NSO Malware Discovered On The Phones Of Critics Of Putin And His Allies
Here's yet more unsurprising news about Israeli malware developer NSO Group and its preferred customers. More phones infected by NSO's flagship Pegasus malware have been discovered by Citizen Lab researchers. And yet again those targeted are journalists, critics, dissidents, and opposition leaders.
The latest investigation identifies seven additional Russian and Belarusian-speaking members of civil society and journalists living outside of Belarus and Russia who were targeted and/or infected with Pegasus spyware. Many of the targets publicly criticized the Russian government, including Russia's invasion of Ukraine. These individuals, most of whom are currently living in exile, have faced intense threats from Russian and/or Belarusian state security services.
Even though the company is on the ropes, the software it sold to a variety of authoritarians and autocrats still exists. And it can still be used to target people these power-hungry governments don't like.
What could possibly be the point of infecting phones owned by dissidents, journalists, and critics with malware pitched as a solution to violent crime and international terrorism? The entities NSO sold to have repeatedly made it clear they'll spend millions on software for the sole reason of engaging in petty revenge operations. That's because the governments in control of this spyware are too thin-skinned to deal with the normal downsides of being in the government business: criticism, dissent, and the rise of opposition leaders who stand for everything these governments don't stand for.
While the revenge may be petty, the outcomes are far from trivial. Turning a phone into an active tracking device that also allows governments to eavesdrop on conversations and intercept communications means it is that much easier to locate the people you want to silence. As Citizen Lab points out, the retaliation against critics of Putin and his eastern European buddies is severe, ranging from travel bans to arrests. And there's always the possibility that operatives will just try to kill critics - something Russian operatives have done multiple times.
While the news may be unsurprising, it's helping keep NSO's name in the news. The longer that lasts, the less chance there is that it will be able to slip back under the radar and continue business as usual.
It also provides another set of rebuttals to NSO's multiple defenses of its products, sales tactics, and choice of customers. When the leak of NSO malware targets first occurred, the company claimed the list was bogus. And even if it was a list of targets, it was only a list of potential targets and not representative of how its customers deployed its products.
That list was full of journalists, critics, dissidents, opposition leaders, religious leaders, human rights advocates, and lawyers engaged in litigation against governments. That was the list the NSO Group claimed meant nothing. It was just a list and couldn't be tied to NSO, its customers, or the people targeted by its customers.
Literally everything uncovered since that leak has shown the opposite to be the case: NSO's customers directly or indirectly (by asking other governments to do their dirty work) target exactly the sort of people contained in this list. The malware NSO claims is a powerful tool that allows governments to track dangerous criminals and international terrorists is also just a way for governments to silence critics, eliminate inconvenient human obstacles, and otherwise ensure the narrative remains theirs alone. The deterrent effect of these actions is obvious.
NSO cannot claim to have clean hands. While it's true it cannot prevent customers from abusive deployments of its malware, it could have refused sales to known human rights abusers. It's not like this is news at this point. The first reports of NSO's sales to miscreants like the Saudi government occurred more than a half-decade ago.
It's not like a lot of the governments NSO sold to just recently started engaging in massive amounts of human rights violations. Every one of these questionable customers had been in the oppression business for years, if not for the entirety of their existence.
NSO has nowhere to go as long as these investigations and this sort of reporting continues. As long as the light remains bright enough, the shadows will be too small to hide in. So while this latest news may just be more of the same, it's still essential.