French authorities conducted forensic inv of phone belonging to French journalist and found evidence of NSO's Pegasus spyware on it. The journo's phone # was on list that Pegasus Project obtained, but the phone had not previously been analyzed by Amnesty. lemonde.fr/projet-pegasus…
Correction: it appears what they found was evidence the phone had been targeted for Pegasus - presumably it received a txt msg. "We find in effect the same e-mail addresses attached to Apple accounts used by the attacking infrastructure of the NSO Group's Moroccan customer."
From translation of article: "These identifiers...were also found among other Pegasus Moroccan targets, notably Omar Radi, an imprisoned Moroccan journalist, Claude Mangin, a former Sahara militant who had also been imprisoned in Morocco"
"These traces show that the spy software is interested in the phone call of this journalist in three installments: in May 2019, in September 2020 and January 2021."
Note - I said it appears that a txt msg was sent to the phone from an account known to be associated with an NSO client's previous activity. I meant it appears a silent message was sent to the phone - not a txt msg that the user would see.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Israel Defense Ministry *visited* office of NSO Group today - the maker of Pegasus. "Reps from a number of bodies came to NSO today to examine the publications and allegations raised in its case." I initially tweeted that it was a raid; but it appears media misreported that
NSO confirmed that government representatives visited its office today: “We welcome their inspection... We are confident that this inspection will prove the facts are as declared repeatedly by the company against the false allegations,” the company said in a statement.
Yediot Ahronot, one of Israel's largest newspapers, says the gov has launched an investigation into the allegations against NSO, and the visit at the company's office was pre-arranged with NSO. ynet.co.il/news/article/r…
Amnesty says the Israeli media mis-reported a statement it gave them in Hebrew about the list of 50,000 phone numbers. See here: thewire.in/tech/fact-chec…
But I obtained the full Hebrew statement they gave reporters, and the Israeli media quoted it correctly.
As I noted in tweet yesterday, Amnesty International's Israeli spokesman sent Hebrew statement to Israeli media saying "Amnesty has never presented this list as 'NSO's Pegasus Spyware List', although some of the world's media may have done so." That is in fact what statement said
The issue is Israeli media pulled quotes from lengthy Amnesty statement without context around the quotes, which gave better picture of what Amnesty was saying. My tweets quoted Israeli media report, which was all I could see. But now you can see Amnesty's entire statement.
Amnesty says it never claimed list was NSO: "Amnesty International has never presented this list as a 'NSO Pegasus Spyware List', although some of the world's media may have done so..list indicative of the interests of the company's clients" calcalist.co.il/technology/art…
h/t @ersincmt
"Amnesty, and the investigative journalists and media outlets they work with have made clear from the outset in very clear language that this is a list of numbers marked as numbers of interest to NSO customers" - meaning they are the kind of ppl NSO clients might like to spy on
So Amnesty is essentially saying now that the list contains the *kind* of people NSO's clients would ordinarily be interested in spying on, but the list isn't specifically a list of people who were spied on -- though a very small subset of people on the list were indeed spied on
Hmm. NSO CEO says he heard about list of phone #s last month. "an information broker...said that there is a list circulating in the market and that whoever holds it is saying that the NSO servers in Cyprus were hacked... We don't have servers in Cyprus" calcalistech.com/ctech/articles…
NSO's CEO says: "two different clients...said that brokers have come to them claiming...they have a list related to NSO. We looked over [list]...and it slowly became clear to us that it is an HLR Lookup server and has nothing to do with NSO. We understood that this was a joke"
NSO's CEO adds: "This is an attempt to build something based on a crazy lack of information. They say that the list was leaked, but where was it leaked from?... Who does it belong to? Who held it? Why don't we have this information? This is the absurdity here."
Israel secretly authorized Israeli cyber-surveillance firms to work for gov of Saudi Arabia, despite international condemnation of kingdom’s abuse of surveillance tools to crush dissent and even after Saudi killing of journalist Jamal Khashoggi nytimes.com/2021/07/17/wor…
After murder of Khashoggi, NSO Group canceled its contracts w/ Saudi Arabia amid accusations that its tools were being misused by the kingdom. But Israeli gov encouraged NSO and two other firms to continue working w/ Saudis, and issued new license for a fourth to do similar work
Israel has licensed 4 Israeli firms to sell surveillance software to Saudis - NSO Group, Candiru, Verint, and Quadream. "Cellebrite, which manufactures physical hacking systems for mobile phones, has also sold its services to the Saudi gov, but without ministry approval"
DoJ did something remarkable when it sought email records of WaPo journos - not from an email provider but from the security firm Proofpoint. Why do this? I discuss reasons👇. DNS records show Proofpoint filtering Post email since 2015, CNN email since '17 zetter.substack.com/p/justice-depa…
DNS record shows Proofpoint server (pphosted.com) filtering WaPo email, which is why DoJ went after them for email data. Experts told me the move is troubling. It signals DoJ is willing to seek info from any company that touches comms, regardless of how tangential.
"it’s a warning to customers that even if their [email or cloud] provider has strong protections against improper law enforcement requests, the government 'can bypass that by going to a service provider that layers on top of that provider,'" EFF's @kurtopsahl told me.