Cell phones of a senior Human Rights Watch official would have been hacked several times by an NSO Group client while investigating the catastrophic August 2020 explosion that killed more than 200 people in Beirut.
The alleged hack of Lama Fakih, a Lebanese-American citizen and director of crisis and conflict at HRW, is the latest example of how NSO’s powerful surveillance tool, Pegasus, has been used by the company’s customers to target activists and journalists.
HRW said Fakih was alerted by Apple on Nov. 24, 2021 that her personal iPhone could be subject to a state-sponsored attack. An investigation by HRW’s security team, which was reviewed by Amnesty International’s security lab, revealed that Fakih’s iPhones had apparently been infected with Pegasus via a so-called “zero-click” exploit that allows spyware operators to infect a phone without the mobile. the user doing anything, like clicking a link.
The news comes as NSO has faced a series of bad news at home and abroad. In November, the company was placed on a US blacklist by the Biden administration, which said it had evidence that the Israeli company was enabling foreign governments to carry out “transnational repression”.
NSO has also been embroiled in an internal crisis in Israel after it was alleged in a Calcalist report that Israeli police used Pegasus to gather intelligence for investigative purposes without legal oversight. The report prompted Israel’s Attorney General Avichai Mendelblit to announce an investigation into police use of spyware against Israelis. NSO said in a statement responding to the report that it had no control over how its customers used the spyware.
On Tuesday, NSO chairman Asher Levy said he was stepping down as the company’s chairman, but denied the move had anything to do with recent developments. Levy said he was appointed to the role by the former private equity owners of NSO, but management of the fund that owns the company was transferred to a new company.
“Any attempt to present this decision as a current resignation following any NSO-related posting is completely false,” Levy said. “I am full of appreciation for NSO, the life-saving technology it develops, the company’s management and employees, and the unprecedented ethical policies the company has adopted.”
In a statement on Tuesday, NSO said it was a “profitable business” and believed an international regulatory framework needed to be put in place to ensure the responsible use of cyber intelligence tools. .
“However, any call to suspend these vital technologies until such a structure exists is naive and would only benefit terrorists, pedophiles and hardened criminals who will evade surveillance and arrest,” the doorman said. -word.
NSO declined to answer questions from the Guardian about Fakih’s case, but the company told HRW it “is not aware of any active customers using [its] against a Human Rights Watch staff member” and that this would open an initial assessment of the allegations that Fakih was hacked.
When successfully deployed, a Pegasus spyware user can intercept phone calls, view a target’s photographs, read their messages, and turn the phone into a remote listening device. NSO said its customers are only supposed to use the spyware to target suspected serious criminals.
HRW alleged that its analysis found that Fakih’s two devices were hacked between April 6, 2021 and August 23, 2021. The human rights group could not identify the customer who may have been responsible for the hack alleged, but said Fakih oversees the crisis response of countries including Israel/Palestine, Kazakhstan, Ethiopia, Syria, Myanmar, Lebanon, Afghanistan and the United States.
In an interview with the Guardian, Fakih said she was working most intensely on an investigation into the “Beirut explosion” at the time it was allegedly hacked. She was also involved in projects involving Gaza and Ethiopia during this time.
“I was working around the clock,” she said, adding that she created a “Beirut blast” folder on her shared drive on April 5, a day before the alleged attacks began.
“I have always been very careful about my physical safety… but nothing has led me to believe that I was compromised in any way, that my data was hacked or that leaks were in progress. “, she said.
“So when I received this notification from Apple, there was some disbelief that this had happened to me,” she added.
Fakih, a Michigan native, said she has always worked hard to keep her personal life private and to protect the privacy of those she communicates with in the course of her work.
“And then all of a sudden I have my phone infected. So I have thousands of photos of my young children or photos from my wedding and all these deeply personal and meaningful memories that suddenly weren’t mine. And it made me feel very uncomfortable,” she said.
“My whole career has been about trying to protect people’s rights. And suddenly they tried to use this work to undermine them.