Police have been using the infamous Pegasus spyware, made by offensive-cyber firm NSO group, against Israeli citizens for years, an Israeli financial daily reported Tuesday.
According to the report in Calcalist, a former Shin Bet official who was appointed Israel’s police chief was the first to make massive use of the system, which the police first bought in 2013, and it has since been used against a list of targets that includes protest leaders, politicians and others.
Tuesday’s report was the first indication that the spyware was being used against Israeli citizens, with investigations overseen only by the police, and the use of Pegasus made without a warrant or court order.
The Pegasus spyware allows its operators to remotely access mobile phones infected with the software. Sold to intelligence and law enforcement agencies across the world, the spyware exploits security vulnerabilities in Android and iPhone operating systems to gain access to the device's contents – from messages to photos. The program also enables to remotely activate the phone’s camera and microphone, without the victim's knowledge.
Read more >> NSO Spyware Targeted Yemen War Crimes Investigator, Report Says ■ The Israeli cyber weapon used against 180 journalists ■ Israeli NSO Spyware Found on Phones of U.S. State Department Officials ■ Apple Sues Israeli Spyware Firm NSO Over Surveillance of Users ■ How Israeli Spy-tech Became Dictators' Weapon of Choice ■ Two UAE Princes Each Got Their Own Personal NSO Spyware ■ Global Reckoning Begins for Spyware and Its Tools of Repression
The report, written by Tomer Gonen, was not attributed to any source but provided a detailed history of the police’s use of the spyware for investigative purposes. The system was purchased in 2013 by then police chief Yohanan Danino. His successor, Roni Alsheich, who was drafted to lead the police after serving in a senior role in the Shin Bet security service in 2015, expanded its use dramatically. The police also then began expanding its so-called SIGINT cyberunit, filling it with graduates from the Israeli military intelligence’s elite 8200 unit, known for its talent.
Haaretz received a copy of the invoice between NSO and the Israeli police showing evidence of the police's purchase of the software. The invoice of 2.7 million shekels was sent in December 2013 to the budget department of the Israel Police's Department of Investigations and Intelligence.
- NSO's Pegasus: The Israeli Cyber Weapon Used Against 180 Journalists
- ‘Cyber Mercenaries’: Israel’s Spyware Industry Is Getting Slammed Around the World
- Citizen Lab vs. NSO: The Institute Taking Down Israel's 'Mercenary Spyware' Firms
According to a source close to the matter, the police purchased the software's most basic form, and additional upgrades were added to it at costs of millions of shekels each year for the development and operation of the software.
The product description in the invoice was vague and did not specifically mention the spyware by name. The document was signed by Shirley Shochat of NSO Technologies Ltd. and Hadas Biton from the Israel Police's Department of Investigations and Intelligence.
Israel has long helped advance the sale of NSO’s Pegasus and other offensive cyber services as part of what has been dubbed Israel’s “cyber diplomacy.” Among NSO’s most famous past clients are the UAE and reportedly Saudi Arabia, as well as India, Hungary, Mexico and more recently Poland, all countries that former Prime Minister Benjamin Netanyahu courted diplomatically. The Project Pegasus investigation, led by Paris-based NGO Forbidden Stories, to which Haaretz was also a partner, revealed the spyware was being used against journalists and human rights activists across the world.
Front Line Defenders, a human rights group, revealed a few months ago that Pegasus was used to spy on Palestinians working with rights groups that Israel outlawed. However, there have been no past examples in which Israelis were being targeted, certainly not by the state.
Secret surveillance and whitewashing
While Israel advances NSO’s technology abroad, it is known that Pegasus’ usage against Israelis is forbidden – especially for foreign clients. It has long been assumed Israel has no need for such a service as its Shin Bet very likely has such capabilities and does not need to outsource them to a private firm. If true, the report would show how the Shin Bet culture of secretive snooping has trickled into the police, who, unable to develop such tools on their own, turned to NSO to provide the service.
The report also highlights a key issue that critics have long voiced about how such spyware, developed for usage against serious crimes and terrorism, can easily be used for other purposes once it reaches the client. NSO, like others, may hope to limit its usage for cases in which it is legally justified, but it has no control over what its clients actually use it for – in this case, phishing operations, and intelligence collection against innocent civilians.
Among the targets the police spied on, the report said, were also government employees who were not accused of criminal offenses but who had access to information that could prove key in a wider investigation. In another case, as part of an investigation into the murder of a businessman, an associate of theirs was hacked after telling a journalist they knew who the killer was.
The police also seem to have used Pegasus for general intelligence collecting, such as using it to spy on potentially violent anti-LGBTQ activists after the 2015 murder of a young girl at Jerusalem’s Pride Parade.
The report stresses how many of these cases, like an investigation into the illegal release of nude photos, may include legitimate targets in theory but took place with no oversight and with no legal justification.
The Israeli police use other Israeli cyber firms, for example, Cellebrite, which allows police forces to break into any phone in their physical position. However, in those cases, it usually attains a warrant before breaking into the phones. With the Pegasus cases, this was not done.
As the use of Pegasus was to be kept secret, on several occasions the intelligence information collected through it was “whitewashed” – an intelligence term denoting an attempt to attribute information collected from a secret source to another to not reveal its origin.
The only indication that Pegasus was being used against Israelis was a case in which a former NSO official faced trial for trying to sell the company’s code on the dark web. During the trial, the official admitted that NSO works with Israeli authorities.
Public Security Minister Omer Bar-Lev said of the report that “there is no practice of wiretapping, or hacking of devices, by the Israeli Police without the approval of a judge." Nevertheless, Bar-Lev said, he planned to check and make sure that NSO wasn’t skirting the rules and that its activities were explicitly approved by a judge.
Police Commissioner Kobi Shabtai said he had ordered an examination of all the alleged cases referenced in the report and found that “some of the cases are not correct.” He specifically denied that the spyware was used against anti-Netanyahu protesters, mayors, and anti-LGBTQ activists. “The Israel Police does not use its advanced technological capabilities against innocent citizens and protesters,” Shabtai said.
Responding to Calcalist, NSO said, “As a rule, we don’t comment on existing or potential clients. We would like to clarify that the company doesn’t operate the systems held by its clients and isn’t involved in activating them.
“The company’s employees aren’t exposed to targets, aren’t exposed to information about them, and aren’t involved or exposed to our clients’ operational activity or any information relating to the investigations conducted by clients,” the firm said. “The company sells its products under license and supervision to be used by national security and law enforcement agencies to prevent crime and terror in a legal manner and according to court orders and the local law of each country.”
The police denied the report and said the claims are “untrue.” Israel Police told Calalist that it “acts according to the authority granted to it by law and when necessary according to court orders and within the rules and regulations set by the responsible bodies.
“The police’s activity in this sector is under constant supervision and inspection of the Attorney General of Israel and additional external legal entities,” the police said. “Naturally, the police don't intend to comment on the tools it uses. Nevertheless, we will continue to act in a determined manner with all the means at our disposal, in the physical and online spaces, to fight crime in general, and organized crime in particular, to protect the safety and property of the public.”
Former Police Commissioner Yohanan Danino said that during his tenure, use of tools to eavesdrop on phone calls was always done in accordance with the law and in cases involving a serious crime. “The cases mentioned in the article are unfamiliar to me,” he said. He added that if there were hacks of protesters’ phones without a judge’s order, he saw it as “invalid and inappropriate,” even if it was done legally.
Even if an operation appeared to be legal, Danino said, extreme caution should be used before using the spyware in cases like those described by Calcalist “because of the heavy price that our democracy pays for it.” He further said that law enforcement must adhere to important values: the right to privacy, preservation of democracy, and freedom of expression.