- At least nine State Dept. officials had their phones hacked with software from the NSO Group, Reuters reported.
- NSO Group, an Israel-based company, was recently blacklisted by the Biden administration.
- An NSO spokesperson disputed the allegations, stating that the company would cooperate “with any relevant government authority.”
The iPhones of at least nine State Department employees were hacked using software from NSO Group, an Israel-based company that sells one of the world’s most effective spyware systems, according to a new report from Reuters.
The hack targeted US officials who live in or focus on Uganda, the report said, but the perpetrator of the breach is unknown. The Washington Post reported that 11 officials were alerted by Apple in recent months that their phones had been hacked with the NSO software, which is known as Pegasus.
“If our investigation shall show these actions indeed happened with NSO’s tools, such customer will be terminated permanently and legal actions will take place,” an NSO spokesperson told Reuters. The spokesperson added that the company will “cooperate with any relevant government authority and present the full information we will have.”
In a statement to Insider, an NSO spokesperson said, “Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations. To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case.”
“To clarify, the installation of our software by the customer occurs via phone numbers. As stated before, NSO’s technologies are blocked from working on US (+1) numbers. Once the software is sold to the licensed customer, NSO has no way to know who the targets of the customers are, as such, we were not and could not have been aware of this case,” the spokesperson added.
Researchers believe Pegasus systems can break into smartphone devices via multiple routes, some of which need no action by the smartphone owner, and grant the hacker access to call records, photos, and web browser histories or even turn the phone into a listening device.
A State Department spokesperson in a statement to Insider said the department could not confirm the report but added that it “takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected.”
“Like every large organization with a global presence, we closely monitor cybersecurity conditions, and are continuously updating our security posture to adapt to changing tactics by adversaries,” the spokesperson added.
“As part of its commitment to put human rights at the center of U.S. foreign policy, the Biden-Harris Administration is taking action to stem the proliferation and misuse of digital tools used for repression. This effort is aimed at improving citizens’ digital security, combating cyber threats, and mitigating unlawful surveillance,” the spokesperson said, pointing to the administration’s recent blacklisting of the NSO Group.
Last month, the US Commerce Department blacklisted NSO and another Israeli firm, Candiru. The Israeli firms were blacklisted “based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” the department said in a statement.
NSO Group’s spyware has allegedly targeted the smartphones of journalists and dissidents, including those close to the late Saudi journalist Jamal Khashoggi, who was murdered in a Saudi consulate in 2018.
In a statement on Friday, the National Security Council said, “We have been acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to US personnel, which is one of the reasons why the Biden-Harris Administration has placed several companies involved in the development and proliferation of these tools on the Department of Commerce’s Entity List.”
Apple has also sued the NSO Group for allegedly targeting and surveilling iPhone users with the Pegasus spyware.
The Israeli embassy told Reuters that using spyware on US officials would represent a “severe violation” of its rules.