‘Married, but Has Grindr’: How Israeli Police Spied on Activists With NSO’s Pegasus

Specialist police unit has been using NSO’s software to collect intelligence on Israelis, such as a social activist believed to be organizing a protest, says new report

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Israel Police Commissioner Kobi Shabtai, center, in Jerusalem last year.
Israel Police Commissioner Kobi Shabtai, center, in Jerusalem last year.Credit: Ohad Zwigenberg
Omer Benjakob
Omer Benjakob

New details have emerged of how the Israeli police have been using the NSO Group’s Pegasus spyware against innocent Israeli citizens without any court approval and even though the surveillance software is not meant to work on Israeli phone numbers.

The Israeli business daily Calcalist reported Thursday on how the police are using the spyware to create dossiers on Israelis even though they are not facing criminal charges. Two officers in the signal intelligence unit reportedly use Pegasus in tandem: one listens to the target in real time while the other combs over files harvested from their phone.

<<< The NSO file: A complete (updating) list of individuals targeted with Pegasus software >>>  

The report, by Tomer Gonen, is the latest exposé into how the Israel Police has used the military-grade system – which is intended for fighting serious crime and terrorism, and has been sold to police forces overseas for those alleged purposes – to collect intelligence against Israelis as part of early stage investigations into them.

In one case, Calcalist described a social activist who was selected as a surveillance target by an investigative unit in the police after being deemed a “threat to democracy.” The reason he was chosen, the report said, was because he was planning to “disrupt the peace” in the form of staging protests.

After he was selected as a target, the police’s cyberintelligence unit was tasked with building a dossier on him. Initially, his cellphone was infected with Pegasus by the unit that “remotely” hacked his phone. After that, two officers were charged with following the activist: One tracked his phone in real time – seeing the notifications it was receiving, examining emails and listening in on phone calls as they were happening – while the other officer was entrusted with combing over all of the information lifted from the device, which ranged from old messages to past emails.

Among the items found on the activist’s phone was Grindr, the dating app for men. This information was added to the dossier, which noted that the target “goes out with men, though [he’s] married.”

The police didn’t stop there, according to the report: they also kept track of the target’s conversations on Grindr.

According to Calcalist, the officers even shared the times and dates of meetings the activist arranged. The goal, the report noted, was to allow police officers to track him in the real world as he met with other men – all with the aim of collecting more information on him, not to prevent any specific crime.

Code name: Siphon

The case revealed the wider modus operandi of the police’s intel division using Pegasus without a court order to sanction such surveillance.

The code name for Pegasus was Siphon, the report revealed. The police’s special unit would only tackle select cases and the NSO software itself sat in a locked room in the cyberintelligence unit in Jerusalem, which required a special code to be accessed.

The initial report earlier this week revealing the police use of Pegasus said there was a special liaison officer tasked with coordinating between different investigative units and the actual cyberintelligence unit over the use of Pegasus.

A protest against NSO outside the group's offices in Herzliya last July. Credit: NIR ELIAS/REUTERS

After a request was received and authorized by the police top brass, the officer would convene the unit, discuss the target and type of intelligence the investigation required. The officer would also supply the unit with the target’s phone number. A file would then be opened for an “operational plan for infecting the target,” which would outline the probe and the dossier to be constructed based on the information harvested from the phone.

The “plan,” the report said, would initially focus on deciding how to infect the target – for example, deciding what type of message could be sent to them so they would click a link that would surreptitiously install the spyware on their phone.

After the target was successfully infected – though the unit did not enjoy a 100-percent success rate – the system would send out an alert informing the unit that Pegasus was now installed on the target’s phone.

Pegasus would then automatically arrange all of the information on the target’s phone into files: photos, WhatsApp messages, and so on. These would be assessed by one officer while the other would follow the target in real time.

In fact, the report explained, the officer tasked with live intelligence collection would have full access to the phone and be able to see what applications the target was using in real time. The report said analysts would work around the clock, in three shifts, to go over the information – all with the goal of building a dossier on the target.

At the end of the first week, a meeting would be held and an assessment made of weak spots that could be exploited to gain leverage over the target. For instance, in the case of the social activist who had Grindr on his phone, a screen capture from the application was added to the dossier and the man’s sexual activities were presented as a point the police could leverage as part of their investigation.

At this formative stage of the investigation, a decision would be reached: If the materials were to go back to the unit investigating the target, then for the first time in the entire process a judge would be contacted and a warrant request would be retroactively filed, including for wire-tapping.

It is unclear from the report if the judges are informed that Pegasus was the software being used. Moreover, it is unclear if the judges were told it had already been used or rather if the request was used to retroactively justify the intelligence collection.

The request for a wiretap, the report said, is made by the police unit conducting the investigation – not the cyberintelligence unit – once they already have the information they are seeking. Moreover, the form for making such a request is actually designed to look like the screen of a smartphone, the report revealed.

Calcalist said such practices are new to the police but are similar to the way Israeli’s elite intelligence unit, 8200, operates. The paper explained that the police’s cyberintelligence unit recruited many graduates from the 8200 unit to operate Pegasus after it was first purchased from NSO in 2013.

Israel Police were not the only Israeli institution to use the spyware, Calcalist added: Israel’s tax authority and security and exchanges commission had also reportedly used it.

Responsing to the report, the current police chief Kobi Shabtai said they have asked Calcalist for additional details so they could investigate the claims. However, he reiterated that the police’s conduct was “in line with law” and in accordance with guidelines.

Though Shabtai did not confirm that the police are using Pegasus, he also did not deny it, stating only that any usage of advanced technology for investigative purposes was done legally. 

Click the alert icon to follow topics:

Comments