steampunk heart

Pakistan’s spy agency buys Israeli cellphone hacking tech

Pakistan’s Federal Investigation Agency and various police units in the country have been using products produced by the Israeli cybertechnology firm Cellebrite since at least 2012.

The flagship product of Cellebrite, whose stock is traded on the Nasdaq exchange, is called UFED. It enables law enforcement agencies to engage in digital forensic work by hacking into password-protected cellphones and copying all the information stored on them – including pictures, documents, text messages, calling histories and contacts.

  • Cellebrite, whose CEO is Yossi Carmil, says that its tools are only sold to police departments and security forces – to fight serious crime including terrorism. Over the years, however, the company’s hacking tools have also found their way to organizations that oppress human rights activists, minorities and the LGBTQ community.

As Haaretz has reported on numerous occasions, Cellebrite’s clients have included oppressive regimes that were or still are subject to sanctions, including Belarus, China (including Hong Kong), Uganda, Venezuela, Indonesia, the Philippines, Russia and Ethiopia, as well as Bangladesh’s notorious Rapid Action Battalion.

The security forces in Pakistan are known to commit serious violations of human rights and freedom of expression. The U.S. State Department’s 2022 report on human rights in Pakistan stated: “Significant human rights issues included credible reports of: unlawful or arbitrary killings, including extrajudicial killings by the government or its agents; forced disappearance by the government or its agents; torture and cases of cruel, inhuman, or degrading treatment or punishment by the government or its agents; harsh and life-threatening prison conditions; arbitrary detention; political prisoners; transnational repression against individuals in another country; arbitrary or unlawful interference with privacy; serious restrictions on free expression and media, including violence against journalists ….”

In 2016, Pakistan passed a cybercrime law, the Pakistan Electronic Crimes Act, or PECA, which severely limits online freedom of expression, particularly criticism of the government. The law permits the exercise of strict online censorship without a court order and also allows the police to collect information from locked devices without a court order. Last year, Pakistan amended its already draconian law to expand the definition of potentially suspicious activity.

“PECA has been used to silence freedom of expression on the pretext of combating ‘fake news,’ cybercrime, and misinformation,” said Nadia Rahman of Amnesty International, in response to the amendment.

According to the Pakistan-based group Freedom Network, in 2021 the law was the basis of the persecution of at least 23 Pakistani journalists for “slandering” the security forces, the justice system and the intelligence agencies. At least one journalist was charged with treason.

Israeli lawyer Eitay Mack has been harshly critical of Cellebrite and the Israeli Defense Ministry, which he says should be providing oversight of the company. “Pakistan is not just another undemocratic country that is violating human rights, but a country that is ruled by the military and its intelligence units, which support international terrorist and crime organizations. Cellebrite’s systems could be used not only to persecute women and religious minorities that have ‘desecrated Islam’ but also to persecute journalists and opposition activists who are working to uncover the military’s ties with terror organizations like the Taliban and Al Qaeda.”

  • As reported by Haaretz and its business daily, TheMarker, Israel had previously been engaged in cyberdiplomacy promoting the export of digital weaponry such as NSO’s Pegagus spyware, to places such as Saudi Arabia, the UAE and Morocco, in return for the establishment of official relations or secret agreements.

But according to Mack: “Because of internal political considerations in Islamabad [the Pakistani capital] and due to Israel’s strategic relationship with India, there is no way that the sale of any type of security equipment to Pakistan will advance Pakistan’s relations with Israel. This appears to be another instance of an Israeli company that is focused on its profits and is benefiting from the Defense Ministry’s negligent oversight.”

Israel and Pakistan have held talks via secret channels over the years. And in 2005, a meeting was even held between Israeli Foreign Minister Silvan Shalom and his Pakistani counterpart, at the initiative of Pakistani President Pervez Musharraf.

Israeli Prime Minister Ariel Sharon shook Musharraf’s hand at the United Nations. Musharraf had considered recognizing Israel following the completion of the 2005 Gaza disengagement, but the plan elicited intense domestic criticism and was shelved.

The boycott on contacts with Israel also extends to Pakistani citizens.

Under Pakistani law, Pakistani passports are explicitly not valid for travel to Israel.

  • Last month, five Pakistanis were sentenced to prison time for having visited Israel, and last year, Pakistani television journalist Ahmed Quraishi was fired for taking part in a delegation that visited Israel. A few months later, another delegation from Pakistan visited Israel, prompting considerable discussion in Pakistan about a possible warming of relations between the two countries.

According to a 2013 British government report, Israel has in the past exported arms to Pakistan, including electronic warfare systems, radars and advanced fighter jet systems. Unlike NSO and other manufacturers of offensive-cyber products, Cellebrite operates in a gray area between security exports and civilian ones. In 2020, the export of forensic equipment such as that produced by Cellebrite came under the Defense Ministry’s oversight, since it was included in the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, which defines which dual-use (security use and civilian use) products require oversight.

International shipment records show that, until at least 2019, Cellebrite Asia-Pacific Pte (its Singapore subsidiary) sold products directly to companies in Pakistan and to its Federal Investigation Agency. This, despite Cellebrite’s End User License Agreement forbidding sales to Pakistan.

In 2012, it was reported in Pakistan that the Sind Province police had acquired UFED Touch Ultimate devices made by Cellebrite, and their use has been expanding since. The Express Tribune newspaper published pictures that clearly show Cellebrite’s product. Operating manuals, documents and official invitations for bids show that police units and the FIA regularly use these systems. FIA officials past and present who were tasked with enforcing the draconian cybercrime law even state in their LinkedIn profiles that they have been trained and certified to use these systems and that they use them on a regular basis.

Court rulings in the country refer to the extraction of forensic evidence from telephones but do not specify which technology was used. Pakistan also uses forensic systems made by other companies, but in a FIA invitation for bids from 2021 for systems made by two other firms – Belkasoft and Compelson – both were required to support files produced using Cellebrite’s technology. Bidding requests issued by the Punjab police include a request for three UFED Ultimate devices. And one from the counterterrorism division of the Peshawar police, from May of this year, includes a request to renew the UFED license for another two years.

A 2021 catalog from Pakistan’s National Radio and Telecommunication Corporation touts a long list of technologies produced in the country. On page 17, however, there is a listing for a UFED Touch 2 by Cellebrite. On the next page, NRTC advertises BlackBag’s Mobilyze digital forensic technology. Cellebrite acquired BlackBag in 2020.

In its response for this article, Cellebrite stated: “The company does not sell to Pakistan, directly or indirectly,” but it refused to explain how that claim squares with Cellebrite-Singapore’s shipment certificates to Pakistan and with official tenders in Pakistan that demonstrate that the country’s investigation agency and police use its technology.

Source: Oded Yaron – HAARETZ