Update A prominent senator has called for aggressive monitoring of sales of hacking and espionage devices to U.S. law enforcement.
Senator Ron Widen (D-OR) responded to the opening by handing over the Pegasus NSO technology, renamed Phantom, to the police department of San Diego, California, to the vice president of Westbridge Technologies, the U.S. commercial arm of the controversial NSO group. This is despite the fact that the NSO stated in court reports two weeks ago that it had no U.S. presence.
Government hacking is one of the most invasive forms of surveillance – tracking a person’s movements, turning on a web camera and microphone, or accessing photos and other sensitive data on a phone or computer, Wyden said in a statement to the registry.
These instruments are ripe for abuse, e.g. by a law enforcement officer spying on them. Congress must aggressively control the spread of these espionage technologies and their use by the state and local authorities.
The reference to spying on a former partner refers to the allegation that an employee of the NSO Group, who was caught using the company’s technology, was spying on a woman he was romantically interested in. The employee has been fired.
Spyware Slingshot NSO on Facebook: It’s a little funny that you sue us in California when we’re not in the US or using US IT services?
The NSO group has become synonymous with state espionage because of its software, which is used by a number of authoritarian governments to suppress dissenting opinions. Reportedly, the Pegasus Phantom was used by Saudi Arabia to murder and eventually kill the journalist Jamal Hashogga. It could also have been used to hack into the phone of Amazon director Jeff Bezos.
Just use it for the good stuff, okay?
The NSO said that its espionage programmes should only be used to combat terrorism or serious crimes, but that they had been repeatedly discovered on the phone by journalists, activists and political dissidents from around the world. Facebook is also suing an Israeli company for targeting users of its WhatsApp email service.
Usually the device is infected by video surveillance software that uses a software vulnerability. For example, a captured message, when opened on the phone, uses a vulnerability in the applications or the operating system of the device to initiate the implementation of the smuggling code in the message, resulting in the installation of malware.
In the case of Jeff Bezos, a WhatsApp chat message from Crown Prince Mohammed bin Salman of Saudi Arabia with a video he thought was some kind of telecommunications commercial, must have been the way the spyware was downloaded to his phone.
Once Pegasus/Phantom is on your phone or computer, it can track your location, read texts, emails and messages on social networks, download videos and photos stored on your device, and turn on your camera and microphone. The danger of this software is so great that representatives of the United Nations have repeatedly condemned its use.
The fact that the NSO Group currently sells its products specifically to U.S. law enforcement – albeit under a different company and product name – is alarming given the enormous resources often available to U.S. law enforcement and the limited control and accountability.
U.S. police should demand a search warrant for the use of software, especially in light of recent Supreme Court decisions on mobile phone content, but again, it is not clear whether or not this is happening and what the technology is being used for.
There have been many examples where the local police have used computer tools in a very inappropriate way. Perhaps most memorable was when Maryland Police used controversial cell phone tracking technology, designed only for the most serious crimes, to track a man who stole $50 chicken wings. ®
Updated to add
The NSO Group has contacted us to determine whether Westbridge is an American sales network or not. ONS states that it has no control over Westbridge, although it notes that Westbridge is the fiancée of ONS headed by the parent company.
We note that Westbridge and ONS have a close relationship and that Westbridge calls itself the North American branch of ONS in its marketing brochure.
Westbridge Technologies shares the parent company with the ONS, but is not a subsidiary of the ONS or owned. ONS has no control over Westbridge Technologies, said a spokesman for ONS. With regard to the transfer of the monitoring programmes to the police, the spokesperson continued:
This article has also been updated to clarify that Senator Widen is asking Congress to monitor all spyware offered to the police, not just malware produced by the NSO group.
Webcast : Build a new generation of your business in the public cloud.the register security,cyber security news aggregator,cyber security newsletters,cyber security news headlines today,cyber security news '' uk,cyber security news today uk,tech news security,the register software