NSO Group has become one of Israel’s most notorious mercenary private spy agencies.
For an eye-wateringly high fee, the firm flogs a malware suite called Pegasus in order to allow some of the world’s worst dictatorships to spy on its enemies.
Once infiltrated onto a target’s phone, Pegasus can steal an alarming amount of information, including audio and video records, email, text messages, files and photographs.
NSO’s activities amount to state-sanctioned cybercrime.
Like other Israeli private spy agencies, NSO Group’s mercenary activities are deeply enmeshed with the state’s official spy agencies, such as their cybercrime gang, Unit 8200.
NSO Group, of course, claims its activities are legitimate, and its software is only used to target “terrorists” and other assorted criminals.
But these claims are transparently false.
Cybercrime experts have linked NSO’s spyware system to attacks on dissidents, journalists and human rights workers the world over.
These have included reporter Javier Valdez, who was shot dead by a cartel in Mexico. Pegasus was then used to target his family and colleagues. Amnesty International have been targetted too, and they are one of several outfits suing NSO Group for its abuses.
NSO’s system has also been indirectly implicated in the death of exiled Saudi columnist, Jamal Khashoggi – who was so brutally murdered by a Saudi royal death squad in Turkey in 2018. Pegasus was used to intercept phone calls between him and some of his associates.
NSO has long unconvincingly claimed that it has no control over how its clients operate the software systems it sells.
But new court filings in the US this week suggested just how calculated a lie that claim has always been.
Facebook is one of the companies suing NSO Group for hacking users of WhatsApp – the popular messaging app owned by the social media giant.
The app was the primary attack vector for Pegasus – in other words, a now-patched security flaw in WhatsApp was used to infiltrate Pegasus onto targets’ phones.
WhatsApp revealed, in its investigation of the NSO hack of its users filed in court, that servers controlled by NSO – and not its government clients – were an “integral” part of the attacks, according to The Guardian in Washington DC.
That is to say that, according to these court filings, the Pegasus “software suite” sounded very much like a service rather than a simple off-the-shelf software product.
This would make far more sense.
Pegasus is reported to have cost its government clients tens of millions of dollars to license. If it were a simple off-the-shelf software product that NSO has no control over once it sells, it seems far more likely that the clients would have pirated the software rather than pay such astronomical fees.
NSO’s nefarious mercenary behaviour has earned it some well-deserved negative publicity over the last few years.
So now, it is attempting to use the global COVID-19 pandemic to launder its image.
The World Health Organisation claims that contract tracing has an important role to play in defeating the killer pandemic – compiling lists of everyone infected persons have been in contact with since they got the virus so that they can be warned and tested.
NSO and Israel have been peddling “Fleming” as a high-tech contract tracing solution.
But according to one cybercrime expert, the project looks more like a ruse to expand NSO from the world of targetted cybercrime, and into the realm of invasive mass surveillance.
John Scott-Railton, a senior researcher with CitizenLab, analysed screenshots of “Fleming” released publicly by NSO and Bennett. He concluded that it is probably not effective for any genuine contact tracing effort and looks more like another spy tool – perhaps even just a new face for the old ones.
He suggested that Fleming: “Is actually a skin on NSO’s existing surveillance software. NSO can’t say because they are pushing it [to] some existing espionage customers, and naming them is forbidden by contract.”
NSO and other mercenary Israeli spy firms – such as Black Cube, which helped convicted rapist Harvey Weinstein spy on his victims as revenge for daring to speak out – have one particular advantage in the market.
They have a literally captive population – the Palestinians – as a test subject.
Whistleblowers from Unit 8200 revealed that their cybercrime gang spies on the entire Palestinian population.
Such criminals are not to be trusted with our safety during a global pandemic.
The views expressed in this article belong to the author and do not necessarily reflect the editorial policy of Middle East Monitor.