Citizen Lab: Italian Intelligence Used Israeli Paragon’s Graphite Malware to Spy on Journalists, Activists

Israel’s spycraft is first-rate. From the “pager” attacks that decapitated Hezbollah, to the surgical strikes over the last few days that have eliminated Iran’s top generals and scientists, it is clear that Israel’s strategic success owes much to world-leading intelligence capabilities in the digital realm.

“In Israel, a land lacking in natural resources, we learned to appreciate our greatest national advantage – our minds,” said the late Israeli Prime Minister Shimon Peres.  Under constant threat, Israel has applied its great minds to information technology in the service of national defense.

What works well in the national security space for Israel, however, is a problem for the rest of the world when cutting-edge surveillance technologies are exported. PPSA has extensively covered the Israeli-based NSO Group, which released malware called Pegasus into the international market. Pegasus is a “zero-click” attack that can infiltrate a smartphone, extract all its texts, emails, images and web searches, break the encryption of messaging apps like WhatsApp and Signal, and transform that phone’s camera and microphone into a 24/7 surveillance device.

It is ingenious, really. Zero-click means the victim doesn’t have to accidentally fall for a phishing scam. The malware is just installed into a phone remotely. Victims can then be counted on to do what we all do – compulsively carry their smartphones with them wherever they go, allowing total surveillance of all they and their friends say and do.
​

• Once released on the international market by the NSO Group, Pegasus rapidly spread to democracies and illiberal regimes alike. It has been implicated in the targeted murder of a journalist in Mexico at the hands of a cartel, as well as the murder of Jamal Khashoggi in the Saudi consulate in Istanbul. Pegasus allowed agents of an African dictatorship to listen in on a conversation at the State Department. And it has played a prominent role in the targeting of political opponents in governments from Madrid to New Delhi.

Another Israeli technology company, Paragon, differentiates itself from the NSO Group by promising a more careful approach. Its U.S. subsidiary promises that it is about “Empowering Ethical Cyber Defense.”

• One of Paragon’s products is Graphite, also a zero-click malware that can infect digital devices. It differs from Pegasus by mostly targeting data from cloud backups instead of extracting data directly from a phone. Apparent efforts by Paragon to ensure the ethical use of this technology by its customers has failed.

 

• Digital investigators at Citizen Lab at the University of Toronto revealed on Thursday that a prominent European journalist (who requested anonymity) and Italian journalist Ciro Pellegrino were told that they had been targeted by Paragon’s Graphite.

 

• A June 5 report from an Italian parliamentary committee with oversight responsibility over Italy’s intelligence services acknowledged forensic evidence that Graphite was used against two leaders of an NGO, Mediterranea Saving Humans, which advocates for immigrants.

Much of the world media reports that an indignant Italian government severed ties with Paragon. But Israeli media reports that after the Italian government rejected an offer by the company to investigate one of these cases, it was Paragon that unilaterally terminated its contract with the Italian government.

The takeaway from all this is that even with a responsible vendor who sets guardrails and ethical policies, a zero-click hack is too tempting a capability for intelligence services, even those in democracies. Whether Pegasus or Graphite, a zero-click, total surveillance capability is like a dandelion in the wind. It will want to go everywhere – and eventually, it will.

DONATE & HELP US PROTECT YOUR PRIVACY RIGHTS