Israel Is Hacking the Phones of Palestinian NGOs

Israel has been caught hacking the phones of six Palestinian human rights staffers. It’s the latest incident in Israel’s larger web of blatantly undemocratic mass surveillance practices.

Israel installed spyware on the phones of six human rights staffers. (Getty Images)

The Dublin-based digital rights NGO Front Line Defenders (FLD) published a major report earlier this month that found that six Palestinian human rights staff, working for NGOs later designated by the Israeli defense ministry as terror groups, were hacked by the technology company NSO Group’s Pegasus spyware. The hack was, apparently, part of an Israeli campaign to criminalize the advocacy efforts of the Palestinian NGOs. It sought compromising information that would buttress the government’s claims that they are affiliates of the banned Popular Front for the Liberation of Palestine and funnel donations to fund its terror activities.

A number of these Palestinian groups, along with several Israeli human rights NGOs, have testified before international bodies that Israel has engaged in war crimes against Palestinians. Israel views this as what it calls “delegitimation,” an attempt to destroy the state of Israel by political means. It considers such acts as existential threats. One past government minister even went so far as to call for the “civil targeted assassination” of the leaders of the global Boycott, Divestment, and Sanctions (BDS) movement. The attacks portrayed in the FLD report are an integral part of that campaign.

FLD laid out a detailed timeline of events that ties the defense ministry’s designation of the NGOs as terror groups directly to the phone hacking. The first hacking victim came forward on October 16, giving his phone to FLD for a forensic analysis. It immediately shared the device logs with the Citizen Lab, the cyber-forensic detectives who specialize in detecting NSO’s spyware. The following day, the Dublin group met with the six Palestinians and confirmed their phones had been infiltrated.

Presumably, NSO and the Israeli internal security service Shin Bet discovered that their operation had been compromised and exposed almost simultaneously. That would explain why the following day, October 18, Salah Hammouri, one of the six whose phones were targeted, was notified that his Jerusalem permanent residency had been revoked, and he would be deported for “breaching his allegiance to the State” of Israel.

On October 22, defense minister Benny Gantz announced that the six Palestinian groups had been designated as terrorists. Ronen Bergman, writing in Ynet, connects the dots between the events while tying the attack to the Israeli intelligence service:

The Front Line Defenders report . . . not only offers overwhelming evidence that the Shin Bet is using Pegasus to penetrate the phones of human rights activists, but [attests to] a much broader conspiracy.

Israel was aware of FLD and the Citizen Lab . . . which dedicated great effort to tracking the activities of NSO. In order to retroactively legitimate the monitoring of the activists, [Israel] hastened to announce that the groups had been deemed terrorists, and sought to advance publication of its findings

In other words, Israel had long planned to mark the groups as terrorists. But as it could not find sufficient evidence to support the designation, it turned to the hacking operation in an attempt to dig up dirt that would impugn the NGO staff and their employers. Once exposed, the defense ministry had no choice but to implement a ban on the groups immediately.

Israel Targets Palestinian Authority Foreign Ministry Officials

Besides the NGOs that were targeted, in recent days, the Palestinian Authority (PA) confirmed that senior members of its foreign ministry were also hacking victims. A source tells me that at least three individuals were targeted.

Last March, PA foreign minister Riyad al-Maliki and two aides traveled to the Hague to consult with then International Criminal Court (ICC) chief prosecutor Fatou Bensouda, who announced that month she was beginning an investigation into Israeli war crimes. On their return, all three were detained at the Allenby Bridge crossing by the Shin Bet, which was displeased with Palestinian collaboration with the ICC inquiry.

Two of al-Maliki’s senior aides were interrogated for ninety minutes about their travels. Al-Maliki had his VIP pass, which permitted him to pass through border crossings freely, confiscated. A source I consulted who is particularly knowledgeable about PA affairs believes it is likely that these are the same three individuals whose phones were attacked. In fact, when they described the Shin Bet interrogation in March, the foreign ministry aides noted that their phones had been confiscated.

It is increasingly clear that the hacks of the NGOs and the PA are directed against the ICC inquiry and potential findings that Israel has engaged in war crimes. Charges of terrorism conceal the real motive.

By pure coincidence, the US Department of Commerce placed the NSO Group on its blacklist on November 3, only days after the latter’s attacks on the Palestinian human rights defenders were exposed (but before they were made public). FLD went public with its findings five days later, on November 8.

Recent reports in +972 Magazine indicate that the Shin Bet circulated a dossier to European states funding the groups and the Biden administration. It sought to justify the terror designation but lacked any specific evidence to support the charges. When the Europeans told Israel they remained unimpressed by the dossiers, Israeli security forces sought to uncover further incriminating evidence from the hacked staff members’ telephone communications.

Bergman also says the Commerce Department decision is part of a campaign by the Biden administration to signal its overall disapproval of Israeli government policy toward the Palestinians. It intended this to be a shot across Israel’s bow.

In case there were any doubt regarding the culprit behind the hack, Israeli journalist Amira Hass explicitly attributes it to the Shin Bet. She writes in Haaretz:

Even if the Palestinian individuals and the organizations which discovered the Pegasus spyware on their phones and the journalists who reported it can’t prove who is behind it, it’s clear to everyone that it was Israel — or in other words, the Shin Bet security service. . . .

Moreover, the terms of the export licenses the Defense Ministry gave NSO state that only the Israeli security services are allowed to conduct surveillance of phones with Israeli telephone numbers. . . . In other words, no country in the world other than Israel is authorized to spy on [the NGOs].

Further complicating matters for the Israelis, one of the hacking victims, Ubai Aboudi, an economist who runs the Bisan Center, one of the six groups Gantz slapped with terrorist designations, is a US citizen. According to Bergman, Aboudi filed a complaint with the US government, which was incensed when it discovered that Israel was spying on a US human rights worker. NSO and the Shin Bet campaign thus raised a red flag, offering the Biden administration evidence to bolster the claim that the company not only violated human rights protections but conflicted with US national-security interests.

Bergman describes an Israeli national-security apparatus shocked by the Commerce Department announcement. But despite being thrown back on its heels, Israel has decided to mount a vigorous campaign (Bergman uses the term “war”) against the Biden administration, seeking to remove NSO from the blacklist. The Israeli government will soon convene an all-hands-on-deck meeting of officials from the defense, foreign affairs, justice ministries and the prime minister’s office to plot a strategy to address the damage and repair it.

It’s critical to note that Israeli spyware companies like NSO, Candiru, Circles, Cellebrite, and AnyVision are not just commercial entities divorced from the state. They comprise a network of willing accessories that advance Israeli security interests globally, in addition to their own corporate profits. When the state calls upon them, they offer their services, as they did with the Palestinian NGO operation. When these cyberwarfare companies face obstacles like the US blacklist, the state comes to their aid.

Bergman confirms this symbiotic relationship:

The company’s biggest backer, the government of Israel, considers the software a crucial element of its foreign policy and is lobbying Washington to remove the company from the blacklist, two senior Israeli officials said Monday.

Speaking to Bergman, anonymous Israeli officials feign shock: “If the United States is accusing NSO of acting against its interests, the officials said, then it is implicitly accusing Israel, which licenses the software, of doing the same.”

Doubtless, these officials would have us share in their shock at such an outrageous possibility. But that is indeed what Israel and NSO have done. They’ve sabotaged US telecommunications companies like WhatsApp. In further jeopardizing American interests, Israel has enabled spying on senior US-Iran negotiator Rob Malley. Israel played a key role in the murder of Jamal Khashoggi, a Washington Post columnist. And now they’ve hacked a Palestinian American US citizen.

Israel makes a major point of arguing its defense ministry regulates and licenses the export of cybersecurity products to ensure they are only sold to governments using them properly (against criminals and terrorists) and ethically. But the regulatory agency has never denied such an export permit. It is not in the business of restricting such commerce. Rather, it is in the business of promoting the products and facilitating their distribution globally. In one case, it even acted as a middleman between the security services of a Gulf state and NSO.

Bergman ominously concludes his Ynet report:

This is not just a mobilization for a commercial company, but a war concerning a number of key, secret, and highly sensitive issues that concern senior Israeli security officials and the security of the state.

The Blue Wolf Facial-Recognition Database

The Washington Post reported recently that the Israel Defense Forces (IDF) has compiled a massive database of Palestinian faces for security purposes. When tied to other biographical and intelligence data, it determines which individuals to arrest and which to permit entry into Israel.

This is the online promotional content the army offers troops to encourage them to participate:

Doing all we can to prevent the next terror attack!

Serving in Judea and Samaria? A new unit will turn you into a Blue Wolf!

Israel has also mounted thousands of security cameras throughout the West Bank to monitor the movement of Palestinians. Soldiers involved in the program, speaking to the anti-occupation NGO Breaking the Silence, claim the spy gear can also view the interiors of Palestinian homes.

In many cases, IDF units were tasked with taking photographs of individual Palestinians as they patrolled the streets. The photos were downloaded via cell phone app to a Blue Wolf database. Some units took as many as a thousand photos in a single week. Their commanders turned the process into a competition and offered winners special prizes.

The images are incorporated into a database linking them to extensive personal dossiers. That in turn allows Israeli authorities to give each person their own grade or category, which govern decisions like making arrests or approving them for work permits entitling entry into Israel.

Blue Wolf is reminiscent of the mass surveillance programs instituted by Chinese law enforcement, which installed millions of cameras throughout the country. The authorities even give individuals social-credit scores concerning their standing:

China’s social-credit scoring is best understood not as a single system but as an overarching ideology: encompassing punishments and rewards, to improve governance and stamp out disorder and fraud. Commercial schemes mostly handle the perks, state schemes the punishments. Both work in concert to encourage socially responsible behavior.

But they are undeniably intrusive. Government agencies compile and share data on judgments against individuals or companies. Fail to pay a fine or court-ordered compensation, or default on your debts, and you will be put on the “List of Untrustworthy Persons”. . . . Five million people have been barred from high-speed trains and 17 million from flights under the scheme.

The technology is used even more intrusively to monitor millions of Uyghurs in Xinjiang province. It is a critical element in a massive experiment in social control, including concentration camps which imprison and “reeducate” detainees to rid them of any Muslim separatist or political aspirations.

Though the Post does not say whether Blue Wolf was developed by the IDF itself or is an off-the-shelf third-party product, it does point to AnyVision, an Israeli cybersecurity and facial-recognition company, which is involved in this field:

In 2019, Microsoft invested in an Israeli facial recognition start-up called AnyVision [which] work[ed] with the army to build a network of smart security cameras using face-scanning technology throughout the West Bank. (Microsoft said it pulled out of its investment in AnyVision during fighting in May between Israel and the Hamas militant group in Gaza.)

Also in 2019, the Israeli military announced the introduction of a public facial-recognition program, powered by AnyVision, at major checkpoints where Palestinians cross into Israel from the West Bank. The program uses kiosks to scan IDs and faces, similar to airport kiosks used at airports to screen travelers entering the United States. The Israeli system is used to check whether a Palestinian has a permit to enter Israel, for example to work or to visit relatives, and to keep track of who is entering the country, according to news reports. This check is obligatory for Palestinians.

Balance the above with claims AnyVision’s chief marketing officer, Dean Nicholls, emailed me:

Former U.S. Attorney General Eric Holder and his team at Covington & Burling have completed their audit of AnyVision. The available evidence demonstrated that AnyVision’s technology has not previously and does not currently power a mass surveillance program in the West Bank that has been alleged in media reports.

The operative phrase in the above statement is “available evidence.” When a law firm is paid hundreds of thousands of dollars by a company to undertake such an audit, the former is extremely careful to limit the scope of the investigation to exclude evidence that might force a finding that is unpalatable to the client. AnyVision wanted a clean bill of health, and Holder dutifully provided it.

Palestinian Guinea Pigs to Field-Test Tools of Israeli Repression

NSO and the global reach of its surveillance products are part of the “selling” of the Israeli surveillance state. Pegasus was developed via the expertise of IDF Unit 8200 hackers schooled in tools to spy on Palestinians and invade every aspect of their daily lives. The Israeli state uses Palestinians as guinea pigs to field-test not only conventional weapons of war but cyberweapons used in the digital realm, an increasingly dominant new form of warfare.

The tools of the surveillance state impose control over the captive Palestinian population and suppress its political aspirations. They serve to maintain the illegal occupation, crush resistance, and defer any solution to the Israeli-Palestinian conflict.

NSO and Blue Wolf serve as templates for other states that see Israel as a pioneer in the field of militarizing social control. These countries (NSO has at least fifty different state clients) not only buy and use these spy tools against their own citizens engaged in legitimate civic action but import all the Israeli values that undergird them.

Israel has lost any claim to be a democracy like the Western nations it likes to compare itself with. Democratic principles like freedom of the press, religion, and speech have virtually disappeared. The right to privacy has also been fatally compromised by the needs of the national-security state. Any state that imports Israeli surveillance technology is also importing the warped ideology that inspired it.

Nor are Palestinians the only victims. All Israeli citizens, including Jews, are subject to this massively intrusive regime. The Israeli business newspaper Calcalist recently published a report entitled “They See Everything You Do,” noting:

Israel is becoming a surveillance state: countless cameras and surveillance devices record our every step, our internet traffic, and every online purchase. They store this information in huge databases, most of which are unsecured — and some of which have already been misused. . . . The public space has become the realm of Big Brother.

Though major American cities like Boston and San Francisco have already banned the use of facial-recognition technology, AnyVision, which developed a massive database of Palestinians for Israeli security services, has many US clients. According to Reuters, they include “Los Angeles hospital Cedars-Sinai, oil giant BP, Macy’s, home-improvement chain Menards, Mercedes-Benz, facilities of the Houston Texans and Golden State Warriors sports teams, casino operators MGM Resorts International and Cherokee Nation Entertainment.”

If we want to see where this sort of intrusive technology can take us, we have only to look at the degraded status of Palestinians.

The Biden administration’s blacklisting of NSO Group, which a cyber-rights group called one of the world’s leading “digital-predators,” should only be a start. Spyware must be driven out of business. There is no room for mass surveillance on a captive civilian populace in a democratic society.