Spyware From Two Israeli Firms Used to Hack Dissidents' Phones in Egypt, India

On top of the NSO Group, the first case of spyware from the little-known Israeli firm Cytrox was detected on a prominent Egyptian activist's phone

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Congress party workers shout slogans during a protest accusing Prime Minister Narendra Modi's government of using military-grade spyware to monitor political opponents, journalists and activists in New Delhi, India
Congress party workers shout slogans during a protest accusing Prime Minister Narendra Modi's government of using military-grade spyware to monitor political opponents, journalists and activists in NeCredit: Manish Swarup,AP

Traces of Israeli spyware were found on phones of an Indian activist and Egyptian dissident this week, amid intensifying calls to sanction the NSO Group and other cyber companies over their helping hand in the suppression of political dissent worldwide.

According to a report by The Guardian, NSO Group's Pegasus spyware was found on the phone of Indian activist Rona Wilson, just three months before his arrest on terror-related charges.

Haaretz Weekly Podcast

The secret Israeli files revealing massacres of Palestinians. LISTEN

-- : --

Meanwhile, reports from Egypt say two kinds of software were found on the phone of a prominent dissident Ayman Nour. Along with Pegasus, security research in Egypt found another software from Cytrox on the dissident's phone, the first documentation of hacking by the secretive Israeli company.

In detailing the Cytrox infection, the researchers said they found the phone of a second Egyptian exile, who asked not to be identified, also hacked with Cytrox’s Predator malware. But the bigger discovery, in a joint probe with Facebook, was that Cytrox has customers in countries beyond Egypt including Armenia, Greece, Indonesia, Madagascar, Oman, Saudi Arabia, and Serbia.

Both cases provide new evidence on how digital surveillance of the hacker-for-hire malware has been abused by different governments.

Egyptian politician Ayman Nour speaks during a news conference organized by Muslim Brotherhood for former Egyptian president Mohammed Morsi, in Istanbul, on June 20, 2019Credit: Burhan Ozbilici,AP

Indian activist Rona Wilson's phone was hacked between July 2017 and March 2018, according to The Guardian. The research by U.S. digital forensic science firm Arsenal Consulting found evidence against Wilson and other members of his network were planted on laptops used by activists.

Meanwhile, University of Toronto’s Citizen Lab uncovered traces of NSO's Pegasus on the phone of Ayman Nour, a dissident and 2005 Egyptian presidential candidate who subsequently spent three years in jail. While researchers traced the Cytrox hack back to Egypt they could not decipher who was behind Nour's NSO hack.

Founded in 2017 in Tel Aviv, Cytrox was part of a shadowy alliance of surveillance tech companies known as Intellexa that was formed to compete with NSO Group.

In past months, world powers have ratcheted up the pressure on spyware companies like the NSO Group, following extensive revelations of how their software was used in a far-reaching crackdown on human rights activism, journalists and political opposition.

In October, Indian opposition leaders demanded courts examine accusations that that Prime Minister Narendra Modi’s government used military grade software to spy on journalists, activists and political opponents.

In the U.S., the Biden administration added NSO Group and another Israeli firm, Candiru, to a blacklist that bars U.S. companies from providing them with technology. 

Last month, Apple announced that it was suing NSO Group, with the tech giant calling the company’s employees “amoral 21st century mercenaries.”

Facebook’s owner, Meta, announced on Thursday a flurry of takedowns of accounts affiliated with seven surveillance-for-hire firms — including Cytrox — and notified about 50,000 people in more than 100 countries including journalists, dissidents and clergy who may have been targeted by them. It said it deleted about 300 Facebook and Instagram accounts linked to Cytrox.

When asked for a response by The Guardian regarding the findings on Wilson's phone, NSO group said: “Without addressing specific countries and customers, the allegations raised in this inquiry are not clear.

“Once a democratic country lawfully, after due process, uses tools to investigate a person suspected in an attempt to overthrow a (democratically elected) government, this would not be considered a misuse of such tools by any means,” the spokesperson added.

Click the alert icon to follow topics: