in answering questions by activists about whether or not thegovernment had ever bought or licensed NSO technology.
Ravi Shankar Prasad, the Indian technology minister, said in a tweet on 31October after news of the alleged Indian victims emerged that India was“concerned at the breach of privacy” on WhatsApp. When pressed aboutwhether the government had any contracts with NSO, the Indian ministry ofhome affairs said that “no information” existed about the government everordering Pegasus, according to local reports.
The Indian embassy in Washington declined to comment.
