Again and Again, NSO Group's Customers Keep Getting Their Spyware Operations Caught (techcrunch.com) 8
An anonymous reader shares a report: Amnesty International published a new report this week detailing attempted hacks against two Serbian journalists, allegedly carried out with NSO Group's spyware Pegasus. The two journalists, who work for the Serbia-based Balkan Investigative Reporting Network (BIRN), received suspicious text messages including a link -- basically a phishing attack, according to the nonprofit. In one case, Amnesty said its researchers were able to click on the link in a safe environment and see that it led to a domain that they had previously identified as belonging to NSO Group's infrastructure.
"Amnesty International has spent years tracking NSO Group Pegasus spyware and how it has been used to target activists and journalists," Donncha O Cearbhaill, the head of Amnesty's Security Lab, told TechCrunch. "This technical research has allowed Amnesty to identify malicious websites used to deliver the Pegasus spyware, including the specific Pegasus domain used in this campaign."
To his point, security researchers like O Cearbhaill who have been keeping tabs on NSO's activities for years are now so good at spotting signs of the company's spyware that sometimes all researchers have to do is quickly look at a domain involved in an attack. In other words, NSO Group and its customers are losing their battle to stay in the shadows. "NSO has a basic problem: They are not as good at hiding as their customers think," John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, told TechCrunch.
"Amnesty International has spent years tracking NSO Group Pegasus spyware and how it has been used to target activists and journalists," Donncha O Cearbhaill, the head of Amnesty's Security Lab, told TechCrunch. "This technical research has allowed Amnesty to identify malicious websites used to deliver the Pegasus spyware, including the specific Pegasus domain used in this campaign."
To his point, security researchers like O Cearbhaill who have been keeping tabs on NSO's activities for years are now so good at spotting signs of the company's spyware that sometimes all researchers have to do is quickly look at a domain involved in an attack. In other words, NSO Group and its customers are losing their battle to stay in the shadows. "NSO has a basic problem: They are not as good at hiding as their customers think," John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, told TechCrunch.
They want to be caught (Score:4, Informative)
NSO products are not cute, fluffy bunnies. Some parts of the world are mean, cruel and dog-eat-dog. Some companies will cater to those needs. I'm not justifying it. It's good that we know what's happening, so we can decide if we want to support companies like this, stay neutral, or try to squash them out of existence.
But I wouldn't be surprised if NSO arranges for these leaks on purpose.
Re: (Score:2)
Re: (Score:1)
No, it's just blatant disregard for the law. They don't care because, as the genocide in Gaza has proven time and again, USA shields Israel from prosecution.
Re: (Score:2)
if this was ANY OTHER GROUP the country they are in would be the first word of the headline.
When I read about warfare, the country that sold the weapons is never part of the headline, except sometimes in the case of donations to Ukraine. So I think it may be more likely that you have a bone to pick than that the journalist is trying to hide things.
Re: (Score:2)
To be clear, these tools are considered weapons and it's totally inappropriate for a government to use them against, for example, journalists.