Total Tests:

Cyber surveillance weapon used to target journalists, activists

By Kirsten Doyle for ITWeb
Monday, July 19, 2021

It strongly denied “false claims” made about the activities of its clients, but said it would “continue to investigate all credible claims of misuse and take appropriate action”. It also said the list could not be a list of numbers “targeted by governments using Pegasus”, and called the 50 000 figure “exaggerated”.

Ilia Kolochenko, founder of ImmuniWeb, and a member of Europol Data Protection Experts Network, says attack attribution in the cases reported is incredibly complex and unreliable.

Firstly, legitimate end-customers could have shared the cyber tool with their foreign partners in exchange for valuable data, zero-day exploits or sophisticated spyware, which is a widespread practice.

“Security teams in charge of such data and intelligence sharing are not necessarily experts in human rights protection and may negligently or unknowingly share the software with some grey- or even black-listed jurisdictions,” he adds.

In addition, Kolochenko says individual security analysts, who are employed by the trusted countries, may occasionally break internal rules and unlawfully share the spyware with unauthorised third-parties, as anti-insider security controls have low technical efficiency in such environments.

“Finally, legitimate end-customers could have been hacked and compromised, eventually exposing access to the software to unauthorised threat actors.”

Either way, he says legal action against NSO is more than likely futile, and any media hype around the alleged incident gives the company publicity. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential