According to a recent report, the smartphones of a dozen US State Department employees working in Uganda have been attacked by the Israeli firm NSO Group’s spyware.
Just as it seemed like it could not get any worse for the NSO group who has been under fire in the recent months after Apple’s lawsuit against the tech firm, it did. According to the latest report by Reuters, dozens of US officials working in Africa have been the latest victims of the Pegasus spyware – despite NSO’s claim that no Americans could be targeted with this spyware technology.
US State Department’s Response
The US State Department is in the process of figuring out who has used the spyware to access information on the phones. The officials said that it is possibly the result of employees getting new iPhones with Pegasus already installed in the devices.
This is a major blow to the Israeli tech firm, NSO Group. The investigation by the US State Department shows how serious the situation is and how it is a threat to human rights and US national security.
NSO Group was also added to the US Entity List along with another Israel-based spyware firm Candiru, accusing these companies of delivering spyware to governments to spy on officials at embassies, journalists, human activists, and more.
The State Department has been in close touch with Apple Inc. According to the official spokesperson of the US State Department:
“While we are unable to confirm, generally speaking the Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. Like every large organization with a global presence, we closely monitor cybersecurity conditions, and are continuously updating our security posture to adapt to changing tactics by adversaries.”
A National Security Council spokesperson also said that the Biden administration is very concerned about commercial spyware as they pose serious security and counterintelligence risk to US personnel. The spokesperson also said that the government is going after commercial spyware and hacking tools.
John Scott Railton, a senior researcher at Citizen’s Lab at the University of Toronto said that this latest revelation shows that the Bureau of Diplomatic Security needs to step up its game and do more to secure devices used by its employees. He also said that “NSO has been a plain-sight national security threat for years” and has not been taken seriously by the US government.
Earlier this week, Norbert Mao, President of Uganda’s Democratic Party also tweeted that he received a notification from Apple saying his iPhone has been targeted.
When you wake up to a threat notification from @Apple that your iPhone is being targeted then you know that cyber terrorism from state sponsored cyber terrorists is real. pic.twitter.com/1uZ9eIf1FR
— Norbert Mao (@norbertmao) November 24, 2021
NSO Group’s Statement
An official spokesperson of the NSO Group said that once the firm learned about the incident, it “immediately terminated relevant customer’s access to the system, due to the severity of allegations.” It was further stated:
“To this point, we haven’t received any information nor the phone numbers, nor any incident that NSO’s tools were used in this case. On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full information we will have.”
It is still unclear who used the spyware to target the State Department employees, as the Apple spokesperson declined to comment on the incident.
The NSO Groups’ spyware was found in more than 50,000 smartphones worldwide of politicians, journalists, government employees, and more. The company claimed that the spyware cannot be used to target phone numbers beginning with +1 or a US country code, as it has been blocked by the system. However, this incident shows that it is not the case.
According to the reports, more than 11 US State Department employees in Uganda have been targeted. So, even though Pegasus spyware does not work on US phone numbers, it can be used against Americans abroad using non-US numbers.
After these allegations, Israel claimed to have restricted the export of spyware tools due to criticism from the international community. NSO has been wanting to enter the US market, however, these recent incidents and lawsuits by Facebook and Apple show that people have had enough of NSO’s spyware tools.
The US National Security Council spokesperson said that Biden’s administration has mobilized a country-wide effort to curb the proliferation of these spyware tools as they abuse human rights and pose a serious threat to US security.