NSO Group’s Pegasus crashes as Apple initiates Dignity and Justice Fund

Much has been written about NSO Group’s collision with government reality when the Israeli firm found itself on the wrong side of a business decision to sell their technologies to entities that used it to target human rights activists, political leaders, journalists, and a bevy of U.S. persons. The collision came in the form of the U.S. government blacklisting the company, effectively drying up a great percentage of their clients to the point where bankruptcy was seen on the horizon.

White House nixes L3Harris interest in NSO

Then, according to a recent New York Times expose, U.S. defense contractor/supplier L3Harris allegedly attempted a Phoenix-like save and raise the charred NSO from the ashes, with the sub rosa assistance of the U.S. intelligence community. Apparently, L3Harris had its eye on the “zero-click” exploit provided by NSO’s Pegasus for resale or exploitation by the U.S. To those not well versed in the government supply and contract world, L3Harris has expertise in the exploitation of cellphones.

L3Harris was the provider of the Stingray cell phone tracking equipment for years until it was rendered obsolete by the rollout of the nationwide 5G network. (The void is being filled by Stingray-like devices manufactured by others, including Canadian firm Octasic, which sells the Nyxcell cell-site simulator. Gizmodo in an October 2020 piece inspected Octasic’s patent and noted, “Nyxcell forces a connection with nearby mobile devices when its signal is stronger than the nearest legitimate cellular tower. Once connected, Nyxcell prompts devices to divulge information about its signal strength relative to nearby cell towers.”)

The L3Harris foray into the possibility of acquiring NSO and its technologies/apps for alleged arms distance use by the U.S. intelligence community ran into the wall of realpolitik when the effort was brought to the attention of the White House. Words were not minced, and the message was direct: It isn’t going to happen. With that, it is said that L3Harris stepped away from the table. The skeptics will say, “Well, did they really step away?”

For now, as of July 2022, it looks like NSO is in a death spiral. Who picks up their technologies in the upcoming fire sale will be of global interest.

Apple takes lead on holding surveillance firms accountable

In early July, Apple announced that it was all-in at developing their own technology to protect their users from “highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware.” Apple announced their development of “Lockdown Mode,” which should be available for iOS16 devices in the autumn of 2022. Lockdown Mode should be considered for use only in the gravest of situations, as it will cause the iPhone to not function as advertised and limit the accessibility of many apps and some may no longer function at all.

According to Ivan Krstic, Apple’s head of security engineering and architecture, “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

Lockdown Mode features are:

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
• Wired connections with a computer or accessory are blocked when iPhone is locked.
• Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

Apple continued how they are making available “a $10 million grant, to be added to any damages awarded from the lawsuit filed against NSO Group, to support organizations that investigate, expose, and prevent highly targeted cyberattacks.”

The Apple grant will be given to the Dignity and Justice Fund under the leadership of the Ford Foundation, and may be of interest to cybersecurity companies and research entities as the fund is intended to “research, track, and hold the enhanced cyber weapons trade accountable will be advised by an independent, global technical advisory committee (TAC). Initial members include:”

• Daniel Bedoya Arroyo, digital security service platform analyst at Access Now
• Ron Deibert, professor of political science, and director of the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto
• Paola Mosso, co-deputy director of The Engine Room
• Rasha Abdul Rahim, director of Amnesty Tech at Amnesty International
• Ivan Krstić, head of Apple security engineering and architecture

The funding assignments to be decided by the fund’s TAC will focus on the following areas according to Apple:

• Building organizational capacity and increasing field coordination of new and existing civil society cybersecurity research and advocacy groups.
• Supporting the development of standardized forensic methods to detect and confirm spyware infiltration that meet evidentiary standards.
• Enabling civil society to more effectively partner with device manufacturers, software developers, commercial security firms, and other relevant companies to identify and address vulnerabilities.
• Increasing awareness among investors, journalists, and policymakers about the global mercenary spyware industry.
• Building the capacity of human rights defenders to identify and respond to spyware attacks, including security audits for organizations that face heightened threats to their networks.