Exclusive-Senior Indonesian officials targeted by spyware last year – sources
Reuters
Published Sep 30, 2022 10:07
Updated Oct 01, 2022 07:51
By Fanny Potkin, Tom Allard, Kate Lamb and Christopher Bing
(Reuters) -More than a dozen senior Indonesian government and military officials were targeted last year with spy software designed by an Israeli surveillance firm, according to nine people with knowledge of the matter.
Six of the individuals told Reuters they were targeted themselves.
The targets included Chief Economic Minister Airlangga Hartarto, senior military personnel, two regional diplomats, and advisers in Indonesia's defence and foreign affairs ministries, according to the people.
Six of the Indonesian officials and advisers targeted told Reuters they received an email message from Apple Inc (NASDAQ:AAPL) in November 2021 telling them that Apple believed officials were being "targeted by state-sponsored attackers."
Apple has not disclosed the identities or number of users targeted. The company declined to comment for this story.
Apple and security researchers have said the recipients of the warnings were targeted using ForcedEntry, an advanced piece of software that has been used by Israeli cyber surveillance vendor NSO Group to help foreign spy agencies remotely and invisibly take control of iPhones. Another Israeli cyber firm, QuaDream, has developed a nearly identical hacking tool, Reuters has reported.
Reuters was unable to determine who made or used the spyware to target the Indonesian officials, whether the attempts were successful, and, if so, what the hackers might have obtained.
The attempt to target Indonesian officials, which has not previously been reported, is one of the biggest cases yet seen of the software being used against government, military and defence ministry personnel, according to cybersecurity experts.
Spokespeople for the Indonesian government, the Indonesian military, the Indonesian Defence Ministry and the Indonesian Cyber and Crypto Agency (BSSN) did not respond to requests for comments and emailed questions.
A spokesman for the Foreign Affairs Ministry said they were unaware of the case and referred Reuters to BSSN.
Alia Karenina, a spokesperson for Airlangga's ministry, said the minister, a top ally of Indonesia's President Joko Widodo, did not receive any notification from Apple about the attempted hack on his official email account.
She said the minister has not installed his official email on his personal phone and uses multiple mobile devices. Alia did not respond to questions on whether other emails used by Airlangga received a warning from Apple.
The use of ForcedEntry, which exploits a flaw in iPhones through a new hacking technique that requires no user interactions, was made public by cybersecurity watchdog Citizen Lab in September 2021. Google (NASDAQ:GOOGL) security researchers described it as the "most technically sophisticated" hacking attack they had ever seen, in a company blog post published in December.
Get The App
Apple patched the vulnerability in September last year and in November started sending notification messages to what it called a "small number of users that it discovered may have been targeted."
In response to Reuters questions, an NSO spokesperson denied the company’s software was involved in the targeting of Indonesian officials, dismissing it as "contractually and technologically impossible," without specifying why. The company, which does not disclose the identity of its customers, says it sells its products only to "vetted and legitimate" government entities.
QuaDream did not respond to requests for comment.
In addition to the six officials and advisers who told Reuters they were targeted, a director at a state-owned Indonesian firm that provides weapons to the Indonesian army got the same message from Apple, according to two people with knowledge of the matter. The people asked not to be identified due to the sensitivity of the matter. The company director did not respond to requests for comment.
Within weeks of Apple's notification in November last year, the U.S. government added NSO to the Department of Commerce's 'entity list,' which makes it harder for U.S. companies to do business with it, after determining that the firm's phone-hacking technology had been used by foreign governments to "maliciously target" political dissidents around the world.
Written By: Reuters
Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.