Politics AP Source: NSO Group spyware used to hack State employees
Who's a hero? Some states, cities still debating hazard pay
HARTFORD, Conn. (AP) — When the U.S. government allowed so-called hero pay for frontline workers as a possible use of pandemic relief money, it suggested occupations that could be eligible from farm workers and childcare staff to janitors and truck drivers. State and local governments have struggled to determine who among the many workers who braved the raging coronavirus pandemic before vaccines became available should qualify: Only government workers, or private employees, too? Should it go to a small pool of essential workers like nurses or be spread around to others, including grocery store workers? “It’s a bad position for us to be in because you have your local
WASHINGTON (AP) — The phones of 11 U.S. State Department employees were hacked with spyware from Israel's NSO Group, the world's most infamous hacker-for-hire company, a person familiar with the matter said Friday.
The employees were all located in Uganda and included some foreign service officers, said the person, who was not authorized to speak publicly about an ongoing investigation. Some local Ugandan employees of the department appear to have been among the 11 hacked, the person said.
Activision Blizzard workers walk out after sexual harassment lawsuit
Employees at the video game company Activision Blizzard are planning to stage a walkout Wednesday to demand better working conditions for women.“We believe that our values as employees are not being accurately reflected in the words and actions of our leadership,” organizers said in a statement released Tuesday, referring to the company’s official response to the lawsuit, in which it denied the allegations.
The hacking is the first known instance of NSO Group's trademark Pegasus spyware being used against U.S. government personnel.
It was not known what individual or entity used the NSO technology to hack into the accounts, or what information was sought.
“We have been acutely concerned that commercial spyware like NSO Group software poses a serious counterintelligence and security risk to U.S. personnel,” White House press secretary Jen Psaki said at briefing Friday.
Senior researcher John Scott-Railton of Citizen Lab, the public-interest sleuths at the University of Toronto who have been tracking Pegasus infections for years, called the discovery a giant wake-up call for the U.S. government about diplomatic security.
As Delta variant spreads, so do vaccine mandates
Accompanying that rise, which is expected to continue to worsen heading into the fall, a slew of new vaccine mandates are being enacted across the country. The Department of Veterans Affairs announced Monday that it will require 115,000 of its frontline health care workers to be vaccinated over the next two months. “Yes, Veterans Affairs is going to in fact require that all docs working in facilities are going to have to be vaccinated,” President Biden told reporters Monday in the Oval Office. With less than 50 percent of the U.S.
“For years we have seen that diplomats around the world are among targets,” he said, “and it looks like the message had to be brought home to the U.S. government in this very direct and unfortunate way. There is no exceptionalism when it comes to American phones in diplomats' pockets.”
News of the hacks, which were first reported by Reuters, comes a month after the U.S. Commerce Department blacklisted NSO Group, barring U.S. technology from being used by the company. And Apple sued NSO Group last week seeking to effectively shut down its hacking of all iPhones and other Apple products, calling the Israeli company “amoral 21st century mercenaries.”
The State Department employees were hacked on their iPhones, the person familiar with the matter said.
NSO Group said in a statement that after being asked Thursday about the Ugandan phones “we immediately shut down all the customers potentially relevant to this case,” but did not say who the customers were. The company said its spying technology is blocked from hacking phones based in the U.S. and is only sold to licensed customers.
Giant Christmas tree, Jersey Shore boardwalk, salmon farm: News from around our 50 states
Two hikers were rescued in separate operations in Arizona, Idaho city is looking to expand its geothermal heating system by 40%, and moreStart the day smarter. Get all the news you need in your inbox each morning.
If the allegations turn out to be true “they are a blunt violation” of contract terms and NSO Group “will take legal action against these customers,” it added.
In announcing the lawsuit, Apple sent out notifications globally to people whose iPhones were hacked with Pegasus in countries ranging from El Salvador to Poland. The targeted State Department employees were among them.
Apple declined comment Friday on the Uganda hacks.
Marketed to governments for use solely against terrorists and criminals, Pegasus has been abused by NSO customers to spy on human rights activists, journalists and politicians from Saudi Arabia to Mexico, including such high-profile targets as the fiancee of Jamal Khashoggi, the Saudi journalist murdered in his country’s consulate in Istanbul.
NSO Group has been broadly denounced for allowing such targeting, and its placement on the Commerce Department’s "entity list” last month was the first time a company outside of China had been added over human rights violations, said Kevin Wolf, an attorney at Akin Gump and former top commerce official in the Obama administration.
Reviving urban economies by returning to the office: The case of the nation's capital
The D.C. metropolitan region is returning to the office more slowly than other international urban areas. Despite the unpredictable nature of COVID-19, local officials are pressing for safe reentry to office buildings, hoping these employees will resuscitate stagnating economic sectors such as retail and hospitality.After working remotely from kitchen tables and basement playrooms for 20 months, migrating back to the office represents a significant lifestyle shift. Employees no longer connect work and office, and that poses a challenge for employers.
Analysts wonder whether NSO Group can survive financially under such circumstances. Last week, Moody’s downgraded NSO Group’s financial outlook to negative, saying it risked defaulting on more than $300 million in loans as a result of “high uncertainty” of its ability to sell new licenses. It said NSO Group, which is privately held, has about 750 employees with 60 customers in more than 35 countries
The impact on companies blacklisted by the Commerce Department, about half of which are Chinese, is often far broader than barring them from using U.S. technology. Wolf said many companies choose to avoid doing business with them completely “in order to eliminate the risk of an inadvertent violation” and the legal costs of analyzing whether they can.
NSO Group was asked by The Associated Press prior to Friday’s news whether it could survive as long as it is on the entity list. While not directly responding, it said it was “working on all appropriate channels to reverse the Department of Commerce’s decision.”
The company again claimed that it does not operate the Pegasus command-and-control system that remotely manages hacks “and has no access to the data collected by its customers.” Cybersecurity researchers who have closely tracked NSO’s spyware dispute that claim. They say NSO’s government clients are incapable of running the online infrastructure and their sleuthing has confirmed centralized control of post-infection operations.
Apple’s lawsuit added major heft to a Big Tech legal onslaught against NSO Group. Facebook sued it in 2019 for allegedly hacking its globally popular encrypted WhatsApp messaging app. Last month, a U.S. federal appeals court ruled that the case could go forward, rejecting NSO’s claim it should be thrown out because it is a “sovereign entity.”
Suderman reported from Richmond, Va., and Bajak from Boston. Josef Federman in Jerusalem contributed to this report.
Hillicon Valley — State Dept. employees targets of spyware .
Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup.Follow The Hill's cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage.Ladies and gentlemen the weekend! But before we get there, news broke today that the phones of almost a dozen State Department employees were targeted and hacked by spyware from embattled company NSO Group, which was recently blacklisted by the Commerce Department.