Private spyware victim warns it can be used against US | Technology

By NOMAAN MERCHANT – Associated Press

WASHINGTON (AP) — Months after her father was lured to Rwanda under false pretences and imprisoned, Carine Kanimba discovered her own phone had been hacked using private spyware.

Kanimba is the youngest daughter of Paul Rusesabagina, who is credited with saving more than 1,200 lives during the 1994 Rwandan genocide in a story that inspired the film “Hotel Rwanda”. Opposing Rwandan President Paul Kagame, Rusesabagina is currently serving a 25-year prison sentence on charges he dismissed as politically motivated.

People also read…

Researchers have alleged that Pegasus was used to spy on Kanimba and his cousin as Rusesabagina’s family pleaded for his release from Rwanda, which received $160 million in foreign aid from the United States in the last fiscal year.

“Unless there are consequences for countries and their enablers who misuse this technology, none of us are safe,” she told the House Intelligence Committee on Wednesday.

Kanimba and tech experts have urged Congress to oppose the use of commercial spyware in the United States and discourage investment in spyware that has been used to hack into the phones of dissidents, journalists and even American diplomats.

Pegasus infiltrates phones to control their camera and microphone and siphon data without forcing the user to click on a malicious link. It’s part of a burgeoning international market for states to acquire cyber tools that were once only available to the most technically advanced governments. Google researchers have identified at least 30 vendors selling zero-click exploits or other spyware.

NSO Group says its software cannot be activated on phone numbers with a US country code unless used by a US agency. But there are several documented reports from US officials and citizens whose data was captured by Pegasus.

One committee member, Rep. Jim Himes, D-Conn., suggested that off-the-shelf spyware looked like “a very serious threat to our democracy and to democracies around the world.” Himes questioned whether spyware could be deployed from another country against US officials and he criticized companies investing in it.

Among the investors in a private equity firm that held a majority stake in NSO Group were the Oregon State Employees Pension Fund and the Alaska Permanent Fund Corporation.

U.S. officials and many lawmakers from both parties are worried about foreign interference in future elections and the prospect of Americans trying to nullify a legal vote by force.

“No one, not Mike Pence, not Nancy Pelosi, not Kevin McCarthy … is safe from having their most private deliberations monitored,” Himes said. “And that may be just enough to interfere in our elections, just enough to end our democracy.”

US law enforcement and intelligence agencies have long been in the market themselves to find ways to hack phones.

Last year, the Biden administration imposed export limits on NSO Group and three other companies. But the FBI admitted to buying a license for Pegasus for what it called “product testing and evaluation only.” While spyware companies are raking in huge profits in the Middle East and Europe, it’s American companies and investments that “legitimize what they’re doing,” said John Scott-Railton, senior fellow at Citizen Lab. , who has long studied the operation of programs.

“Doing business with the US government, getting taken over by an American company, or even doing business with a US police department is the price of gold for many in the spyware industry,” he said. . “As long as it remains a possibility for problematic players, they will get support from investors.”

The committee is pushing U.S. spy agencies to “act decisively against counterintelligence threats posed by foreign commercial spyware,” according to the public version of its latest intelligence licensing bill. The bill, which has yet to be voted on by the full House, proposes that the Director of National Intelligence “may prohibit” individual US agencies from acquiring or using foreign commercial spyware.

But the bill would also allow any head of an intelligence agency to request a waiver from the director if the waiver “is in the national security interest of the United States.”

In a statement, NSO Group noted that discussion of spyware “sometimes lacks balance (by) intentionally omitting their vital benefits.”

“NSO reiterates that it thoroughly investigates any claims of illegal use of its technology by customers and terminates contracts in the event of illegal use,” the company said. “Nevertheless, it is essential to consider the benefits and alternatives to these critical technologies.”

Kanimba testified that she had been alerted last year by a group of journalists working with Citizen Lab and Amnesty International that there was reason to believe she had been spied on. Subsequent forensic analysis of her phone revealed that she had been targeted by Pegasus spyware, she said.

She said the surveillance was triggered when she traveled with her mother to a meeting with Belgium’s foreign minister – Rusesabagina holds Belgian nationality and US residency – and was active in calls with the Department of State and with the Office of the Presidential Special Envoy of the United States Government. for hostage cases.

His family lives in San Antonio. Democratic Representative Joaquin Castro, a member of the committee representing that city, noted that communications from his office may have been picked up by Rwanda because he was advocating for Rusesabagina’s release.

The Rwandan embassy in Washington did not respond to a request for comment.

Rusesabagina was convicted of terrorism offenses related to his alleged links to the armed wing of his opposition political platform. Rusesabagina denied supporting the violence and called the verdict a “sham”.

Associated Press writer Eric Tucker contributed to this report.

Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.

Comments are closed.