30 August 2016

Spyware firm tied to iPhone hack has U.S. ties


August 26, 2016 

Apple has issued a security update to prevent iOS spyware

A recent attempted hack shed light in vulnerabilities within iOS that would allow hackers to glean information from victims' apps and more. 

SAN FRANCISCO — The spyware firm tied to an iPhone hack that prompted an emergency patch this week by Apple keeps a very low profile. But the NSO Group has strong ties here as well as in Israel, where it's staffed by specialists from Israel's military cyber division.

One of its recent owners, U.S. private equity firmFrancisco Partners, operates from an office complex in San Francisco's leafy Presidio district that's also home to Lucasfilm and Industrial Light & Magic.

In Herzelia, an area of near Tel Aviv with a thriving tech culture, NSO was founded by Shalev Hulio and Omri Lavie in 2009, according to HulioandLavie's LinkedIn pages. Several of its employees previously worked for United 8200, the Israeli Army's cyber division, which is known to produce spying software.

The tech company's background, pieced together from industry reports, reflects the growing boom in cybersecurity firms that operate in a nebulous area: creating software and processes that break into encrypted devices for government entities.

NSO is described itself as "a leader in the field of Cyber warfare," according to an apparent company brochure posted online by Privacy International.


Human rights activist Ahmed Mansoor shows Associated Press journalists a screenshot of a spoof text message he received in Ajman, United Arab Emirates, on Thursday, Aug. 25, 2016. Mansoor was recently targeted by spyware that can hack into Apple's iPhone handset. The company said Thursday it was updated its security. The text message reads: "New secrets on the torture of Emirati citizens in jail." (Photo: AP Photo/Jon Gambrell) 

The company uses "a powerful and unique monitoring tool, called Pegasus, which allows remote and stealth monitoring and full data extraction from remote target devices via untraceable commands," says the brochure.

While these hacks can be legal under the laws of the country buying the product, they raise severe privacy worries from consumer groups. They also highlight concerns that increasingly rigorous encryption from Apple and other consumer tech companies is vulnerable to attacks funded by deep-pocked entities.

“What most people don’t understand about espionage these days is just how dramatically sophisticated the technologies to conduct this kind of intelligence gathering have become," said Michael McFaul, director of the Freeman Spogli Institute for International Studies at Stanford University and the former U.S. Ambassador to Russia.

Cybersecurity firms that can thwart encryption shot into the spotlight earlier this year when the FBI hired an unnamed private contractor to help it hack into the contents of the iPhone used by one of the San Bernardino shooters. The successful hack allowed the U.S. government to shelve a contentious fight with Apple, which did not want to provide a software override to its mobile operating system.

The NSO Group is rare “because it’s one company that’s gotten caught,” said Eva Galperin, a global policy analyst with the Electronic Frontier Foundation, a digital rights group in San Francisco. "There’s still a lot of light to be shed on this world,” she said.

Suspicious text

Its involvement, according to researchers who published findings on the spyware and notified Apple, was traced to the software's coding.

Ahmed Mansoor, a prominent human rights activist in the United Arab Emirates, told University of Toronto's Citizen Lab he was sent a suspicious SMS link. Working with mobile security firm Lookout, Citizen Lab said the link carried a powerful, rare form of spyware that could have cost as much as $1 million. If Mansoor had clicked on it, it would have given the sender the ability to control his phone's camera and microphone, track his movements and rifle through all his apps, files and contacts, they said.

NSO Group spokesman Zamir Dahbash, reached by email, would not confirm or deny involvement in the Mansoor spyware. He said: “NSO’s mission is to help make the world a safer place, by providing authorized governments with technology that helps them combat terror and crime."

Apple said it immediately fixed the vulnerability upon learning of it. On Thursday it advised customers to download the latest version of its iOS, version 9.3.5, for security protection.

Citizen Lab's John Scott-Railton said a likely suspect for the attempted attack was the United Arab Emirates, where Mansoor is seen as a dissident. He has been unable to leave the country since 2011 after his passport was taken. A representative for the UAE did not return a request for comment.

U.S. owned

NSO Group has an extremely low profile. The company does not have a web page. On its LinkedIn page, it is described as working "in the field of Internet security software solutions and security research." No contact information is listed.

In 2014, Francisco Partners bought a majority stake. The private equity company, founded by West Coast investment banking pioneer Sanford Robertson and run by former Texas Pacific Group investor Dipanjan Deb, did not respond to requests for comment. Among its 75 portfolio companies, it does not list NSO as an investment. In November, Bloomberg reported NSO was exploring a sale that would value it at close to $1 billion.

According to a Reuters report last year, NSO Group had annual earnings of around $75 million.


Human rights activist Ahmed Mansoor shows Associated Press journalists a screenshot of a spoof text message he received in Ajman, United Arab Emirates, on Thursday, Aug. 25, 2016. (Photo: (AP Photo/Jon Gambrell)) 

If the software was produced, sold and used outside of the United States, there would be no U.S. jurisdiction over it, said Robert Cattanach, a partner at Dorsey & Whiney who specializes in cyber security law.

If it had been used inside of the United States, the Computer Fraud and Abuse Act would apply, but that doesn’t appear to have happened here, he said.

“These materials are for sale to the highest bidder,” said Cattenach, a former U.S. Department of Justice attorney.

Spyware vs. privacy

Some suggest the availability of software such as that produced by the NSO Group is at least partly due to technology firms’ reluctance to provide a backdoor to law enforcement to increasingly sophisticated encryption.

"We are at this place because of law enforcement frustration with access to data in investigations. And so we are going to continue to see law enforcement agencies, even from legitimate democratic states, buying 'hacking tools' so that crimes that occur within their own borders can be investigated," said Chris Hoofnagle, a professor of cyber crime law at the University of California, Berkeley.

Apple's refusal to break into the San Bernardino iPhone "forced the FBI to buy a million-dollar exploit from a company in the same market space as NSO because that was the only way to get access to the San Bernardino killers’ phone. So Apple has helped create this market,” said Stewart Baker, a partner in the Washington office ofSteptoe & Johnson.

A spokesperson for Apple was not immediately available for comment.

No comments: