NSO Group
   HOME

TheInfoList



OR:

NSO Group Technologies (NSO standing for Niv, Shalev and Omri, the names of the company's founders) is an Israeli cyber-intelligence firm primarily known for its proprietary
spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...
Pegasus Pegasus ( grc-gre, Πήγασος, Pḗgasos; la, Pegasus, Pegasos) is one of the best known creatures in Greek mythology. He is a winged divine stallion usually depicted as pure white in color. He was sired by Poseidon, in his role as hor ...
, which is capable of remote zero-click surveillance of smartphones. It employed almost 500 people as of 2017. NSO claims that it provides authorized governments with technology that helps them combat terror and crime. The company says that it deals with government clients only. ''Pegasus'' spyware is classified as a weapon by Israel and any export of the technology must be approved by the government. According to several reports, NSO Group spyware has been used to target
human rights activists A human rights defender or human rights activist is a person who, individually or with others, acts to promote or protect human rights. They can be journalists, environmentalists, whistleblowers, trade unionists, lawyers, teachers, housing campai ...
and
journalists A journalist is an individual that collects/gathers information in form of text, audio, or pictures, processes them into a news-worthy form, and disseminates it to the public. The act or process mainly done by the journalist is called journalism ...
in various countries, was used for state espionage against
Pakistan Pakistan ( ur, ), officially the Islamic Republic of Pakistan ( ur, , label=none), is a country in South Asia. It is the world's List of countries and dependencies by population, fifth-most populous country, with a population of almost 24 ...
, for warrantless domestic surveillance of Israeli citizens by Israeli police, and played a role in the
murder Murder is the unlawful killing of another human without justification (jurisprudence), justification or valid excuse (legal), excuse, especially the unlawful killing of another human with malice aforethought. ("The killing of another person wit ...
of Saudi dissident
Jamal Khashoggi Jamal Ahmad Khashoggi (; ar, جمال أحمد خاشقجي, Jamāl ʾAḥmad Ḵāšuqjī, ; 13 October 1958 – 2 October 2018) was a Saudi journalist, dissident, author, columnist for ''Middle East Eye'' and ''The Washington Post'', and a ge ...
by agents of the Saudi government. In 2019, instant messaging company
WhatsApp WhatsApp (also called WhatsApp Messenger) is an internationally available freeware, cross-platform, centralized instant messaging (IM) and voice-over-IP (VoIP) service owned by American company Meta Platforms (formerly Facebook). It allows us ...
and its parent company
Meta Platforms Meta Platforms, Inc., (file no. 3835815) trade name, doing business as Meta and formerly named Facebook, Inc., and TheFacebook, Inc., is an American multinational technology conglomerate based in Menlo Park, California. The company owns Facebo ...
(then known as Facebook) sued NSO under the United States
Computer Fraud and Abuse Act The Computer Fraud and Abuse Act of 1986 (CFAA) is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (), which had been included in the Comprehensive Crime Control Act of 1984. The law pr ...
. In 2021, Apple filed a lawsuit against NSO in the U.S., and the US included NSO Group in its
Entity List The Entity List is a trade restriction list published by the United States Department of Commerce's Bureau of Industry and Security (BIS), consisting of certain foreign persons, entities, or governments. Entities on the Entity List are subject to U ...
for acting against U.S. national security and foreign policy interests, effectively banning U.S. companies from supplying NSO.


Corporate profile


Overview

NSO Group is a subsidiary of the Q Cyber Technologies group of companies. Q Cyber Technologies is the name the NSO Group uses in Israel, but the company goes by OSY Technologies in Luxembourg, and in North America, a subsidiary formerly known as Westbridge. It has operated through various other companies around the world.


Founding

NSO Group was founded in 2010 by Niv Karmi, Omri Lavie, and Shalev Hulio. Hulio and Lavie were school friends who went into the technology start-up sector during the mid-2000s. The pair founded a company - CommuniTake - which offered a tool that let cellphone tech support workers access the customers' devices (but necessitating that the customer grant permission to enable access). After a European intelligence agency expressed interest in the product, the pair realised they could instead develop a tool that could gain access to phones without user authorisation, and market it to security and intelligence agencies. Karmi, who served in military intelligence and the Mossad, was brought on board to help market the tool with the help of his contacts. The first iteration of NSO's Pegasus spyware was finalised in 2011.


Operations

NSO Group has come to employ over 700 personnel globally. Almost all of NSO's research team is made up of former Israeli military intelligence personnel, most of them having served in Israel's Military Intelligence Directorate, and many of these in its
Unit 8200 Unit 8200 ( he, יחידה 8200, ''Yehida shmone -Matayim''- "Unit eight - two hundred") is an Israeli Intelligence Corps unit of the Israel Defense Forces responsible for collecting signal intelligence (SIGINT) and code decryption. Military pu ...
. The company's most valuable staff are graduates of the military intelligence's highly selective advanced cyberweapons training programs. NSO seeks to uncover a surfeit of zero-day exploits in target devices to ensure smooth continuous access even as some of the security vulnerabilities exploited by NSO are inevitably discovered and patched, with labs in the company's Herzliya headquarters featuring racks stacked with phones being tested against new exploits.


Relationship with the Israeli state

''Pegasus'' spyware is classified as a military export by Israel and its sale is controlled by the government. According to ''
The New York Times ''The New York Times'' (''the Times'', ''NYT'', or the Gray Lady) is a daily newspaper based in New York City with a worldwide readership reported in 2020 to comprise a declining 840,000 paid print subscribers, and a growing 6 million paid ...
'', "Israel’s government has long seen Pegasus as a critical tool for its foreign policy." and that it " ..has treated NSO as a ''de facto'' arm of the state, granting licenses for Pegasus to numerous countries ..with which the Israeli government hoped to nurture stronger security and diplomatic ties." Israel has used the sale of NSO products as a diplomatic bargaining chip to advance its foreign policy interests as well as limiting its sale to or its use against certain states to maintain good relations with certain states. Israel has faced criticism for approving the sale of NSO technologies to countries with poor human rights records. U.S. intelligence officials have also said the Israeli state presumably has backdoor access to data obtained by Pegasus. NSO denies being "a tool of Israeli diplomacy", and denies the presence of a backdoor in its spyware tools. Israel, wary of angering the U.S. in the wake of the
Snowden revelations Snowden may refer to: * Snowden (surname), a given name and a family name People * Edward Snowden, former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013 Music * Snowde ...
, required NSO to prevent Pegasus from targeting American phone numbers. Israel has used Pegasus to advance its interests in the region, with Pegasus playing a role in negotiating the
Abraham Accords The Abraham Accords are a series of joint normalization statements initially between Israel, the United Arab Emirates, and Bahrain, effective since September 15, 2020. Mediated by the United States, the initial announcement of August 13, 2020, ...
. A ''New York Times'' investigation highlighted several instances in which the sale of Pegasus to a particular government coincided with that government's increased support of Israel. The Israeli government also blocked the sale of Pegasus to Estonia and Ukraine for fear that Israel's relations with Russia would be damaged if the spyware was used against Russia. After a senior Russian official approached the Israeli security agencies and informed them that Russia had learned of Estonia's attempts to obtain Pegasus, the Israeli Ministry of Defense decided to disallow Estonia from using Pegasus against any Russian phone numbers following a heated debate on the issue among Israeli officials.


Corporate history

The company's start-up funding came from a group of investors headed by Eddy Shalev, a partner in
venture capital Venture capital (often abbreviated as VC) is a form of private equity financing that is provided by venture capital firms or funds to startups, early-stage, and emerging companies that have been deemed to have high growth potential or which ha ...
fund
Genesis Partners Genesis Partners is an Israeli venture capital firm, founded in 1996 by Eddy Shalev and Eyal Kishon. Overview Genesis Partners investment strategy is focused on early-stage Israeli innovation-driven technology companies. The company invests in c ...
which invested a total of $1.8 million for a 30% stake. In 2013, NSO's annual revenues were around US$40 million. In 2014, the U.S.-based
private equity firm A private equity firm is an investment management company that provides financial backing and makes investments in the private equity of startup or operating companies through a variety of loosely affiliated investment strategies including leve ...
Francisco Partners Francisco Partners is an American private equity firm focused exclusively on investments in technology and technology-enabled services businesses. Founded in August 1999 and based in San Francisco with offices in London and New York City, Francis ...
bought the company for $130 million. In 2014, the surveillance firm Circles (which produces is a phone geolocation tool) was acquired by Francisco Parterns for $130 million, and thus became a corporate affiliate of NSO's. In 2015 Francisco was seeking to sell the company for up to $1 billion. Annual revenues were around $150 million in 2015. In June 2017, the company was put up for sale for more than $1 billion by
Francisco Partners Francisco Partners is an American private equity firm focused exclusively on investments in technology and technology-enabled services businesses. Founded in August 1999 and based in San Francisco with offices in London and New York City, Francis ...
(roughly ten times what Francisco originally paid to acquire it in 2014). At the time it was put up for sale, NSO had almost 500 employees (up from around 50 in 2014). On February 14, 2019, Francisco Partners sold a majority (60%) stake of NSO back to co-founders Shalev Hulio and Omri Lavie, who were supported in the purchase by European private equity fund Novalpina Capital. Hulio and Lavie invested $100 million, with Novalpina acquiring the remaining portion of the majority stake, thus valuing the company at approximately $1 billion. The day after the acquisition, Novalpina attempted to address the concerns raised by Citizen Lab with a letter, stating their belief that NSO operates with sufficient integrity and caution. In July 2021, investors in Novalpina Capital stripped Novalpina Capital of control over its assets (including NSO) after an unresolved personal dispute amongst the co-founders of Novalpina Capital. Berkeley Research Group (BRG), a California-based consultancy firm, was subsequently handed control over the assets (including NSO). By the time of BRG's takeover, NSO Group was in perilous financial straits, having gone months without a new sale and in risk of missing its debt payments and its November 2021 payroll payments. NSO CEO Shalev Hulio suggested to BRG that the company should improve its financial standing by starting to sell its products to high-risk customers previously deemed unacceptable, responding to objections by joking that missing debt payments was risky too. BRG was categorically opposed to the suggestion despite acknowledging that selling to high-risk customers was the only realistic way of maintaining NSO's business operations. Hulio proposed increasing sales to Israel's western allies (including U.S. law enforcement, the most lucrative prospective market), but the November 2021 U.S. blacklisting of NSO subsequently ended the company's prospects of breaking into the U.S. market (Hulio then devised a plan to split up the company in order to circumvent the U.S. sanctions). According to the ''
Financial Times The ''Financial Times'' (''FT'') is a British daily newspaper printed in broadsheet and published digitally that focuses on business and economic current affairs. Based in London, England, the paper is owned by a Japanese holding company, Nik ...
'', NSO also seemed to have been abandoned by the previously doting Israeli government due to a proliferation of Israeli companies offering comparable technologies (including some established by former NSO employees). In a court filing, BRG described NSO as "valueless" to its private equity backers; in December 2021, a group of NSO creditors described NSO as insolvent in a letter to NSO's majority shareholders. Two of the ousted co-founders attempted to reclaim control over Novalpina Capital's assets by filing a lawsuit in Luxemburg, with a U.K. court allowing the case to proceed to trial in April 2022. In an April 2022 letter, BRG told an EU committee investigating abuse of NSO's products that NSO's management has not been forthcoming in providing information about its business operations, including on the issue of the company's blacklisting in the U.S. In the months after the November 2021 blacklisting of NSO by the U.S. Department of Commerce that resulted in an U.S. export ban for the company, and amid a campaign by the Israeli government to find a way to prevent the floundering NSO from going under, the U.S. Commerce Department sent a list of questions to NSO about how its spyware products operate. In 2022,
L3Harris Technologies L3Harris Technologies (L3Harris) is an American technology company, defense contractor, and information technology services provider that produces C6ISR systems and products, wireless equipment, tactical radios, avionics and electronic systems, ...
, a U.S. military contractor with experience in the spyware technology sector, was conducting talks on the possibility of acquiring NSO. L3Harris sought to acquire NSO's technology and code with the acquisition of the company's employees discussed as well. L3Harris executives travelled to Israel to conduct the talks which were not disclosed to the public. L3Harris reportedly told their NSO counterparts that they had the blessing and backing of the U.S. government and U.S. intelligence in pursuing the acquisition as long as the Pegasus source code and the cache of zero-day vulnerabilities uncovered by NSO could be passed on to the other intelligence agencies of the
Five Eyes The Five Eyes (FVEY) is an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. These countries are parties to the multilateral UKUSA Agreement, a treaty for joint cooperation in sign ...
. The Israeli authorities were reportedly willing to fulfill the latter and reluctant to comply with the former, and also insisted that Israel ultimately retain control over issuing export licences for NSO's products. The Israeli authorities were also opposed to allowing L3Harris' employees from joining NSO's development team in NSO's Israeli headquarters. The talks were revealed to the public by the press in June 2022, resulting in a scramble by the parties involved, with White House officials publicly condemning the negotiation in harsh terms, and L3Harris (which is heavily reliant on government contracts) reportedly notifying the U.S. government that they had abandoned the acquisition attempt. There were reportedly attempts to revive the negotiations in the weeks after the preceding negotiations were revealed by the press. An acquisition by a U.S.-based corporation could have lifted the blacklisting of NSO by the U.S. which had barred NSO from receiving exports from U.S. companies, hindering NSO's operations. Experts consulted by ''
The Guardian ''The Guardian'' is a British daily newspaper. It was founded in 1821 as ''The Manchester Guardian'', and changed its name in 1959. Along with its sister papers ''The Observer'' and ''The Guardian Weekly'', ''The Guardian'' is part of the Gu ...
'' said that due to the blacklisting of NSO Group, a new corporate entity would likely have had to be created before the U.S. government would allow the acquisition. A senior White House official commented anonymously for the article that made the secret acquisition negotiations public, stating that the White House had not been in any way involved in the deal, further stating that the U.S. government "opposes efforts by foreign companies to circumvent US export control measures or sanctions ... In August 2022, Hulio stepped down from his post as CEO, with the company's COO Yaron Shohat temporarily assuming the role until a full-time replacement was to be named. Hulio's resignation from his post as CEO came amid a restructuring of the company as it attempted to focus on pursuing clients among NATO member countries. The reorganisation also entailed a downsizing NSO's workforce, with 100 employees (out of a total of 750 employees) being let go.


Foreign offices and export controls

In late 2020,
Vice Media Vice Media Group LLC is an American-Canadian digital media and broadcasting company. , the Vice Media Group included five main business areas: VICE.com (digital content); VICE STUDIOS (film and TV production) VICE TV (also known as VICELAND); V ...
published an article in which it reported that NSO Group had closed the
Cyprus Cyprus ; tr, Kıbrıs (), officially the Republic of Cyprus,, , lit: Republic of Cyprus is an island country located south of the Anatolian Peninsula in the eastern Mediterranean Sea. Its continental position is disputed; while it is geo ...
-based offices of Circles, the company it had acquired in 2014. The article, based on interviews with two former employees, described the integration between the two companies as "awful" and stated that NSO would rely on Circles'
Bulgaria Bulgaria (; bg, България, Bǎlgariya), officially the Republic of Bulgaria,, ) is a country in Southeast Europe. It is situated on the eastern flank of the Balkans, and is bordered by Romania to the north, Serbia and North Macedon ...
n office instead. According to Vice, this came just over a year after an activist group known as
Access Now Access Now is a non-profit organization founded in 2009 with a mission to defend and extend the digital civil rights of people around the world. Access Now supports programs including an annual conference on Human Rights (RightsCon), an index ...
wrote to authorities in both Cyprus and Bulgaria, asking them to further scrutinise NSO exports. Access now had stated that they had received denials from both the Bulgarian and Cypriot authorities, with both countries stating that they had not provided export licenses to the NSO group. Despite this, an article written by ''
The Guardian ''The Guardian'' is a British daily newspaper. It was founded in 1821 as ''The Manchester Guardian'', and changed its name in 1959. Along with its sister papers ''The Observer'' and ''The Guardian Weekly'', ''The Guardian'' is part of the Gu ...
'' during the 2021 Pegasus scandal quoted NSO Group as saying that it had been "regulated by the export control regimes of Israel, Cyprus and Bulgaria". NSO's own "Transparency and Responsibility Report 2021", published about a month before the scandal, makes the same statement, adding that those were the three countries through which NSO exported its products. Circles' Bulgarian office, in particular, was stated to have been founded as a "bogus phone company" in 2015 by
Citizen Lab The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness ...
citing ''IntelligenceOnline'', a part of
Indigo Publications Indigo Publications is a French company that publishes 4 news websites, mostly dedicated to specialized business sectors. History Indigo Publications was established in Paris in 1981. Founder Maurice Botbol assembled a small team of investigati ...
. This report was reprinted by the Bulgarian investigation publication Bivol in December 2020, which appended it with public registry documents which indicated that the company's Bulgarian office had grown to employ up to 150 people and had received two loans worth about 275 million American dollars in 2017 from two
offshore companies The term "offshore company" or “offshore corporation” is used in at least two distinct and different ways. An offshore company may be a reference to: * a company, group or sometimes a division thereof, which engages in offshoring business pro ...
and a
Swiss bank Banking in Switzerland dates to the early eighteenth century through Switzerland's merchant trade and has, over the centuries, grown into a complex, regulated, and international industry. Banking is seen as emblematic of Switzerland, along with ...
registered in the
Cayman Islands The Cayman Islands () is a self-governing British Overseas Territory—the largest by population in the western Caribbean Sea. The territory comprises the three islands of Grand Cayman, Cayman Brac and Little Cayman, which are located to the ...
.


History

NSO was founded in 2010 by Niv Karmi, Omri Lavie, and Shalev Hulio. In 2012, the Federal government of Mexico announced the signing of a $20 million contract with NSO. It was later revealed by a ''New York Times'' investigation that NSO's product was used to target journalists and human rights activists in the country. NSO pitched its spyware to the Drug Enforcement Administration (DEA), which declined to purchase it due to its high cost. In 2015, the company sold
surveillance technology Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as c ...
to the government of Panama. The contract later became the subject of a Panamanian anti-corruption investigation following its disclosure in a leak of
confidential information Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...
from Italian firm
Hacking Team HackingTeam was a Milan-based information technology company that sold offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "''Remote Control Systems''" enable governments and corporatio ...
. In August 2016, NSO (through its U.S. subsidiary Westbridge) pitched its U.S. version of Pegasus to the
San Diego Police Department The San Diego Police Department (SDPD) is the primary law enforcement agency for the city of San Diego, California. The department was officially established on May 16, 1889. History Prior to the establishment of the San Diego Police Departme ...
(SDPD) In the marketing material, Westbridge emphasized that the company is U.S. based and majority owned by a U.S. parent company. A SDPD Sergeant responded to the sales pitch with "sounds awesome". The SDPD declined to purchase the spyware as it was too expensive. Around 2016, NSO reportedly sold Pegasus software to
Ghana Ghana (; tw, Gaana, ee, Gana), officially the Republic of Ghana, is a country in West Africa. It abuts the Gulf of Guinea and the Atlantic Ocean to the south, sharing borders with Ivory Coast in the west, Burkina Faso in the north, and To ...
. In June 2018, an Israeli court indicted a former employee of NSO for allegedly stealing a copy of Pegasus and attempting to sell it online for $50 million worth of cryptocurrency. In August 2018, the human rights group
Amnesty International Amnesty International (also referred to as Amnesty or AI) is an international non-governmental organization focused on human rights, with its headquarters in the United Kingdom. The organization says it has more than ten million members and sup ...
accused NSO of helping Saudi Arabia spy on a member of the organization's staff. In April 2019, NSO froze its deals with Saudi Arabia over a scandal alleging NSO software's role in tracking murdered journalist
Jamal Khashoggi Jamal Ahmad Khashoggi (; ar, جمال أحمد خاشقجي, Jamāl ʾAḥmad Ḵāšuqjī, ; 13 October 1958 – 2 October 2018) was a Saudi journalist, dissident, author, columnist for ''Middle East Eye'' and ''The Washington Post'', and a ge ...
in the months before his death. In May 2019, messaging service WhatsApp alleged that a
spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...
injection
exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...
targeting its calling feature was developed by NSO. WhatsApp stated that the exploit targeted 1,400 users in 20 countries, including "at least 100 human-rights defenders, journalists and other members of civil society". NSO denied involvement in selecting or targeting victims, but did not explicitly deny creating the exploit. In response to the alleged cyberattack, WhatsApp sued NSO. In June 2019, NSO began setting up a test facility in New Jersey for the FBI which had procured NSO's services, and began testing a version of Pegasus developed for U.S. government agencies to be used on U.S. phones. After two years of deliberations in the FBI and Department of Justice, the FBI decided not to deploy the tools for domestic use in the summer of 2021, with the New Jersey facility laying dormant as of early 2022. The DEA, Secret Service, and
United States Africa Command The United States Africa Command (USAFRICOM, U.S. AFRICOM, and AFRICOM), is one of the eleven unified combatant commands of the United States Department of Defense, headquartered at Kelley Barracks, Stuttgart, Germany. It is responsible for U. ...
had also held discussions with NSO which however did not proceed beyond that stage. In April 2020,
Motherboard A motherboard (also called mainboard, main circuit board, mb, mboard, backplane board, base board, system board, logic board (only in Apple computers) or mobo) is the main printed circuit board (PCB) in general-purpose computers and other expand ...
reported about an incident that occurred several years prior in which an NSO employee used a client's Pegasus tool to spy on a love interest (a female personal acquaintance) during a work trip to the UAE. The employee broke into the client's office outside of office hours to use the tool, prompted an alert and an investigation by the client. The employee was detained by authorities, and fired by NSO, Motherboard's sources said. Sources also told Motherboard that NSO leadership held a meeting to prevent similar incidents in the future, and subsequently adopted more rigorous screening of employees that interact with clients. In July 2020, Motherboard reported that the US branch of NSO was pitching its brand of Pegasus to the US Secret Service during 2018. In November 2021, the United States added the NSO Group to its
Entity List The Entity List is a trade restriction list published by the United States Department of Commerce's Bureau of Industry and Security (BIS), consisting of certain foreign persons, entities, or governments. Entities on the Entity List are subject to U ...
, for acting "contrary to the foreign policy and national security interests of the US" and it effectively bans the sale of hardware and software to the company. The listing deprived NSO of U.S. technology on which NSO relies, crippling its operations. Israeli officials subsequently unsuccessfully attempted to get the blacklisting overturned, and NSO reportedly tried and failed multiple times to meet with the U.S. Bureau of Industry and Security to attempt to obtain export waivers. In December 2021, 86 human rights organisations sent a joint letter calling on the EU to impose global sanctions against NSO Group and seek to "prohibit the sale, transfer, export and import of the Israeli company’s surveillance technology" due to the risks NSO's technology poses for human rights globally. In January 2022, ''
Calcalist ''Calcalist'' ( he, כלכליסט, a Hebrew wordplay on ''The Economist'', from כלכלה) is an Israeli daily business newspaper and website. History and profile ''Calcalist'' was first published on 18 February 2008, and currently runs five d ...
'' published an investigatory piece detailing the widespread unlawful use of Pegasus by the
Israeli Police The Israel Police ( he, משטרת ישראל, ''Mišteret Yisra'el''; ar, شرطة إسرائيل, ''Shurtat Isrāʼīl'') is the civilian police force of Israel. As with most other police forces in the world, its duties include crime fightin ...
. Although the Israeli Police formally denied this, some senior police officials have hinted that the claims were true. On February 1, the police admitted that there was, in fact, misuse of the software. On February 7, a second ''
Calcalist ''Calcalist'' ( he, כלכליסט, a Hebrew wordplay on ''The Economist'', from כלכלה) is an Israeli daily business newspaper and website. History and profile ''Calcalist'' was first published on 18 February 2008, and currently runs five d ...
'' report revealed that the warrantless surveillance was very widespread, including that of politicians and government officials, heads of corporations, journalists, activists, and even , the son of then-Prime Minister,
Benjamin Netanyahu Benjamin "Bibi" Netanyahu (; ; born 21 October 1949) is an Israeli politician who served as the ninth prime minister of Israel from 1996 to 1999 and again from 2009 to 2021. He is currently serving as Leader of the Opposition and Chairman of ...
. After outcry and calls for a state commission of inquiry, including from the current police commissioner himself, the Minister of Public Security (the minister responsible for the police), Omer Bar-Lev, announced that he will be forming a commission of inquiry, to be chaired by a retired judge, and whose powers will basically be indistinguishable from a state commission. A 507-page document prepared by
Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...
showed that the cybersecurity startsup Corellium offered or sold its tools to spyware and hacking-tool makers, including NSO Group in Israel and
DarkMatter DarkMatter was an art and activist collaboration between Janani Balasubramanian and Alok Vaid-Menon, known for their spoken word performances and queer/trans South Asian themes. Background Balasubramanian and Vaid-Menon, both Indian American, m ...
in the United Arab Emirates. NSO Group has been one of the Corellium’s controversial clients that sells its tools to repressive nations with poor human rights records, including the UAE. Corellium said both NSO and DarkMatter had access to a trial version of their software for a limited time with limited functionality. However, documents revealed that Corellium worked with several companies to use software bugs and exploits to hack into Android and
iOS iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also includes ...
mobile phones.


Products and services


Pegasus

NSO Groups offers the smartphone spyware tool Pegasus to government clients for the exclusive intended purpose of combating crime and terrorism. The first version of Pegasus was finalised in 2011. Pegasus spyware is classified as a weapon by Israel and any export of the technology must be approved by the government. The
Israeli Ministry of Defense The Ministry of Defense ( he, מִשְׂרַד הַבִּטָּחוֹן, Misrad HaBitahon, Ministry of Security, acronym: he, משהב"ט) of the government of Israel, is the governmental department responsible for defending the State of Isra ...
licenses the export of Pegasus to foreign governments, but not to private entities. Pegasus is compatible with iPhone and Android devices. It can be deployed remotely. Once deployed, it allows the client to access the target phone's data and sensors, including: location data, texts, emails, social media messages, files, camera, and microphone. The client-facing side of the tool is user friendly, and all that may be required (depending upon the case) of the client to begin deployment of Pegasus is to enter the target's phone number into the tool.


Phantom

Phantom is a phone hacking product marketed by Westbridge, the United States branch of NSO Group. According to a former NSO employee, "Phantom" is the brand name for the Pegasus in the U.S., but the two tools are otherwise identical. Israel required NSO Group to program Pegasus so as not to be able to target US phone numbers. NSO then launched Phantom for the U.S. market for use on U.S. targets, receiving permission from Israel to develop it as a specialty tool for exclusive use by U.S. governmental agencies.


Circles

In 2014, the surveillance firm Circles was acquired by Francisco Partners, becoming a corporate affiliate of NSO Group. Circles' product is a phone geolocation tool. The firm has two systems. One operates by connecting to the purchasing country's local telecommunications companies’ infrastructure. The other separate system, known as the “Circles Cloud”, is capable of interconnecting with telecommunications companies across the globe. In December 2020, the ''
Citizen Lab The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness ...
'' reported that Supreme Council on National Security (SCNS) of the
United Arab Emirates The United Arab Emirates (UAE; ar, اَلْإِمَارَات الْعَرَبِيَة الْمُتَحِدَة ), or simply the Emirates ( ar, الِْإمَارَات ), is a country in Western Asia (The Middle East). It is located at th ...
was set to receive both these systems. In a lawsuit filed against the NSO group in
Israel Israel (; he, יִשְׂרָאֵל, ; ar, إِسْرَائِيل, ), officially the State of Israel ( he, מְדִינַת יִשְׂרָאֵל, label=none, translit=Medīnat Yīsrāʾēl; ), is a country in Western Asia. It is situated ...
, emails revealed links between Circles and several customers in the United Arab Emirates. Documents also revealed that Circles sent targets’ locations and phone records to the UAE SCNS. Aside from Israel and the UAE, the report named the governments of
Australia Australia, officially the Commonwealth of Australia, is a Sovereign state, sovereign country comprising the mainland of the Australia (continent), Australian continent, the island of Tasmania, and numerous List of islands of Australia, sma ...
,
Belgium Belgium, ; french: Belgique ; german: Belgien officially the Kingdom of Belgium, is a country in Northwestern Europe. The country is bordered by the Netherlands to the north, Germany to the east, Luxembourg to the southeast, France to th ...
,
Botswana Botswana (, ), officially the Republic of Botswana ( tn, Lefatshe la Botswana, label=Setswana, ), is a landlocked country in Southern Africa. Botswana is topographically flat, with approximately 70 percent of its territory being the Kalahar ...
,
Chile Chile, officially the Republic of Chile, is a country in the western part of South America. It is the southernmost country in the world, and the closest to Antarctica, occupying a long and narrow strip of land between the Andes to the east a ...
,
Denmark ) , song = ( en, "King Christian stood by the lofty mast") , song_type = National and royal anthem , image_map = EU-Denmark.svg , map_caption = , subdivision_type = Sovereign state , subdivision_name = Danish Realm, Kingdom of Denmark ...
,
Ecuador Ecuador ( ; ; Quechua: ''Ikwayur''; Shuar: ''Ecuador'' or ''Ekuatur''), officially the Republic of Ecuador ( es, República del Ecuador, which literally translates as "Republic of the Equator"; Quechua: ''Ikwadur Ripuwlika''; Shuar: ''Eku ...
,
El Salvador El Salvador (; , meaning " The Saviour"), officially the Republic of El Salvador ( es, República de El Salvador), is a country in Central America. It is bordered on the northeast by Honduras, on the northwest by Guatemala, and on the south b ...
,
Estonia Estonia, formally the Republic of Estonia, is a country by the Baltic Sea in Northern Europe. It is bordered to the north by the Gulf of Finland across from Finland, to the west by the sea across from Sweden, to the south by Latvia, a ...
,
Equatorial Guinea Equatorial Guinea ( es, Guinea Ecuatorial; french: Guinée équatoriale; pt, Guiné Equatorial), officially the Republic of Equatorial Guinea ( es, link=no, República de Guinea Ecuatorial, french: link=no, République de Guinée équatoria ...
,
Guatemala Guatemala ( ; ), officially the Republic of Guatemala ( es, República de Guatemala, links=no), is a country in Central America. It is bordered to the north and west by Mexico; to the northeast by Belize and the Caribbean; to the east by H ...
,
Honduras Honduras, officially the Republic of Honduras, is a country in Central America. The republic of Honduras is bordered to the west by Guatemala, to the southwest by El Salvador, to the southeast by Nicaragua, to the south by the Pacific Oce ...
,
Indonesia Indonesia, officially the Republic of Indonesia, is a country in Southeast Asia and Oceania between the Indian and Pacific oceans. It consists of over 17,000 islands, including Sumatra, Java, Sulawesi, and parts of Borneo and New Guine ...
,
Kenya ) , national_anthem = "Ee Mungu Nguvu Yetu"() , image_map = , map_caption = , image_map2 = , capital = Nairobi , coordinates = , largest_city = Nairobi , ...
,
Malaysia Malaysia ( ; ) is a country in Southeast Asia. The federation, federal constitutional monarchy consists of States and federal territories of Malaysia, thirteen states and three federal territories, separated by the South China Sea into two r ...
,
Mexico Mexico (Spanish: México), officially the United Mexican States, is a country in the southern portion of North America. It is bordered to the north by the United States; to the south and west by the Pacific Ocean; to the southeast by Guatema ...
,
Morocco Morocco (),, ) officially the Kingdom of Morocco, is the westernmost country in the Maghreb region of North Africa. It overlooks the Mediterranean Sea to the north and the Atlantic Ocean to the west, and has land borders with Algeria to ...
,
Nigeria Nigeria ( ), , ig, Naìjíríyà, yo, Nàìjíríà, pcm, Naijá , ff, Naajeeriya, kcg, Naijeriya officially the Federal Republic of Nigeria, is a country in West Africa. It is situated between the Sahel to the north and the Gulf o ...
,
Peru , image_flag = Flag of Peru.svg , image_coat = Escudo nacional del Perú.svg , other_symbol = Great Seal of the State , other_symbol_type = Seal (emblem), National seal , national_motto = "Fi ...
,
Serbia Serbia (, ; Serbian language, Serbian: , , ), officially the Republic of Serbia (Serbian language, Serbian: , , ), is a landlocked country in Southeast Europe, Southeastern and Central Europe, situated at the crossroads of the Pannonian Bas ...
,
Vietnam Vietnam or Viet Nam ( vi, Việt Nam, ), officially the Socialist Republic of Vietnam,., group="n" is a country in Southeast Asia, at the eastern edge of mainland Southeast Asia, with an area of and population of 96 million, making i ...
,
Zambia Zambia (), officially the Republic of Zambia, is a landlocked country at the crossroads of Central Africa, Central, Southern Africa, Southern and East Africa, although it is typically referred to as being in Southern Africa at its most cent ...
, and
Zimbabwe Zimbabwe (), officially the Republic of Zimbabwe, is a landlocked country located in Southeast Africa, between the Zambezi and Limpopo Rivers, bordered by South Africa to the south, Botswana to the south-west, Zambia to the north, and Mozam ...
as likely customers of Circles surveillance technology. In September 2021, ''Forensic News'' published shipping records showing that in 2020 Circles supplied equipment to Uzbekistan's State Security Service (SGB).


Criticism and controversies


Use of undercover private investigators to pursue critics

In October 2018,
Associated Press The Associated Press (AP) is an American non-profit news agency headquartered in New York City. Founded in 1846, it operates as a cooperative, unincorporated association. It produces news reports that are distributed to its members, U.S. newspa ...
reported that two
Citizen Lab The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness ...
researchers were being pursued by undercover operatives with false identities. The undercover agents had been inquiring about their work involving NSO Group, and also appeared to be trying to goad the researchers into making anti-Semitic or otherwise damaging remarks. After growing suspicious, one researcher contacted AP reporters. Together, they managed to arrange a sting during a meeting with a suspected undercover operative at a hotel luncheon with AP journalists secretly awaiting nearby; after the journalists approached the operative to question him, the operative fled, bumping into chairs and circling the room as he tried to get away. There also appeared to be two additional undercover operatives in the room. The operative that met the researcher appeared to be filming the researcher with a hidden camera during the meeting, and one of the operatives standing nearby appeared to be recording the meeting as well. The operative was later identified as a former Israeli security official. Responding to the AP report, NSO denied any involvement. It was later also uncovered that the identified undercover agent had previously worked on a case linked to the Israeli private intelligence agency
Black Cube Black Cube (BC Strategy Ltd) is a private intelligence agency based in London, Tel Aviv and Madrid, which drew widespread condemnation for its work surveilling and assisting with efforts to slander the reputations of women accusing Harvey Weinste ...
; NSO Group subsequently denied contracting Black Cube, and Black Cube denied involvement as well. In February 2019, Associated Press reported that at least four more individuals - three lawyers involved in lawsuits against NSO Group for alleged sales of NSO spyware to governments with poor human rights records, and one journalist who had been covering said litigation - were being pursued by undercover operatives for their work on NSO. Undercover agents again tried to goad the individuals into making racist or anti-Israel remarks. Two of the individuals were surreptitiously recorded by the undercover operatives. Channel 12, an Israeli television channel, obtained and aired the secret recordings made by the undercover operatives shortly before the AP published the revelations. Channel 12 claimed the two individuals were attempting to smear NSO Group on behalf of Qatar. Channel 12 also confirmed that Black Cube undercover investigators were involved.


WhatsApp lawsuit

In May 2019, messaging service WhatsApp alleged that a
spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...
injection
exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...
targeting its calling feature was developed by NSO. Victims were exposed to the spyware
payload Payload is the object or the entity which is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of ...
even if they did not answer the call. WhatsApp told the ''
Financial Times The ''Financial Times'' (''FT'') is a British daily newspaper printed in broadsheet and published digitally that focuses on business and economic current affairs. Based in London, England, the paper is owned by a Japanese holding company, Nik ...
'' that "the attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems." NSO denied involvement in selecting or targeting victims, but did not explicitly deny creating the exploit. In response to the alleged cyberattack, WhatsApp sued NSO under the Computer Fraud and Abuse Act and other US laws in a
San Francisco San Francisco (; Spanish language, Spanish for "Francis of Assisi, Saint Francis"), officially the City and County of San Francisco, is the commercial, financial, and cultural center of Northern California. The city proper is the List of Ca ...
court on October 29. WhatsApp stated that the exploit targeted 1,400 users in 20 countries, including "at least 100 human-rights defenders, journalists and other members of civil society". WhatsApp alerted the 1,400 targeted users. In at least one case, the surveillance was authorized by a judge. NSO employees had complained to WhatsApp about improved security, according to the court filings by WhatsApp and its parent company Facebook: In April 2020, NSO group blamed its government clients for the hacking of 1,400 WhatsApp users, including journalists and human rights activists. However, the firm did not disclose the names of the clients which, as Citizen Lab stated, include authorities in Saudi Arabia, UAE, Bahrain, Kazakhstan, Morocco, and Mexico. In court filings WhatsApp alleged that its investigation showed that the hacks originated from NSO Group servers rather than its clients'. WhatsApp said "NSO used a network of computers to monitor and update Pegasus after it was implanted on users' devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers' operation and use of Pegasus." WhatsApp said that NSO gained "unauthorised access" to WhatsApp servers by reverse-engineering the WhatsApp app to be able to evade security features. NSO responded "NSO Group does not operate the Pegasus software for its clients".


Apple lawsuit

In November 2021, Apple Inc. filed a complaint against NSO Group and its parent company Q Cyber Technologies in the
United States District Court for the Northern District of California The United States District Court for the Northern District of California (in case citations, N.D. Cal.) is the federal United States district court whose jurisdiction comprises the following counties of California: Alameda, Contra Costa, Del ...
about the
FORCEDENTRY FORCEDENTRY, also capitalized as ForcedEntry, is a security exploit allegedly developed by NSO Group to deploy their Pegasus spyware. It enables the "Zero-click attack, zero-click" exploit that is prevalent in iOS 13 and below, but also compromis ...
exploit used to deploy the Pegasus spyware package, requesting injunctive relief, compensatory damages, punitive damages, and disgorgement of profits. The " zero-click" exploit was discovered by the Canadian
Citizen Lab The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness ...
after Saudi activist
Loujain al-Hathloul Loujain al-Hathloul ( ar, لجين الهذلول ''Lujjayn al-Hadhlūl''; born 31 July 1989) is a Saudi women's rights activist, a social media figure, and political prisoner. She is a graduate of the University of British Columbia. Al-Hathloul ...
's iPhone was hacked. Technical information uncovered by Bill Marczak's team at the lab allowed Apple to warn thousands of its users, including U.S. State Department employees in Uganda. Researchers also discovered that spyware from QuaDream, another Israeli vendor, took advantage of the same vulnerability in iPhones.


See also

*
DarkMatter (Emirati company) DarkMatter Group is a computer security company founded in the United Arab Emirates (UAE) in 2014 or 2015. The company describes itself as a purely defensive company, but several whistleblowers have alleged that it is involved in offensive cybe ...
* Israeli technology * Quadream *
SCL Group SCL Group (formerly Strategic Communication Laboratories) was a private British behavioural research and strategic communication company that came to prominence through the Facebook–Cambridge Analytica data scandal involving its subsidiaries ...
*
WhatsApp snooping scandal On October 30, 2019, WhatsApp's parent company Meta Platforms, Facebook, Inc. confirmed that Pegasus (spyware), Pegasus, a sophisticated snooping software developed by Israel's NSO Group, was used to target Indian journalists, activists, lawyers ...


References


External links

* {{Hacking in the 2010s Companies based in Herzliya Espionage scandals and incidents Hacker groups Israeli companies established in 2010 Mergers and acquisitions of Israeli companies Security companies of Israel Spyware companies Technology companies established in 2010 Private intelligence agencies