JAKARTA: More than a dozen senior Indonesian government and military officials were targeted last year with spy software designed by an Israeli surveillance firm, according to nine people with knowledge of the matter.
Six of the individuals confirmed they were targeted themselves. The targets included Chief Economic Minister Airlangga Hartarto, senior military personnel, two regional diplomats, and advisers in Indonesia’s defence and foreign affairs ministries, according to the people.
Six of the Indonesian officials and advisers targeted said they received an email message from Apple Inc in November 2021 telling them that the company believed officials were being “targeted by state-sponsored attackers”.
Apple has not disclosed the identities or number of users targeted. The company declined to comment for this story.
Apple and security researchers have said the recipients of the warnings were targeted using ForcedEntry, an advanced piece of software that has been used by Israeli cyber surveillance vendor NSO Group to help foreign spy agencies remotely and invisibly take control of iPhones.
Another Israeli cyber firm, QuaDream, has developed a nearly identical hacking tool.
Spokespeople for the Indonesian government, the Indonesian military, the Indonesian Defence Ministry and the Indonesian Cyber and Crypto Agency did not respond to requests for comments and emailed questions.
The use of ForcedEntry, which exploits a flaw in iPhones through a new hacking technique that requires no user interactions, was made public by cybersecurity watchdog Citizen Lab in September 2021. Google security researchers described it as the “most technically sophisticated” hacking attack they had ever seen, in a company blog post published in December.
Apple patched the vulnerability in last year and started sending notification messages to what it called a “small number of users that it discovered may have been targeted”.
An NSO spokesperson denied the company’s software was involved in the targeting of Indonesian officials, dismissing it as “contractually and technologically impossible,” without specifying why.
Published in Dawn, October 1st, 2022
Dear visitor, the comments section is undergoing an overhaul and will return soon.