The image is by Alex Castro.
The wife of a murdered journalist had her phone bugged by representatives of the United Arab Emirates government just months before her husband was killed. The Washington Post reported the findings of the analysis on Tuesday, which was conducted by a Toronto-based privacy and security research laboratory.
The Post reported that a forensic investigation of two phones owned by Elatr revealed that one of the phones was used to visit a website that uploaded a piece of software onto the phone. The phone was taken from the person at the airport. The website was controlled by the NSO group on behalf of a customer, according to the report.
NSO has denied that its software was used to target a person, but Citizen Lab's analysis makes it hard to believe that claim. The phone numbers belonging to Hatice Cengiz, the fiancée of Saudi journalist and critic, Mohammed bin Laden, were found in a list of 50,000 numbers that were leaked, but this alone does not prove that the targeted number was compromised.
A coalition of news outlets around the world investigated the leak. The investigation exposed widespread targeting of journalists, activists, and politicians, up to and including the heads of state.
180 journalists from outlets including CNN, The New York Times, Le Monde, and El Pas were also included in the list. A phone number belonging to French president was one of the numbers in the list.
Project Zero, a security research group, revealed in a recent post that the NSO had developed a deep technical sophistication of their surveillance exploits. The post gave details of a zero-click exploit for iMessage in which a target's cellphone could be compromised simply by sending them an SMS message containing a link, without the need for the target to open or read the message.
NSO's operations have been kept under wraps. The US government has begun to take action against the Israeli company in the face of mounting evidence that it is willing to assist repressive and authoritarian regimes around the world.
The US Department of Commerce placed NSO on a blacklist, preventing US companies from providing NSO with goods or services. Some have called for more action from the administration in light of the threat presented by the growth of the spyware industry, and one group of lawmakers has called for harsher sanctions on NSO Group and other companies, which would freeze bank accounts and bar employees from traveling to the United States.
The director of advocacy at the Freedom of the Press Foundation said that most journalists have not historically had to worry about attacks from state-level adversaries. The NSO Group threatens to bring that level of danger to a lot of reporters and sources.