The NSO Group Edition

On hacking, privacy, and altering the future

Colin here. There have been several more disclosures this week about the pervasiveness of phone hacking using software from the Israeli company NSO. At a high level, the software is able to penetrate devices without the user having to click on a nefarious link from an outside source. Once the code worms its way in, it has carte blanche access to many private things. According to the Washington Post story:

Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction...

These kinds of “zero-click” attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance — and built marketing campaigns on assertions that it offers better privacy and security than rivals.

This software, ostensibly sold to keep track of terrorists and other nefarious actors, has been used to monitor and harass journalists, keep an eye on dissidents and activists. It’s a tool of modern-day surveillance and intimidation. With the latest range of revelations, 50,000 phone numbers were hacked. According to CNET, “The devices of dozens of people close to Mexican President Andrés Manuel López Obrador were on the list, as were those belonging to CNN, Associated Press, New York Times and Wall Street Journal reporters. But phones from several on the list, including Claude Mangin, the French wife of a political activist jailed in Morocco, were infected or attacked.”

Why is this interesting? 

When we double-click on this idea, what is important to think about is not just the surface-level surveillance and harassment, even murder, that can occur as a result of this surveillance. But the things that will never be said, the articles that will not be written, and policies that could benefit society that will not be enacted. The software is even more nefarious than it seems on the surface: it is a subtle, future-altering machine. Methods like this may not be overt like an armed conflict, but they are subtle agents of chaos and repression buried in the code of our devices. 

Here’s a particularly vivid example from Nicole Perlroth’s excellent book, “This is How they Tell me the World Ends.”

In the months after I published everything I knew about NSO—including the few details I had been able to gather about the company’s contracts in Mexico—my phone started buzzing with calls from an array of improbable targets: Mexican nutritionists, antiobesity activists, health policymakers,

even Mexican government employees—all of whom reported receiving a series of strange, increasingly menacing text messages with links they feared might be NSO’s spyware. I convened with Mexican digital rights activists and Citizen Lab, which examined the messages and confirmed that each was an attempt to install Pegasus spyware. Other than being from Mexico, I struggled to make sense of what the callers had in common. Eventually, after some digging, I came to this: each had been a vocal proponent of Mexico’s soda tax, the first national soda tax of its kind. On its face, the soda tax made a lot of sense. Mexico is CocaCola’s biggest consumer market; it is also a country where diabetes and obesity kill more people than violent crime. But the tax had opponents in the soda industry, and clearly somebody working in government didn’t want their kickbacks getting cut off. Now it appeared that they were going to extraordinary lengths to monitor the doctors, nutritionists, policymakers, and activists who wanted to see the soda tax through.

Mexico has extraordinarily high levels of diabetes. Soda rules, taxes, and public health actually add up to big second and third-order effects. This is but one example of the types of issues affected by the NSO and Pegasus software, how many more issues, policies, articles, and pushes for transparency have been silenced? (CJN)

Book of the day:

This is How They Tell Me the World Ends. The aforementioned book on hacking, cybersecurity, and geopolitics. One of my favorite reads in recent memory. (CJN)

Quick Links:

Thanks for reading,

Noah (NRB) & Colin (CJN) 

Why is this interesting? is a daily email from Noah Brier & Colin Nagy (and friends!) about interesting things. If you’ve enjoyed this edition, please consider forwarding it to a friend. If you’re reading it for the first time, consider subscribing (it’s free!).