Finnish diplomats’ mobile devices hacked with spyware
The Finnish government claims that the mobile devices of Finnish diplomats working abroad have been hacked with sophisticated spyware
STOCKHOLM — The mobile devices of Finnish diplomats working abroad have been hacked using sophisticated spyware, the Finnish government announced on Friday, and the head of the Nordic country’s spy service said an “actor state” was probably to blame.
The Finnish Foreign Ministry said the victims were targeted via Pegasus software developed by Israeli spyware firm NSO Group. The software can seamlessly infiltrate a mobile phone and allow its operators to access the device’s content and location history.
“The highly sophisticated malware infected users’ Apple or Android phones without their knowledge and without any user action,” the Foreign Office said in a statement that was also tweeted. “Through the spyware, the perpetrators may have been able to harvest data about the device and exploit its functionality.”
Jarmo Sareva, Finland’s cybersecurity ambassador, wouldn’t disclose the data collected, but said that according to government protocols, information transmitted over the phone must be public or classified at the lowest level.
“As you know, Pegasus spyware takes the phone under its control,” Sareva said. “Even the microphone and camera of these devices were spied on.”
He would not say how many diplomats were targeted or in which countries they were stationed.
When asked who was suspected of being behind the cyber espionage, he replied: “We have our suspicions of course”, but declined to give further details.
The Foreign Office said it had been investigating the case since the fall, adding that “espionage is no longer active”.
Antti Pelttari, director of Finland’s Security and Intelligence Service, later said that “some state actor” was likely behind the hack.
“This (case) in turn indicates how vulnerable a mobile phone is,” Pelttari said in an interview with Finnish broadcaster MTV3 on Friday. “Confidential information should not be handled on a mobile phone. It is a vulnerable tool.
NSO says it only sells Pegasus to governments for the purpose of fighting crime and terrorism. All sales require approval from the Israeli Ministry of Defense. Although it says it has safeguards in place to prevent abuse, NSO says it has no control over how a customer uses the product and no access to the data it collects. He says he terminated several contracts due to improper use of Pegasus.
Confirmed targets include Mexican and Saudi journalists, British lawyers and Palestinian human rights activists. The phones of 11 US State Department employees, including some Foreign Service officers, working in Uganda were hacked with NSO spyware, the Associated Press and other media reported last year.
AP also revealed in exclusive reports based on findings from Citizen Lab, an internet watchdog at the University of Toronto, that critics of Poland’s right-wing government were hacked using Pegasus. The hack sparked a scandal that some Poles compare to Watergate.
Jari Tanner in Helsinki, Finland contributed to this report.