Since November of 2021, US-based companies have been barred from doing business with the NSO Group, an Israeli research firm behind some of the most advanced hacking tools the tech world has ever seen. Come to find out, a New York Times investigation from this past April revealed that a US government agency was actively using a powerful hacking tool from the NSO Group dubbed Landmark.
The White House subsequently launched an investigation and asked the FBI for assistance. Which agency, the White House wanted to know, was operating in defiance of the ban? And believe it or not, the investigation revealed that the agency using Pegasus was the FBI itself. Specifically, the FBI was using the software to track suspected drug cartel members in Mexico.
For what it’s worth, the FBI says the tool was provided to them by a contractor called Riva Networks. According to the FBI, the bureau wasn’t aware of the software’s origins.
The report reads in part:
The F.B.I. now says that it used the tool unwittingly and that Riva Networks misled the bureau. Once the agency discovered in late April that Riva had used the spying tool on its behalf, Christopher A. Wray, the F.B.I. director, terminated the contract, according to U.S. officials.
…
It is also unclear which, if any, government agencies besides the F.B.I. might have worked with Riva Networks to deploy the spying tool in Mexico. Two people with direct knowledge of the contract said cellphone numbers in Mexico were targeted throughout 2021, 2022 and into this year — far longer than the F.B.I. says the tool was used.
The reason why the NSO Group is precluded from doing business in the US is a long and interesting tale. Put simply, several stories over the past few years revealed that foreign governments with questionable human rights records were using NSO Group hacking tools to “maliciously target” journalists and dissidents. This ultimately prompted the White House to ban American companies from doing any type of business with the NSO Group.
To call the NSO Group’s software sophisticated would be a grave understatement. It’s most notorious tool, a piece of software dubbed Pegasus, is capable of extracting data and monitoring activity from targeted devices. Some incarnations were so sophisticated that a device could be completely compromised simply by opening a text message. And speaking to the skill of NSO Group engineers, the first iteration of Pegasus spotted in the wild implemented three iOS zero-day exploits.
For years, the NSO group and Apple have been playing a game of cat-and-mouse. Every time Apple would release a new iOS update with bolstered security, it wouldn’t be long before the NSO Group came up with a sophisticated workaround.
Apple eventually grew so frustrated with the NSO Group’s activities that it sued the company in November of 2021.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” Apple executive Craig Federighi said at the time.
“Apple devices are the most secure consumer hardware on the market,” Federighi went on to say, “but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”
Alongside its lawsuit, Apple last year released Lockdown Mode as part of iOS 16. The new feature is aimed at journalists, activists, politicians, and essentially anyone who is likely to be “personally targeted by a highly sophisticated cyberattack.” When enabled, Apple writes that applications, websites, and iOS features will be “strictly limited” and that some features may be unavailable altogether.
Apple at the time described Lockdown Mode’s protections as follows:
- Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
- Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
- Wired connections with a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
