Security researchers disclosed Monday that spyware from the notorious Israeli hacker-for-hire company NSO Group was detected on the cellphones of six Palestinian human rights activists, half affiliated with groups that Israel's defense minister controversially claimed were involved in terrorism.
The revelation marks the first known instance of Palestinian activists being targeted by the military-grade Pegasus spyware. Its use against journalists, rights activists and political dissidents from Mexico to Saudi Arabia has been documented since 2015.
A successful Pegasus infection surreptitiously gives intruders access to everything a person stores and does on their phone, including real-time communications.
It's not clear who placed the NSO spyware on the activists' phones, said the researcher who first detected it, Mohammed al-Maskati of the nonprofit Frontline Defenders.
Shortly after the first two intrusions were identified in mid-October, Israeli Defense Minister Benny Gantz declared six Palestinian civil society groups to be terrorist organisations. Ireland-based Frontline Defenders and at least two of the victims say they consider Israel the main suspect and believe the designation may have been timed to try to overshadow the hacks' discovery, though they have provided no evidence to substantiate those assertions.
Israel has provided little evidence publicly to support the terrorism designation, which the Palestinian groups say aims to dry up their funding and muzzle opposition to Israeli military rule. Three of the hacked Palestinians work for the civil society groups. The others do not, and wish to remain anonymous, Frontline Defenders says.
The forensic findings, independently confirmed by security researchers from Amnesty International and the University of Toronto's Citizen Lab in a joint technical report, come as NSO Group faces growing condemnation over the abuse of its spyware and Israel takes heat for lax oversight of its digital surveillance industry.
More From This Section
Last week, the Biden administration blacklisted the NSO Group and a lesser-known Israeli competitor, Candiru, barring them from U.S. technology.
Asked about the allegations its software was used against the Palestinian activists, NSO Group said in a statement that it does not identify its customers for contractual and national security reasons, is not privy to whom they hack and sells only to government agencies for use against serious crime and terror.
An Israeli defense official said in a brief statement that the designation of the six organisations was based on solid evidence and that any claim it is related to the use of NSO software is unfounded. The statement had no other details, and officials declined requests for further comment. The official spoke on condition of anonymity to discuss security matters.
Israel's Defence Ministry approves the export of spyware produced by NSO Group and other private Israeli companies that recruit from the country's top cyber-capable military units. Critics say the process is opaque.
It's not known precisely when or how the phones were violated, the security researchers said. But four of the six hacked iPhones exclusively used SIM cards issued by Israeli telecom companies with Israeli +972 area code numbers, said the Citizen Lab and Amnesty researchers. That led them to question claims by NSO Group that exported versions of Pegasus cannot be used to hack Israeli phone numbers. NSO Group has also said it doesn't target U.S. numbers.
Among those hacked was Ubai Aboudi, a 37-year-old economist and U.S. citizen. He runs the seven-person Bisan Center for Research and Development in Ramallah, in the Israeli-occupied West Bank, one of the six groups Gantz slapped with terrorist designations on October 22.
The other two hacked Palestinians who agreed to be named are researcher Ghassan Halaika of the Al-Haq rights group and attorney Salah Hammouri of Addameer, also a human rights organisation. The other three designated groups are Defense for Children International-Palestine, the Union of Palestinian Women's Committees and the Union of Agricultural Work Committees.
Aboudi said he lost any sense of safety through the dehumanising hack of a phone that is at his side day and night and holds photos of his three children. He said his wife, the first three nights after learning of the hack, didn't sleep from the idea of having such deep intrusions into our privacy.
He was especially concerned about eavesdroppers being privy to his communications with foreign diplomats. The researchers' examination of Aboudi's phone determined it was infected by Pegasus in February.
Aboudi accused Israel of sticking the terrorist logo on the groups after failing to persuade European governments and others to cut off financial support.
Israel says the groups are linked to the Popular Front for the Liberation of Palestine, a leftist political faction with an armed wing that has killed Israelis. Israel and Western governments consider the PFLP a terror group. Aboudi was detained years ago on allegations of being a PFLP member but denies ever belonging to the group.