NSO Group Malware Targeted French President, Mexico President’s Inner Circle

NSO Group’s Project Pegasus apparently targeted the French president as well as Mexico’s presidential inner circle.

It seems that the NSO Group story is getting legs. Over the weekend, data leaked from NSO Group detailing who was the target of Project Pegasus – military grade spyware. The initial details of the leak suggest that about 50,000 people were targeted by the malware. Those targeted include activists and journalists. In response, Amazon shut down accounts linked to NSO Group. It’s unclear if, or by how much, that move affected the organizations operations.

Throughout the debate, NSO Group said that their malware is used to target criminals and terrorists. They further said that their clients are “vetted”. That argument is taking a hit today because the people affected include high ranking politicians. This includes French President Emmanuel Macron. From Amnesty International:

New evidence uncovered by the Pegasus Project has revealed that the phone numbers for 14 heads of state, including French President Emmanuel Macron, Pakistan’s Imran Khan and South Africa’s Cyril Ramaphosa, as well as hundreds of government officials, were selected as people of interest by clients of spyware company NSO Group.

Amnesty International’s Secretary General Agnes Callamard said:

“The unprecedented revelation that the phones of at least fourteen heads of state may have been hacked using NSO Group’s Pegasus spyware should send a chill down the spine of world leaders.

“We have long known that activists and journalists are targets of this surreptitious phone-hacking – but it’s clear that even those at the highest levels of power cannot escape the sinister spread of NSO’s spyware. NSO Group can no longer hide behind the claim that its spyware is only used to fight crime – it appears that Pegasus is also the spyware of choice for those wanting to snoop on foreign governments.

“The damning revelations of the Pegasus Project underscore the urgent need for strong regulation to reign in a wild west surveillance industry. States must implement a global moratorium on the export, sale, transfer and use of surveillance equipment until a robust human rights-compliant regulatory framework is in place.

“NSO Group must immediately stop selling its equipment to countries with a track record of putting human right defenders and journalists under unlawful surveillance.

Meanwhile, Reuters is pointing out that the inner circle of president of Mexico was also the target of this malware:

MEXICO CITY, July 19 (Reuters) – Mexican President Andres Manuel Lopez Obrador’s inner circle, politicians from every party, dissidents and journalists were potential targets for surveillance by a government client of the Israeli spyware company NSO Group, The Guardian reported on Monday.

At least 50 people close to Lopez Obrador were potentially targeted between 2016 and 2017 ahead of his election in 2018, including his wife, children and siblings, The Guardian said.

The Guardian’s reporting is based on what the newspaper and others have said was a leak of more than 50,000 phone numbers it said were selected for possible surveillance by NSO Group’s government clients around the world.

The list, first accessed by the French nonprofit journalist outlet Forbidden Stories and advocacy group Amnesty International, was shared with The Guardian and more than a dozen other news outlets.

Over the last decades, there have been various efforts to legitimize malware. Observers have long warned that there is no way that this will ever end well. If malware can be used, it can very easily be abused as well. An example is from 2009 during the French LOPPSI 2 debate. At the time, the idea that police were openly wanting to use malware in the first place really stretched realistic possibility, even I had to ask if the story was real. When it turned out that everything about the stories was true, experts at the time debated the legislation and the general consensus was that this idea is a bad one for a number of reasons. One reason is that if the malware can be used, it can be abused as well.

Fast forward to today and the French president is, ironically, one of the targets of the malware. After all of these years, the argument against the legitimization of malware still stands: if it can be used, it can be abused as well. The only real difference between then and now is that this is a private company producing and selling the malware. That is obviously no better. More spectacularly is the fact that this idea that the malware can be abused is seemingly in the process of being proven this time around.

As long as there are efforts to legitimize the use of malware, there will always be the potential for it to be abused. That aspect will never change. It hasn’t changes since 2009 and it won’t change in the next 12 years either. So, the push by Amnesty International to put a moratorium on such technology is hard to disagree with here. Whether or not there will be a push by countries to follow through on something like that remains to be seen. Still, this is proving to be a rather vivid wake-up call.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: