Lawsuit Claims Pegasus Spyware Helped Saudis Spy on Khashoggi | Threatpost | The first stop for security news

A well-known Saudi dissident previously targeted by the notorious Pegasus spyware has filed a lawsuit against that spyware’s authors, Israel-based NSO Group. The suit claims that Pegasus was instrumental in the Saudi government’s surveillance of Washington Post journalist Jamal Khashoggi leading up to his murder in the Saudi Consulate in Istanbul.

Pegasus, which infects smartphones, contains a host of spy features. After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts and carry out other surveillance tasks as needed.

Omar Abdulaziz, a Saudi activist and Montreal resident, was targeted and infected with Pegasus spyware over the summer, according to Citizen Lab. The targeting occurred while Abdulaziz, who recently received asylum in Canada, was attending McGill University.

During that time, Abdulaziz and Khashoggi were having almost daily exchanges up to August 2018, according to CNN reporting – during which they plotted a campaign that they dubbed “cyberbees.” Cyberbees would be an effort to enable young, socially conscious Saudis to take to Twitter in order to challenge the Kingdom’s state propaganda and what they viewed as oppressive regime tactics. It would Khashoggi’s journalistic public profile and Abdulaziz’s Twitter following of 340,000 people.

The scheme involved sending untraceable foreign SIM cards to dissidents back home in order to help the “bees” avoid being identified while tweeting; and an effort to surreptitiously engage wealthy donors to pour money into the project. The two discussed the arrangements via WhatsApp messages; but somehow, the Saudi government uncovered their plan, according to Abdulaziz. He places the leak squarely in the court of the Pegasus spyware, which he alleges was sic’d on him by the Saudi government.

On Sunday, Abdulaziz’s lawyers filed a lawsuit in Tel Aviv, alleging NSO broke international law by knowingly allowing its wares to be used to infringe upon human rights.

“NSO should be held accountable in order to protect the lives of political dissidents, journalists and human rights activists,” said Abdulaziz’ lawyer, Alaa Mahajna, speaking to CNN.

For his part, Abdulaziz didn’t sugarcoat his thoughts: “The hacking of my phone played a major role in what happened to Jamal, I am really sorry to say,” Abdelaziz told CNN. “The guilt is killing me.”

NSO Group said in a media statement that the claims are “completely unfounded” and that there’s no evidence that Pegasus was used to hack Abdulaziz’s phone. “The lawsuit appears to be based on a collection of press clippings that have been generated for the sole purpose of creating news headlines and do not reflect the reality of NSO’s work,” it said.

It also reiterated its mantra that Pegasus only helps governments and law enforcement agencies “fight terrorism and crime in a modern age,” but it also gave itself an out: “In addition, products supplied by NSO are operated by the government customer to whom they were supplied, without the involvement of NSO or its employees.”

Despite NSO Group’s statements to the contrary, the targeting of Abdulaziz fits a pattern of ongoing attacks on “civil society” members (i.e., journalists, social justice activists, dissidents and human rights organizations) using the Pegasus malware, according to Citizen Lab. At October’s Virus Bulletin 2018 in Montreal, Citizen Lab’s Masashi Nishihata explained in a session that the attack on Abdulaziz was “inferred to be a Saudi Arabia-based attacker.”

He added, “Abdulaziz has been outspoken on an ongoing diplomatic feud over human rights issues between Canada and Saudi Arabia.”

The dissident has gained notoriety; he regularly appears in Canadian media, and “Omar had amassed a significant following on YouTube,” said Citizen Lab’s John Scott Railton, also speaking at Virus Bulletin. “And he has been under pressure from the Saudi government to tone it down.”

Also, on a guest appearance on the Canadian Broadcasting Corporation (CBC)’s current affairs show, The Current, on August 10, he said that Saudi authorities had entered his brother’s home in Saudi Arabia and “asked him to convince me [to] stop tweeting about what’s really going on between Canada and Saudi Arabia, or they’re going to send him to jail.”

Citizen Lab has said that the situation is just one example of the misuse of commercial spyware – which it defines as products ostensibly made by legitimate companies for use by supposedly vetted governmental organizations to catch terrorists and criminals. But it has consistently noted the use of Pegasus and other military-grade hacking tools to target civil society, on the suspected behalf of various oppressive or corrupt governments.

“In six years, we have observed four spyware companies (FinFisher, Hacking Team, Cyberbit and NSO Group) make similar claims: their products are used for catching terrorists and criminals; they undertake due diligence before selling their products to a customer; and they investigate allegations of misuse, taking remedial actions if warranted,” researchers noted in a recent posting. “[Yet] findings by Citizen Lab show that many governments and their intelligence services cannot resist abusing spyware… each company’s products have been abused in ways that caused measurable harm to human rights defenders, journalists, lawyers working on behalf of victims of crimes, or civic media (e.g. bloggers).”

Abdulaziz’ lawsuit comes as similar suits get underway, alleging that the governments of Mexico and the United Arab Emirates have spied on journalists and others. Amnesty International, which also recently accused Saudi Arabia of using Pegasus to spy on its employees, said last week that it was considering legal action unless the Israeli defense ministry revokes NSO Group’s license to export the spyware.

“From a modern, democratic perspective, the advancement of the technology of cyber-weapons should be subject to controlled, ethical use,” Rick Moy, CMO at Acalvio, told Threatpost. “The checks and balances we expect concerning the use of kinetic force should also translate to today’s cyber-realm. Unfortunately, not all governments nor individuals take the same view. Since cyberattacks cross international borders, we’re now talking about civil society as an international discourse. Malware researchers are rightfully at the forefront of this movement. Citizen Lab and other groups should continue to push this topic openly and hold private and public entities culpable for their misuse.”