‘Despicable’ iPhone Hacks In Armenia Find NSO Spyware ‘In Active Warzone’

Forbes
May 25 2023

EDITORS' PICK


Thomas Brewster

Senior writer at Forbes covering cybercrime, privacy and surveillance.

In mid-2021, Apple sent a warning to Anna Naghdalyan, then a spokesperson for Armenia’s foreign affairs agency, that her iPhone had possibly been hacked by a foreign government. Given her role, which saw her heavily involved in diplomacy around a decades-long, bloody conflict between Armenia and Azerbaijan, the alert was particularly concerning. “I felt vulnerable and insecure about the integrity of my personal and professional information,” she told Forbes.

Now a program officer at the International Republican Institute, a pro-democracy non-government organization, Naghdalyan has since discovered just how much of a target she had become. Her phone had been hacked at least 27 times between October 2020 and July 2021, with infections happening almost every single month, according to a forensic analysis of her phone, details of which are being revealed on Thursday.

Naghdalyan has also learned she was not alone. She was one of at least 13 individuals in Armenia who had their phone infiltrated by the dangerous iPhone spyware called Pegasus, which was created by Israeli-based surveillance software company NSO Group. This was discovered by forensic researchers and human rights activists who investigated the infections. Access Now, CyberHUB-AM, Citizen Lab and Amnesty International, who collaborated on the technical investigation into the breaches, say the attacks are the first examples yet of NSO’s controversial software being deployed in an active warzone.

“Helping attack those already experiencing violence is a despicable act, even for a company like NSO,” said Natalia Krapiva, counsel at Access Now. “Inserting harmful spyware technology into the conflict shows a complete disregard for safety and welfare… People must come before profit. It’s time to disarm spyware globally.”

“Every country that has had negotiators and diplomatic staff involved in talks and negotiations on this issue would be wise to check themselves”

John Scott-Railton, researcher with Citizen Lab

For years, Armenia and Azerbaijan have traded fire over the disputed Nagorno-Karabakh region. While it’s internationally recognized as being a part of Azerbaijan, many of its residents are Armenian nationals. There have been accusations of war crimes on both sides, including alleged mass executions of Armenian prisoners of war and mutilations of dead soldiers by Azerbaijanis. A new round of diplomacy kicked off in Washington D.C. last month, according to Reuters, amidst heightened tension in the region.

Amongst the other victims of the iPhone hacking spree was Kristinne Grigoryan, who was serving as Armenia’s Human Rights Ombudsperson when her device was hit with Pegasus in October last year, according to Access Now. Also infected were the iPhones of four journalists, a university professor, an unnamed United Nations Official and various members of civil society, all based in Armenia, Access Now found. Amnesty International claimed as many as 1,000 phone numbers had been put on a list for potential targeting by Pegasus, though evidence so far has pointed to just over a dozen successful hacks.

An NSO spokesperson said that it could neither confirm nor deny the identity of its customers, adding that it could not specific allegations because it had not been provided with the forensic report. “NSO has the industry’s leading compliance and human rights policy and as always will investigate all credible allegations of misuse. Past NSO investigations have resulted in the termination of multiple contracts regarding the improper use of our technologies,” they added.

It isn’t clear, however, who ordered the hacks in Armenia. Access Now said it could not “conclusively link” them to a specific government agency. “The targeting occurred during the Azerbaijan-Armenia conflict, and the Armenia spyware victims’ work and the timing of the targeting strongly suggest that the conflict was the reason for the targeting,” read an Access Now report provided to Forbes ahead of publication.

Samvel Farmanyan, the cofounder of ArmNews, an Armenian news network and a former parliamentarian sitting in opposition to the national government, learned he was hacked in mid-2022 but remains clueless as to who targeted him. “Anyone who knows that his telephone is hacked… you lose your right of privacy and everything. But this concern is doubled in circumstances when you don't understand who is standing behind it and what the purpose is,” he told Forbes.

Whoever initiated the snooping operation has, nevertheless, pushed Pegasus into new and dangerous territory, according to human rights defenders. The software’s code exploits vulnerabilities in iOS’ Find My iPhone and Homekit features, weaknesses previously reported by Forbes, to get onto the various Apple devices. The same kinds of attacks were used on Mexican civil society throughout 2022, according to Citizen Lab, a spyware tracking organization working out of the University of Toronto.

The tool has previously caused international outcry after the spyware was used on journalists, politicians, lawyers and NGO workers across multiple countries, including Mexico, the U.A.E. and Saudi Arabia. Pegasus’ ability to remotely control and monitor iPhones and Androids, alongside evidence pointing to its use by repressive regimes on at-risk communities, has made NSO something of a bête noire in civil society. The Biden White House has its concerns too. In 2021 the U.S. Commerce Department put it on its Entity List of companies barred from doing business with American organizations without a license.

John Scott-Railton, a researcher at Citizen Lab, says it was “inevitable” Pegasus would turn up in an international armed conflict. “Every country that has had negotiators and diplomatic staff involved in talks and negotiations on this issue would be wise to check themselves,” he adds.

Follow me on Twitter. Check out my website. Send me a secure tip

I'm a senior writer for Forbes, covering security, surveillance and privacy. I'm also the editor of The Wiretap newsletter, which has exclusive stories on real-world surveillance and all the biggest cybersecurity stories of the week. It goes out every Monday and you can sign up here: https://www.forbes.com/newsletter/thewiretap

I’ve been breaking news and writing features on these topics for major publications since 2010. As a freelancer, I worked for The Guardian, Vice, Wired and the BBC, amongst many others. 

Tip me on Signal / WhatsApp / whatever you like to use at +447782376697. If you use Threema, you can reach me at my ID: S2XY9B9U.

If you want to tip me with something sensitive? Get in contact on Signal or Threema, and we can use OnionShare. It's a great way to share documents privately. See here: https://onionshare.org/


 

Emil Lazarian

“I should like to see any power of the world destroy this race, this small tribe of unimportant people, whose wars have all been fought and lost, whose structures have crumbled, literature is unread, music is unheard, and prayers are no more answered. Go ahead, destroy Armenia . See if you can do it. Send them into the desert without bread or water. Burn their homes and churches. Then see if they will not laugh, sing and pray again. For when two of them meet anywhere in the world, see if they will not create a New Armenia.” - WS