Aug 02 2022

Pegasus is listening

Category: SpywareDISC @ 1:55 pm
Pegasus is listening: Q&A with Paul Rusesabagina’s daughter Carine Kanimba

Pegasus is listening: Q&A with Paul Rusesabagina’s daughter Carine Kanimba

You may not recognize the name Carine Kanimba, but you have probably heard of her dad: Paul Rusesabagina. He was the manager of Hôtel des Milles Collines and rather famously decided to shelter some 1,200 mostly Tutsi Rwandans in his hotel during the 1994 genocide in Rwanda. Don Cheadle played him in the movie Hotel Rwanda.

After, Rusesabagina became a superstar ambassador of human rights. He wrote an autobiography about his work during the genocide; President George W. Bush awarded him the Medal of Freedom; and he went on the speakers’ circuit not just talking about 1994 – but criticizing the current government of President Paul Kagame for trampling on human rights.

In August 2020, Rusesabagina boarded a private jet for what he thought would be a trip to Burundi, but instead he was rendered to Rwanda. He’s since been sentenced to 25-years in prison.

Carine Kanimba was on Capitol Hill last week to talk not just about her dad (who adopted sisters Carine and Anaïse shortly after the genocide), but also her recent discovery that she’s been targeted by a commercial spyware program called Pegasus. And she believes the Rwandan government was behind it.

Pegasus spyware is the brainchild of an Israeli company called NSO Group and it has been found on the phones of so many activists around the world it has become a kind of cautionary tale about the commercial spyware industry. It has been linked to the murder of journalist Jamal Khashoggi, discovered on the phones of Mexican opposition leadersCatalonian politicians, and journalists and lawyers around the world. (In a statement, NSO Group told Click Here that it “thoroughly investigates any claim for illegal use of its technology by customers, and terminates contracts when illegal use is found.”)

The Click Here podcast sat down with Kanimba shortly after her Congressional testimony to talk to her about her role as a human rights advocate, what it is like finding oneself on the receiving end of a spyware campaign, and why she is confident she will win her father’s release. The interview has been edited and shortened for clarity.

CLICK HERE: We wanted to start by saying we’re very sorry about what you’re going through with your father…

For complete interview – Pegasus is listening: Q&A with Paul Rusesabagina’s daughter Carine Kanimba

Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy

Tags: A Privacy Killer, NSO’s Pegasus, Pegasus, Pegasus spyware

Jan 13 2022

El Salvador journalists hacked with NSO’s Pegasus spyware

Category: SpywareDISC @ 10:50 pm
El Salvador journalists hacked with NSO’s Pegasus spyware

https://

therecord.media
/el-salvador-journalists-hacked-with-nsos-pegasus-spyware/

The smartphones of dozens of journalists and activists from El Salvador have been hacked with a version of the Pegasus spyware.

The malware was found on 37 mobile devices belonging to 35 individuals.

“Targets included journalists at El Faro, GatoEncerrado, La Prensa Gráfica, Revista Digital Disruptiva, Diario El Mundo, El Diario de Hoy, and two independent journalists. Civil society targets included Fundación DTJ, Cristosal, and another NGO,” Citizen Lab said in a report published last night.

The hardest hit was news site El Faro, where Pegasus was found on the devices of 22 reporters.

Attacks likely carried out by the local government

Citizen Lab said the hacked devices were compromised between July 2020 and November 2021 by a threat actor they were calling Torogoz, with some devices being hacked multiple times.

The investigators, who have a long history of analyzing the Pegasus spyware, said they had “no conclusive technical evidence” about the identity of the attackers, but the focus on El Salvador individuals suggests that Torogoz is most likely an entity associated with the Salvadoran government.

Additional circumstances to sustain this attribution also include the fact that many victims had their devices compromised around the same time they were investigating or reporting on sensitive issues involving the local government, such as a scandal involving alleged negotiations between the administration of President Bukele and the MS-13 criminal cartel.

The Citizen Lab report suggests that the El Salvador administration or someone close to it might have rented access to Pegasus, a hacker-for-hire platform developed by Israeli company NSO Group, and then used it to go after their critics.

The proposed theory is not a far-fetched scenario as NSO Group has done this before, providing its Pegasus spyware to many oppressive regimes across the world, which then used it to track and silence their critics and political rivals.

While NSO Group has always publicly stated that they sell their software only to legitimate law enforcement agencies and that they can’t control how their customers use its tools, the rampant abuse of its software by oppressive regimes for human rights abuses has forced the US government to put the NSO Group on its sanctions list in November last year.

A few weeks later, Apple, whose iPhones are the main target of Pegasus attacks, also sued the Israeli company in a US court, hoping to get an injunction against NSO Group developers and block them from using its platform to develop the iPhone hacks needed to keep the Pegasus malware up-to-date.

Hacks discovered using open-source tool

Citizen Lab said it learned of the hacks in September 2021 after some El Salvador journalists used a free security tool developed by Amnesty International, named Mobile Verification Toolkit (MVT), to self-scan their devices for traces of the Pegasus spyware.

The reporters who found signs of a compromise contacted Access Now’s Digital Security Helpline, which called on Citizen Lab to investigate the hacks further.

After Apple sued NSO Group, some of the victims of these attacks received confirmation about the hacks from Apple itself when the company notified past victims of Pegasus attacks using a new set of notifications the company rolled out. At the time, similar notifications were also sent to many Apple users in Thailand and Uganda.

The names of most of the El Salvador reporters and activists hacked in this latest campaign are available in the Citizen Lab report.

“NSO Group’s tentacles continue to spread across the globe, crushing the privacy and rights of journalists and activists into oblivion,” said Angela Alarcón, Latin America & the Caribbean Campaigner at Access Now. “Revelations that Pegasus software has been used to unjustly spy in El Salvador may not come as a complete surprise, but there is no match to our outrage.”

Recent reports indicate that NSO Group is on the brink of bankruptcy and shutting down after the Apple lawsuit. Nevertheless, there is a booming market of many other spyware vendors ready to fill the void left by a potential NSO closure.

Tags: NSO’s Pegasus