Topline
Spyware made by NSO Group was used to hack several U.S. State Department employees’ iPhones, multiple media outlets reported Friday, leading the Israel-based tech firm to suspend some clients’ accounts — months after the company’s software was allegedly used to surveil human rights activists and others on foreign governments’ behalf.
This illustration shows a smartphone with the website of Israel's NSO Group.
Key Facts
The hacks targeted 11 employees of the U.S. Embassy in Uganda, including both foreign service officers — all of whom are U.S. citizens — and local staff, the New York Times reported, confirming stories by Reuters and other outlets.
Apple notified the personnel whose iPhones were hacked, according to Reuters and the Washington Post.
An NSO spokesperson told Forbes the company doesn’t have any indication its software was used in these hacks, but it has “decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations,” and will cooperate with any government probes (the company did not identify the customers).
The federal government didn’t confirm the hacks, but a National Security Council spokesperson said the Biden Administration is “acutely concerned that commercial spyware like NSO Group’s software poses a serious counterintelligence and security risk to U.S. personnel,” and the State Department said it takes information security seriously.
Apple did not comment, instead referring Forbes to a lawsuit it filed against NSO last month, asking a court to ban the company from using Apple hardware or software.
Crucial Quote
“Once the software is sold to the licensed customer, NSO has no way to know who the targets of the customers are, as such, we were not and could not have been aware of this case,” an NSO spokesperson said in a statement to Forbes.
Tangent
NSO says its software isn’t able to target phone numbers with the United States’ +1 country code. Reuters reported the State Department employees whose phones were hacked used international numbers.
Key Background
NSO says it sells its surveillance products to foreign governments for law enforcement and counterterrorism purposes. But earlier this year, the Post and several other media outlets reported that the company’s sophisticated Pegasus spyware appeared to target dozens of phones belonging to human rights advocates, journalists, government officials and associates of journalist Jamal Khashoggi, who was killed inside the Saudi embassy in Istanbul. Last month, the Biden Administration blacklisted NSO, accusing the firm of selling its software to nations that seek to “maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
Contra
NSO has pushed back against the allegations, arguing its software is used to stop terror attacks and serious crimes, and it’s claimed its products weren’t used against Khashoggi’s family members. The company argues it investigates abusive uses of its programs, but it doesn’t directly operate them. “We are selling our products to governments. We have no way to monitor what those governments do,” CEO Shalev Hulio told Forbes in July. “But if those governments misuse the system, we have a way to investigate. We will shut them down.”
Further Reading
EXCLUSIVE U.S. State Department phones hacked with Israeli company spyware (Reuters)
Pegasus spyware used to hack U.S. diplomats working abroad (Washington Post)
