Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

What is NSO? The technology firm caught up in Pegasus spyware scandal

Bel Trew
Monday 19 July 2021 18:21 EDT
Comments
A woman walks outside the building housing the Israeli NSO group ‘Pegasus’, in Herzliya, near Tel Aviv
A woman walks outside the building housing the Israeli NSO group ‘Pegasus’, in Herzliya, near Tel Aviv (AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

News that military-grade malware created by an Israeli-based company NSO is allegedly being used to spy on journalists, human rights activists and political dissidents on a massive scale has worried many people across the world.

An investigation led by Paris-based non-profit Forbidden Stories, and Amnesty International, identified more than 1,000 individuals across 50 countries it says were allegedly selected by NSO clients – including authoritarian regimes – for potential surveillance.

Among the leaked data of 50,000 targeted mobile phone numbers, are those belonging to nearly 200 journalists, but also several Arab royal family members, business executives, human rights activists, and more than 600 politicians and government officials – including cabinet ministers, diplomats, and military and security officers.

The spyware allegedly used is Pegasus, which the creators NSO says is supposed to be used against criminals and terrorists.

Speaking to The Independent, a source within the company called it a “false report” and said they were being unfairly targeted.

Maintaining “human rights is more important to us than money”, the person within the company said the recent investigation was “full of wrong assumptions and uncorroborated theories”.

But it’s not the first time the Israeli company has been in in the news.

So, who are they?

NSO is an unusually public Israeli cybersecurity company that is now headquartered in the country’s often shadowy tech and cyber hub of Herzliya, near Tel Aviv.

According to Israeli daily Haaretz, it started out in a chicken coup, in an agricultural settlement in Israel’s centre, but in 2019 was valued at a $1bn in a leveraged buyout that involved the UK private equity fund Novalpina Capital.

It was founded in 2010 by two Israeli entrepreneurs: Omri Lavie, originally a business student, and Shalev Hulio, who studied law but served as a major in the Israeli military search and rescue unit.

Sources within the company told The Independent the idea was born two years prior to that when intelligence agencies reached out to the pair looking for ways to avoid collecting intelligence through mobile phone networks in place of directly sourcing information from the endpoint of a smart phone. They claim they agreed to work on the idea to “save lives” by assisting legitimate governments arrest terrorists, drug dealers, paedophiles, and criminals.

Fast forward several years, and its flagship spyware called Pegasus is one of the most sophisticated hacking tolls in the world. It uses what are known a “zero click” exploit or attacks, that do not require the potential victims to click on any exploitive links to activate it.

Human rights organisations say over the years that spyware has been increasingly used to violate human rights and frequently records calls, copies and sends messages and even films via phone cameras human rights activists and dissidents who are targeted. This is vehemently denied by the company.

The company now employs some 750 people worldwide. Its staffers told The Independent they now have 45 customers for Pegasus, which they say are all legitimate and vetted governments.

What are the controversies?

In short, rights groups such as Amnesty International allege NSO Group’s spyware has been used to facilitate human rights violations around the world on a massive scale.

This was reiterated most recently in the “Pegasus Project” investigation anchored in the leak of 50,000 phone numbers that they say are potential surveillance targets. These include heads of state, activists, and journalists, as well as the family of slain Saudi activist Jamal Khashoggi.

NSO first hit the headlines late 2015 amid reports human rights workers, journalists, lawyers’ politicians, and researchers were allegedly under surveillance by the Mexican authorities using Pegasus spyware.

It was enough to provoke Tamar Zandberg, an Israeli member of parliament, and human rights lawyer Eitay Mack to go to court in 2016 with a request to suspend NSO’s export permits.

The pair were ultimately unsuccessful.

Controversy brewed again in the Summer 2018 when an employee at Amnesty International was also allegedly attacked by Pegasus.

Amnesty says it started getting more and more reports about other human rights violations due to Pegasus and eventually in 2019 also tried to petition the Israeli courts to force the Israeli ministry of defence to revoke NSO’s security exports licence.

The trial was lengthy and ultimately in 2020 Amnesty were as the court claimed they had not supplied sufficient evidence.

Around the same time, NSO once again hit headlines in 2019 when the Financial Times published a report that NSO software had been used to hack WhatsApp, which is used by 1.5 billion people worldwide.

Amnesty International’s Security Lab said it had performed in-depth forensic analysis of numerous mobile devices from human rights defenders and journalists around the world. They say their research has uncovered widespread, persistent, and ongoing unlawful surveillance and human rights abuses perpetrated using NSO Group’s Pegasus spyware.

What does NSO say?

NSO has repeatedly and vehemently denied the rampant use of its spyware in violations of human rights and dismissed the most recent report as “flimsy from the beginning” and “false”.

The company claims that Pegasus has never been licenced to as many numbers as 50,000 and NSO servers do not have such kind of data available to be hacked.

They also vehemently deny their technology was associated in any way to the murder of Jamal Khashoggi.

Speaking to The Independent, sources within the company admitted they cannot be sure exactly who is targeted by their software once it is handed over the client, as they do not remotely operate it.

But they insist the governments that purchase the spyware must sign rigorous contracts in which they agree they cannot transfer the system to any third party, they have to work within the law and cannot violate human rights.

“This is a government-to-government agreement that any customers of NSO needs to sign. And so, they are violating the agreement with state of Israel,” the source said.

They claim they have turned down requests for Pegasus from 90 countries and after seeing evidence of misuse have shut down five systems belonging to clients.

There are reports among those clients who no longer have access to NSO software is Mexico after the 2016 debacle.

NSO sources would not discuss WhatsApp as there are on ongoing court cases.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in