The Munk-ey on the Back of NSO Group
April 20, 2022
The Munk School at the University of Toronto has a keen interest in the NSO Group. I read “CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru.” (I wish someone would ask me about the candiru at a dinner party. I really want to answer using my own style of expressing myself. Ah, you don’t know about the penis centric creature? Knowing can be helpful before a dip in certain South American rivers and streams.)
Back to munk-ey on NSO Group’s back.
The write up states:
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware. At least 63 were targeted or infected with Pegasus, and four others with Candiru. At least two were targeted or infected with both. Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organizations. Family members were also infected in some cases.
What’s interesting is that the Munk folks want to prevent a government from performing certain actions. How’s that working out for those who want to influence Mr. Putin. A commercial enterprise sells to a government agency, how exactly is the vendor supposed to prevent a nation state from doing what it wants?
The write up focuses on political issues, and the NSO Group’s technology is not an interesting system with useful functions. The platform becomes the equivalent of Darth Vader’s favorite light saber. How will the Munk experts control an entity its researchers deem Darth Vader pretenders?
Yeah, how would that play out?
The write up is interesting and reveals quite a bit of research.
However, the more significant issue is one which is ignored. Technology can be placed in a context. The context then defines the technology. Our present context is that technology facilitates weaponization. The ethical underpinnings of behavior, in my opinion, have been torn or removed.
Thus, the Munk team is talking about technology and seems to be disinterested in what is allowing outfits like NSO Group become a ping pong ball. Without a net, there is no game.
Perhaps the net is a thing which can be put front and center? Legacies of Roman rule, control of national state officials, and the inherent badness of core mobile phone functions are a way to let off emotional steam?
What about no click exploits for Android devices? Perhaps that is next up on the Munk agenda?
Stephen E Arnold, April 20, 2022
Tim Apple and Unintended Consequences: AirPods?
April 19, 2022
Apple in my opinion emphasizes privacy. (How about the iPhone and the alleged NSO Group Pegasus functionality?) “Ukrainians Are Tracking the Movement of Russian Troops Thanks to One Occupier Looter with AirPods.” I am not sure if the write up is accurate. The source says “truth.” But…
The tracking thing is interesting; for example, Phone home malware on an iPhone, an AirTag hidden on a Russian T-14 Armata, or AirPods. Head phones? Yep.
The cited article reports:
A Russian soldier stole [a Ukrainian’s] AirPods (wireless headphones) when looting [the Ukrainian’s] apartment while Russian occupying forces were in Gostomel. Russian soldiers withdrew, but thanks to the technology on Apple devices, Ukrainians can keep track of where their headphones are. Find My technology on Apple devices lets you find the location of a lost device on the map if it’s near Bluetooth smartphones or connected to Wi-Fi.
What can one do with the help geo-location functions? One idea is to use the coordinates as a target for a semi-smart missile. (This is not a criticism of smart software. It is part of the close enough for horseshoes methods which can often deliver the payload somewhere unintended.)
Now about that Tim Apple privacy thing? Pravda or falsehood?
Stephen E Arnold, April 19, 2022
The Value of the NSO Group? Probably More Than Zero
April 19, 2022
The Financial Times published “NSO Group Deemed Valueless to Private Equity Backers.” The orange newspaper stated that a consulting firm studied the intelware outfit and provided information with this startling number. There’s a legal dust up underway, and my hunch is that legal eagles will flock to this situation: Alleged misuse of the Pegasus system, financial investments, and the people involved in assorted agreements. The story points out that NSO Group is “not a party” to this particular lawsuit. The folks funding the legal eagles are a consulting outfit called Berkeley Research Group. An outfit called Novalpina Capital convinced some to put money into the cyber gold mine. Then the PR spotlight illuminated NSO Group and a torrent flowed downhill knocking down some once impregnable structures. Plus the FT’s article references to an outfit called Integrity Partners who, according to the Financial Times, are willing to buy NSO Group for several hundred million dollars. Is this a good deal? In my opinion, something is better than zilch.
An unnamed NSO Group spokesperson indicated that the NSO Group’s system was of interest to many customers. If this is true, wasn’t the most recent license deal inked in mid 2021 for the platform? My thought is that the company’s proprietary technology would be of interest to other intelware firms interested in obtaining the licensee base and the platform which might benefit from newer, more sophisticated geo-spatial functionality which I will describe in my OSINT lecture at the US National Cyber Crime Conference on April 26, 2022. Sorry, the info is not for a free blog, gentle reader.
In my opinion, the referenced write up presents a fairly chaotic snapshot of the players, the valuation, and the legal trajectory for this matter. We need to bear in mind that NSO Group is hitting up the US Supreme Court and dealing with its Tim Apple issues.
One thing is crystal clear to me: The NSO Group’s misstep is now sending out concentric pulses which are extremely disruptive to entities rarely in the public spotlight. This is unfortunate and underscores why the Silicon Valley Tel Aviv style is not appreciated in some upscale social circles.
Stephen E Arnold, April 19, 2022
FinFisher: Grilled or Fried?
April 18, 2022
I read “Criminal Complaint against Illegal Export of Surveillance Software Is Making an Impact: The FinFisher Group of Companies Ceases Business Operations after Its Accounts Are Seized by Public Prosecutor’s Office.” FinFisher was a developer of specialized software and services. The write up quotes Gesellschaft für Freiheitsrechte e.V.’s spokesperson as saying:
“FinFisher is dead. Its business with illegal exports of surveillance software to repressive regimes has failed. This is a direct success of our criminal complaint.
The company’s system, according to the write up allows “police and secret services [to] pinpoint a person’s location, record their telephone conversations and chats and read all their mobile phone and computer data.”
Stephen E Arnold, April 18, 2022
NSO Group to US Supreme Court: Help!
April 14, 2022
The “real news” outfit the Associated Press ran an article called “NSO Turns to US Supreme Court for Immunity in WhatsApp Suit.” The main idea is that Zuckbook’s lawsuit has to go away. The legal dust up dates from 2019. Zuckbook alleges that NSO Group zapped more than 1,000 users of WhatsApp, a popular instant messaging service. WhatsApp delivers alleged end to end encrypted messaging (EE2E). Intercepting content WhatsApp users think is secure can deliver some high value intelligence if available to certain professionals. NSO Group’s idea is that it is a “foreign government agent.” As such, NSO Group cannot be hassled for its specialized software and services. Why is the issue at the US Supreme Court? The answer is that in previous legal proceedings, federal court rulings said, “Sorry. Zuckbook’s case goes forward.”
I am no attorney, but the sovereign immunity angle sounds good: Intelware, used by some US allies, and good at what it does. The reasoning of the courts is that the NSO Group is not going to get the sovereign “get out of jail free” card in this Monopoly game. Why? According to the information in the write up, NSO Group is software, not an “agent.”
Three observations:
- NSO Group is hoping the third time is a charm in US courts it seems.
- The company just cannot stay out of the newsfeeds. Maybe its management team should start a PR firm.
- The Supreme Court can be picky about what it takes on and when it does accept a case, the outcome can be surprising, very surprising.
Net net: The intelware sector is likely to find itself under more intense scrutiny as the endless barrage of NSO Group publicity flows.
Stephen E Arnold, April 14, 2022
NSO Group: Another Admission, This One Is Very, Very Negative
April 13, 2022
I don’t have much to say about the allegations in “NSO Confirms It Gave Israeli Police Access to Malware to Spy on Israelis.” The write up states:
The world’s foremost purveyor of zero-click exploits capable of completely compromising phones of targets is still in damage control mode. The damage can no longer be controlled, though. So, it’s basically just NSO admitting the nasty things said about have been mostly true.
The article does not pull punches:
If Hulio [a big wheel at NSO Group] wants to argue about the specifics of Israeli surveillance law, that’s one thing. But to claim that “listening in on calls” and turning phones into “listening devices” isn’t spying is absurd. Even in its weakened state, the spyware was completely capable of doing plenty of surveillance. And Hulio freely admits it was used to target Israelis. That is domestic surveillance. Lawful or not, that’s what happened and that’s what NSO enabled.
I believe that NSO Group manifested the confidence and “we can do what is possible”. Unfortunately the company’s management has created some challenges for the intelware sector. There’s the frightening aspect of spyware on a phone which embeds itself without the owner of the phone clicking, answering, or tapping. Then there’s the alleged link between the Pegasus and related technology and some unfortunate outcomes. (In my book, being killed is a Grade A unfortunate outcome.) Also less robust intelware outfits operating out of Israel have to check in with a den mother before following their sales instincts and closing some deals.
The disappointing facet of this very public discussion of NSO Group’s technology and business approach is that law enforcement may find that certain technology will not be sold or licensed by some vendors. Period. That’s not helpful in my opinion. The intelware sector is going to have to relearn the policies and procedures of low profile behavior and enforcing secrecy. Can these vendors learn some new tricks? Sure. But now with reporters chasing intelware developers and lawyer circling, has the once unlimited opportunity space been converted into a digital Shrinky Dink? (Don’t know about Shrinky Dinks? Click here.)
Stephen E Arnold, April 13, 2022
NSO Group Update: Surprise! We Knew Zippo
April 13, 2022
I find it interesting that Reuters in the midst of a war, a Covid thing, and economic craziness has the desire to recycle themes about the NSO Group. “Exclusive: Senior EU Officials Were Targeted with Israeli Spyware” reports that the intelware vendor is still snagged in brambles. The news story reports that Reuters’ reporters reviewed some documents which apparently reveal more interesting applications of Pegasus and possibly other specialized services provided by the Israeli company. The alleged spying popped up as a note from the very big, very privacy talking outfit Apple. I think it would be unnerving to receive a notice like “you may be targeted” instead of “Confirm your Apple payment information.”
The trusted news source (yes, that would be Thomson Reuters) included a statement from NSO Group that suggested the firm’s specialized software was not able to perform alleged spying on EU officials. The story points out that examination of mobile devices did not reveal a smoking gun or smoking bits as it were.
Several observations:
- Real journalists from Thomson Reuters are watching NSO Group and information about the firm. I interpret this attention to mean, “More stories about NSO Group will be coming down the information highway.”
- NSO Group continues to point out that the company is mostly in the dark when these allegations become real news.
- Legal eagles will flock and frolic in Brussels and then take off, head east, and drop bundles of assorted legal documents on the individuals still working at NSO Group.
- NSO Group will get a lot of booth traffic at the ISS Telestrategies Conference in Prague in a few weeks.
Net net: The amping up of public information about NSO Group in particular and intelware in general is not helpful to a number of agencies and companies. (I spoke with a US vendor of intelware as part of the research for my Spring lectures. A spokesperson for the company said on a Zoom call, “Please, do not mention our firm to those in your law enforcmeent audiences.” The reason: The company wants to sell to marketing firms, not government agencies. Too much risk.)
Stephen E Arnold, April 13, 2022
NSO Group Knock On: More Attention Directed at Voyager Labs?
April 12, 2022
Not many people know about Voyager Labs, its different businesses, or its work for some government entities. From my point of view, that’s how intelware and policeware vendors should conduct themselves. Since the NSO Group’s missteps have fired up everyone from big newspaper journalists to college professors, the once low profile world of specialized software and services has come to center stage. Unfortunately most of the firms providing these once secret specialized functions are, unlike Tallulah Bankhead, ill prepared for the rigors of questions about chain smoking and a sporty life style. Israeli companies in the specialized software and services business are definitely not equipped for criticism, exposure, questioning by non military types. A degree in journalism or law is interesting, but it is the camaraderie of a military unit which is important. To be fair, this “certain blindness” can be fatal. Will NSO Group be able to survive? I don’t know. What I do know is that anyone in the intelware or policeware game has to be darned careful. The steely gaze, the hardened demeanor, and the “we know more than you do” does not play well with an intrepid reporter investigating the cozy world of secretive conferences, briefings at government hoe downs, or probing into private companies which amass user data from third-party sources for reselling to government agencies hither and yon.
Change happened.
I read “On the Internet, No One Knows You’re a Cop.” The author of the article is Albert Fox-Cahn, the founder and director of STOP. Guess what the acronym means? Give up. The answer is: The Surveillance Technology Oversight Project.
Where does this outfit hang its baseball cap with a faded New York Yankees’ emblem? Give up. The New York University Urban Justice Center. Mr. Fox-Cahn is legal type, and he has some helpers; for example, fledgling legal eagles. (A baby legal eagle is technically eaglets or is it eaglettes. I profess ignorance.) This is not a Lone Ranger operation, and I have a hunch that others at NYU can be enjoined to pitch in for the STOP endeavor. If there is one thing college types have it is an almost endless supply of students who want “experience.” Then there is the thrill of the hunt. Eagles, as you know, have been known to snatch a retired humanoid’s poodle for sustenance. Do legal eagles enjoy the thrill of the kill, or are they following some protein’s chemical make up?
The write up states:
Increasingly, internet surveillance is operating under our consent, as police harness new software platforms to deploy networks of fake accounts, tricking the public into giving up what few privacy protections the law affords. The police can see far beyond what we know is public on these platforms, peaking behind the curtains at what we mean to show and say only to those closest to us. But none of us know these requests come from police, none of us truly consent to this new, invasive form of state surveillance, but this “consent” is enough for the law, enough for the courts, and enough to have our private conversations used against us in a court of law.
Yeah, but use of public data is legal. Never mind, I hear an inner voice speaking for the STOP professionals.
The article then trots through the issues sitting on top of a stack of reports about actions that trouble STOP; to wit, use of fake social media accounts. The idea is to gin up a fake name and operate as a sock puppet. I want to point out that this method is often helpful in certain types of investigations. I won’t list the types.
The write up then describes Voyager Labs’ specialized software and services this way:
Voyager Labs claims to perceive people’s motives and identify those “most engaged in their hearts” about their ideologies. As part of their marketing materials, they touted retrospective analysis they claimed could have predicted criminal activity before it took place based on social media monitoring.
Voyager Labs’ information was disclosed after the Los Angeles government responded to a Brennan Center Freedom of Information Act request. If you are not familiar with these documents, you can locate at this link which I verified on April 9, 2022. Note that there are 10,000 pages of LA info, so plan on spending some time to locate the information of interest. If you want more information about Voyager Labs, navigate to the company’s Web site.
Net net: Which is the next intelware or policeware company to be analyzed by real news outfits and college professors? I don’t know, but the revelations do not make me happy. The knock on from the NSO Group’s missteps are not diminishing. It appears that there will be more revelations. From my point of view, these analyses provide bad actors with a road map of potholes. The bad actors become more informed, and government entities find their law enforcement and investigative efforts are dulled.
Stephen E Arnold, April 12, 2022
NSO Group, the PR Champ of Intelware Does It Again: This Time Jordan
April 11, 2022
I hope this write up “NSO Hacked New Pegasus Victims Weeks after Apple Sought Injunction” is one of those confections which prove to be plastic. You know: Like the plastic sushi in restaurant windows in Osaka. The news report based on a report from Citizen Lab and an outfit called Front Line Defenders delineates how a Jordanian journalist’s mobile device was tapped.
The article reports:
The NSO-built Pegasus spyware gives its government customers near-complete access to a target’s device, including their personal data, photos, messages and precise location. Many victims have received text messages with malicious links, but Pegasus has more recently been able to silently hack iPhones without any user interaction, or so-called “zero-click” attacks. Apple last year bolstered iPhone security by introducing BlastDoor, a new but unseen security feature designed to filter out malicious payloads sent over iMessage that could compromise a device. But NSO was found to have circumvented the security measure with a new exploit, which researchers named ForcedEntry for its ability to break through BlastDoor’s protections. Apple fixed BlastDoor in September after the NSO exploit was found to affect iPads, Macs, and Apple Watches, not just iPhones.
This is “old news.” The incident dates from 2021, and since that time the MBA infused, cowboy software has sparked a rethinking of how software from a faithful US ally can be sold and to whom. Prior to the NSO Group’s becoming the poster child for mobile surveillance, the intelware industry was chugging along in relative obscurity. Those who knew about specialized software and services conducted low profile briefings and talks out of the public eye. What better place to chat than at a classified or restricted attendance conference? Certainly not in the pages of online blogs, estimable “real news” organs, or in official government statements.
Apple, the big tech company which cares about most of its customers and some of its employees (exceptions are leakers and those who want to expose certain Apple administrative procedures related to personnel), continues to fix its software. These fixes, as Microsoft’s security professionals have learned, can be handled by downplaying the attack surface its systems present to bad actors. Other tactics include trying to get assorted governments to help blunt the actions of bad actors and certain nation states which buy intelware for legitimate purposes. How this is to be accomplished remains a mystery to me, but Apple wanted an injunction to slow down the NSO Group’s exploit capability. How did that work out? Yeah. Other tactics include rolling out products in snazzy online events, making huge buyout plays, and pointing fingers at everyone except those who created the buggy and security-lax software.
I am not sure where my sympathies lie. Yes, I understand the discomfort the Jordanian target has experienced, but mobile devices are surveilled 24×7 now. I understand that. Do you? I am not sure if I resonate with either NSO Group’s efforts to build its business. I know I don’t vibrate like the leaves in the apple orchard.
The context for these intelware issues is a loss of social responsibility which I think begins at an early age. Without consequences, what exactly happens? My answer is, “Lots of real news, outrage, and not much else.” Without consequences, why should ethics, responsible behavior, and appropriate regulatory controls come into play?
Stephen E Arnold, April 11, 2022
Google: Nosing into US Government Consulting
April 4, 2022
I spotted an item on Reddit called “Google x Palantir.” Let’s assume there’s a smidgen of truth in the post. The factoid is in a comment about Google’s naming Stephen Elliott as its head of artificial intelligence solutions for the Google public sector unit. (What happened to the wizard once involved in this type of work? Oh, well.)
The interesting item for me is that Mr. Elliott will have a particular focus on “leveraging the Palantir Foundry platform.” I thought that outfits like Praetorian Digital (now Lexipol) handled this type of specialist consulting and engineering.
What strikes me as intriguing about this announcement is that Palantir Foundry will work on the Google Cloud. Amazon is likely to be an interested party in this type of Google initiative.
Amazon has sucked up a significant number of product-centric searches. Now the Google wants to get into the “make Palantir work” business.
Plus, Google will have an opportunity to demonstrate its people management expertise, its ability to attract and retain a diverse employee group, and its ability to put some pressure on the Amazon brachial nerve.
How will Microsoft respond?
The forthcoming Netflix mockumentary “Mr. Elliot Goes to Washington” will fill someone’s hunger for a reality thriller.
And what if the Reddit post is off base. Hey, mockumentaries can be winners. Remember “This Is Spinal Tap”?
Stephen E Arnold, April 4, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
