Experts: Pegasus Spyware Found in Phones of Palestinian Activists

Published: 08 November 2021

spyware

Pegasus found in phones of Palestinian activists (Photo: Blogtrepreneur, Flickr, License)

By OCCRP

Experts revealed on Monday that spyware produced by the scandal-ridden Israeli NSO Group was found on the cellphones of Palestinian activists, some of whom work for organizations accused by Israel of terrorism shortly after their infection with the Pegasus spyware was detected.

The NSO Group and its Pegasus software that allows intruders to monitor the victim’s communications were at the center of this summer’s global scandal that erupted after media revealed that it had been used by some governments for spying on journalists and activists.

Now security experts say they also detected the software in the phones of six Palestinian human rights activists. 

Despite the overwhelming evidence that surfaced through the Pegasus Project, NSO’s spyware continues to be used against human rights defenders,” said Danna Ingleton, Deputy Director of Amnesty International Tech. 

Four of the six hacked devices used Israeli SIM cards, and although NSO has claimed that it cannot target Israeli numbers, the latest evidence shows that this is not true, and brings into question NSO’s claims that Pegasus is not functional in other jurisdictions, she said.

“Amnesty International calls for an immediate global moratorium on the sale and transfer of surveillance technology until the industry can operate in line with International Human Rights Law,” she added.

Experts from the Dublin-based human rights organization Frontline Defenders detected the software on October 16 in the Iphone of a staff member at Al-Haq, an organization based in Ramallah that documents violations of the individual and collective rights of Palestinians.

Five other Palestinian human rights organizations were allerted, and when they checked their staff members’ phones for the software, five more infections were found. The findings were confirmed by experts from the Toronto-based Citizens Lab and Amnesty International’s Security Lab.

Two days after experts found the spyware, Israel's Interior Ministry notified one of the victims, lawyer Salah Hammouri, that his permanent residency had been revoked and that he will be deported from Jerusalem because of a “breach of allegiance to the State of Israel.” 

On October 19, Israeli Minister of Defense, Benny Gantz, issued an executive order designating the six Palestinian human rights organisations as ‘terrorists’ under Israel’s Anti-Terrorism Law. Employees of three of the six designated organizations had their phones infected with Pegasus.

“Israel then worked to try to convince European and American officials of the evidence that these organizations are ‘terrorist’, including sending intelligence envoys to Washington, DC, yet these officials publicly message that the evidence they were shown is not credible,” a statement from Frontline Defenders said.

Al-Haq, which is among the designated six, accused Israel of trying to silence and criminalise Palestinian civil society.

“In practice, the designations laid against the Palestinian organizations empower Israel to shut down their offices, seize their assets including bank accounts, and arrest and detain their staff members,” the organization said.

The parallel timelines of the investigation that revealed the infection of the activists' phones and the Israeli designations “are concerning,” and “may amount to an attempt at preemptively withholding evidence of surveillance and covering up surreptitious spyware actions,” Al-Haq added.

Front Line Defenders Executive Director Andrew Anderson called on the international community to support the “legitimate work” of “peaceful Palestinian human rights defenders.”

“This episode will serve as a stark warning against any deployment of the term 'terrorist' against any human rights defender anywhere in the world, and renew efforts to reign in the use of spyware against human rights defenders, journalists and other civil society activists,” he said.

Although the Front Line Defenders forensic investigation could not reveal who planted the software, the timing and method of the designation suggests that the Israeli government is trying to legitimize the surveillance and the infection of devices, he said.

NSO Group said in a statement that due to contractual and national security considerations, it cannot confirm or deny the identity of their government customers and reminded that “NSO Group does not operate the products itself; the company license approved government agencies to do so, and we are not privy to the details of individuals monitored.”

“NSO Group develops critical technologies for the use of law enforcement and intelligence agencies around the world to defend the public from serious crime and terror. These technologies are vital for governments in the face of platforms used by criminals and terrorists to communicate uninterrupted,” the company added.