Apple sues Israeli spy firm NSO Group

A Palestinian vendor displays Apple products in Gaza City (Mahmoud Ajjour - APA Images)

Ali Abunimah

The Electronic Intifada  /  November 24, 2021

Apple is the latest Silicon Valley giant to sue a notorious Israeli spyware firm.

The iPhone maker announced Tuesday that it had filed a lawsuit against NSO Group and its parent company “to hold it accountable for the surveillance and targeting of Apple users.”

Apple also wants to permanently ban NSO Group from using any of its software, services or devices.

“NSO Group and its clients devote the immense resources and capabilities of nation-states to conduct highly targeted cyberattacks, allowing them to access the microphone, camera and other sensitive data on Apple and Android devices,” Apple said Tuesday.

“Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,” said Ron Deibert, director of Citizen Lab at the University of Toronto.

Deibert applauded the lawsuit and said he hoped that by filing it, “Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behavior.”

Apple credited Citizen Lab along with Amnesty International for documenting how NSO Group’s Pegasus spyware has been used by governments to target human rights workers and journalists all over the world.

Recently, the two organizations confirmed that Pegasus was used to spy on employees of several Palestinian human rights groups that Israel last month designated as “terrorists” in an effort to smear and sabotage their work documenting its crimes.

Earlier this month, a US federal judge denied a motion by NSO Group to dismiss a lawsuit filed by WhatsApp and its parent company Facebook – now rebranded as Meta – over the targeting of 1,400 of its users with Pegasus spyware in 2019.

Countries where there has been significant use of Pegasus spyware include Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia and the United Arab Emirates.

Dozens of journalists in numerous other countries including Britain, France, Spain, Hungary and India have also been identified as potential targets.

NSO Group says it only sells its technology to governments.

“New security protections” for iPhones

Citizen Lab revealed in October that a prominent New York Times journalist who has previously reported on NSO Group and is writing a book on Saudi Arabia had been targeted with Pegasus repeatedly.

The research group said it was unable to confirm who carried out those attacks, but it believed that the operator responsible for one of the hacks on the Times journalist “is also responsible for the hacking of a Saudi activist in 2021.”

While seeking to stop further abuse by NSO Group, Apple is also reassuring customers that it has blocked all the known routes by which Pegasus infected its devices.

The company said its latest iPhone operating system iOS 15 “includes a number of new security protections.” Apple also asserts that it “has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions.”

Apple reiterated that users should always make sure their devices are running the latest software.

“The steps we’re taking today will send a clear message,” Ivan Krstić, head of Apple security engineering, said. “In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place.”

The company said it would contribute $10 million as well as any damages received from the lawsuit “to organizations pursuing cyber-surveillance research and advocacy.”

US sanctions may bankrupt firm

The move from Apple is only the latest woe to hit NSO Group.

Along with another Israeli company, Candiru, NSO Group was recently blacklisted by the US government for making spyware used by foreign governments “to maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers.”

Candiru’s spyware is suspected to have been used in attacks on some 20 websites since 2020, including the publication Middle East Eye.

ESET, the cybersecurity firm that documented the Candiru attacks, said the targets had “links to the Middle East and a strong focus on Yemen and the surrounding conflict.”

They also included websites belonging to Iran’s foreign ministry, Syria’s electricity ministry and a site run by Saudi dissidents.

Following the US blacklisting, NSO Group’s new CEO jumped ship just a week after his appointment.

Israel considers NSO Group “a crucial element of its foreign policy and is lobbying Washington to remove the company from the blacklist,” The New York Times reported earlier this month.

In the meantime, the cost of crossing the United States – which described its blacklisting of the Israeli firms as “part of the Biden-Harris administration’s efforts to put human rights at the center of US foreign policy” – is mounting.

This week credit rating company Moody’s said that NSO Group was at risk of defaulting on $500 million in loans because the US sanctions on the firm will make it harder to raise money and find new customers.

Global threat from Israel

Notwithstanding the difficulties NSO Group and Candiru are facing, there should be no illusion that the threat to privacy, free speech and political freedom emanating from Israel’s government-backed cyberwarfare industry will abate any time soon.

Israel is reportedly testing powerful facial recognition systems on the captive Palestinian population in the occupied West Bank, enabling real-time, widespread surveillance.

Israel can also listen to every telephone conversation taking place in the West Bank and Gaza Strip, Middle East Eye reported earlier this month, citing a former member of Unit 8200, the Israeli military’s electronic spying division.

“Every mobile or phone imported into Gaza through the Kerem Shalom crossing – in Gaza’s south – is implanted with an Israeli bug, and anyone using the only two mobile networks serving the occupied territories – Jawwal and Wataniya – is being monitored as well,” the publication asserted, citing the unnamed whistleblower.

The Palestinians Israel targets fall into two groups: The first are those who are politically active or who represent what Israel considers a “security” threat. The second group is Palestinians who can be blackmailed.

“It might be finding gays who can be pressured to report on their relatives, or finding some man who is cheating on his wife,” the Unit 8200 veteran told Middle East Eye. “Finding someone who owes money to someone, let’s say, means that he can be contacted and offered money to pay his debt in exchange for his collaboration.”

This report corroborates what a group of Unit 8200 veterans revealed to The Guardian in 2014.

Information obtained through mass surveillance of Palestinians has also been used to plan and execute violence. One veteran stated in 2014 that Unit 8200 members use the expression “blood on the headset,” or mark their headsets with an “X” following an assassination.

Many Unit 8200 veterans go on to lucrative employment in private spying firms includingCandiru NSO Group and the United Arab Emirates-owned firm DarkMatter.

There was also outrage among members of Britain’s Labour Party earlier this year after The Electronic Intifada revealed that Keir Starmer hired a former Unit 8200 spy to work in his office when he took over from Jeremy Corbyn as party leader.

Ali Abunimah – co-founder of The Electronic Intifada and author of The Battle for Justice in Palestine (Haymarket Books