The report contains shocking information about the widespread use of spyware and other hacking tools that allow officials to penetrate a target’s device and extract a wide range of sensitive data. Israeli authorities use these cyber tools for investigations and surveillance. Worryingly, the report comes at a time that Israeli Prime Minister Binyamin Netanyahu has proposed legal reforms which could significantly reduce the powers of the country’s Supreme Court.
Multiple Government Agencies use These Tools
The report said agencies such as the military police (IDF), securities authority, tax authority, and even the privacy protection authority use these tools. The ISOC-IL insists that these tools, developed by Cellebrite and the NSO Group, give law enforcement agencies overarching powers. The country’s criminal laws treat a smartphone like a computer from twenty years ago. It does not take into account the rampant change in technology and the fact that smart devices and cloud services hold far more information about a person than ever before. The report calls for lawmakers to make urgent changes to the country’s legal framework for criminal investigation—specifically, the parts of the law that deal with how authorities gather evidence from smart devices. The report contains three different categories of cyber tools.
Physical hacking tools
The first involves tools that allow law enforcement to hack into devices in their possession. To do so, they need a warrant (which is easy to obtain) or the consent of the device owner. Authorities generally use Cellebrite’s tools or software, such as UFED or Premium, which lets them connect to the target device to break through its security protections. Cellebrite’s tools can hack into both iOS and Android devices. Once breached, they can copy data stored on the device, including data from applications, passwords, notes, pictures, videos, metadata, etc. “The software makes it possible to recover passwords, penetrate all Apple files and even access highly protected areas such as “secure folder” or “iOS keychain” where the user’s password database is saved for various services, such as social networks, medical, financial services and more,” the report states. Usually, authorities copy all the information from the target device onto a different system, where they can browse through the dataset.
Spyware
The second category involves tools that allow law enforcement to breach a device without having it in their physical possession. For this, they rely on spyware such as Pegasus and Saifan. These tools also give authorities extremely invasive capabilities. ISOC-IL points out that Israeli courts usually authorize the use of spyware tools in a similar vein to wiretapping. However, these tools go far beyond real-time surveillance capabilities and can extract enough data to create an entire digital profile of their target. “In addition, this type of spyglass allows you to read, send or receive messages that should be end-to-end encrypted, download photos saved on the phone and listen to voice/video calls, and record them,” ISOC-IL adds.
Tools to cross-reference extracted data
Israeli law enforcement also relies on tools to cross-reference and organize the multiple datasets they obtain from a device. The extracted data is usually quite large, and such cross-referencing tools allow agents to conduct easy searches and analyses. “This means that the police can take data originating from different applications and view them centrally as a chronological series of events, or pull all the footage from the phone for viewing in one place and performing advanced processing operations such as facial recognition, regardless of how they are organized on the device,” the report states.
Increasing Accountability and Transparency
The report makes certain recommendations to address this problem, which mainly focus on increasing accountability and transparency around cyber forensic tools. ISOC-IL suggests that authorities document the activity when these tools are used. Furthermore, there should be obligations and guidelines on handling any information extracted from devices. The report also suggests that lawmakers regulate how authorities interact with companies that provide these cyber tools. If you found this article interesting and are thinking about your digital security, read up on the top cybersecurity tools you need in 2023.
