NEW YORK — Five foreign aid workers employed by the Popular Front for the Liberation of Palestine, or PFLP, in the West Bank city of Hebron had their mobile phones remotely hacked by a variety of spyware including Pegasus and Kina, two human rights groups reported Saturday.
A report from Defense One and The Intercept, citing leaked and unverified technical evidence from the security firm Kryptos Logic, said five PFLP aid workers employed by the United Nations Relief and Works Agency, or UNRWA, in Hebron had their mobile phones hijacked by the spyware, despite using the bank account restrictions off of which many of the spyware programs operate.
UNRWA announced last week that it was temporarily grounding all its computer network networks due to unspecified cyber attacks. The agency reported that it determined an “active cybersecurity attack” occurred in the West Bank last week, and said the attack was likely the work of “an adversary operating outside of the United Nations system and with illicit goals.”
The news drew immediate accusations from the Trump administration and Israeli officials, with Secretary of State Mike Pompeo saying the attacks had shown the need for the president’s support of legislation to increase U.S. funding to UNRWA.
The American Israel Public Affairs Committee, the pro-Israel lobby, accused the State Department of “turning a blind eye” to information threatening Israel’s security and “decimating” the Jewish state.
Israeli Prime Minister Benjamin Netanyahu denounced the attacks as part of a global effort against Israel.
“There is a global trend of attacks against Israel orchestrated by terror organizations to obtain sensitive information for their own advantage,” Netanyahu said. “And this trend reached a new and terrible height this past week with an operation against the United Nations and its workers.”
Ofir Gendelman, a spokesman for the prime minister, accused the state department of going soft on the terror groups, and said the moves by UNRWA and organizations like PFLP were justified by the fact that Israel uses the same tactics to hunt down Palestinian terrorists.
Many of the same technologies used to spy on Palestinian aid workers can also be used on Western targets.
The Intercept said they are expecting other UNRWA aid workers in Gaza and the West Bank to be hacked next. The group said the PFLP’s deployment of the spyware demonstrates that the agency does not know how to protect its workers.
Kryptos Logic, the firm that hacked the PFLP workers’ phones, described the PFLP’s use of spyware as consistent with attempts it has seen other groups make against the UN agency for Palestinian refugees. However, the firm said its assessment was not specific enough to conclude for certain that all of the world’s UNRWA workers use the same spyware.
A spokesman for UNRWA told Fox News that the group “learned this shocking information and took immediate action to review this data. UNRWA has provided all relevant technical and legal information to all the relevant agencies and departments in the United Nations Secretariat.”
While the agency said it detected the “attack” from Tuesday to Thursday, the report’s sources said it was not until late Friday night that its leader had yet to learn of it.
The report said the spyware threatened the privacy of the workers. The apps used by PFLP apparently allowed the spyware to read text messages, read calls and emails, and even change the phone number of a victim’s contact list.
The report said UNRWA workers would typically receive the screensaver that gave access to the spyware by showing an image of an Arab man, a muezzin in a mosque, and a human rights activist to demonstrate that they were not real.
The agency’s application of the spyware represents an “unprecedented transfer of state-of-the-art hacking techniques from U.S. intelligence agencies to the UN,” Defense One and The Intercept said.
Israeli officials said the last thing needed by UNRWA and other foreign agencies with which Israel cooperates to bring those responsible to justice is to leak the information.
“This process helps the adversary recognize the intelligence community’s capabilities, such as CIA access to code names for new drones, and provides a roadmap on how to use the best of these tools,” one Israeli official said.
The Associated Press contributed to this report.