The Israeli cyber intelligence company NSO Group has been implicated in an international espionage scandal that includes hacking into the smartphones of journalists, government officials, human rights activists, and others with the use of its Pegasus spyware.
Pegasus is capable of infecting the phones of its targets and extracting messages, photos, and emails. It can also record phone calls and activate microphones, while the phones’ owners remain unaware.
How the NSO Scandal Was Discovered
The story, known as the Pegasus Project, was broken by 17 media outlets, spearheaded by Amnesty International and Forbidden Stories. The initial finding included a list of about 50,000 phone numbers of people as possible candidates for surveillance for NSO clients. Some of the phones were then tested by Amnesty International’s security lab and were found to have traces of NSO’s Pegasus spyware.
NSO Group has denied the allegations and said that the list of numbers is from a simple database of mobile numbers, not related to them. It posted a statement on its site that said the Amnesty International report “is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources.”
Unfortunately for NSO Group, whether the allegations are true or not, they are in hot water. The company has a long history of C-suite staff changes and has recently been struggling to maintain its profit margins.
In 2019, NSO ownership changed hands from Francisco Partners to a partnership between company founders and Novalpina Capital. Currently, NSO is not meeting the projections that it presented to Novalpina. On top of the standard challenges, Facebook is suing NSO over the illegal use of WhatsApp. Democrats in America are calling for sanctions on NSO and other companies like it.
NSO and Israel
Though NSO is a privately-owned company responsible for its actions, it is also undeniably intertwined with the state of Israel. For starters, the company’s sales must be approved by Israel’s Defense Ministry, which undertakes a long process of due diligence to ensure that buyers meet human rights standards.
According to the Washington Post, many US and EU security officials think that NSO delivers information to Israel. “It’s crazy to think that NSO wouldn’t share sensitive national security information with the government of Israel,” said a former US national security official. “That doesn’t mean they’re a front for the Israeli security agencies, but governments around the world assume that NSO is working with Israel.” (Israel and NSO, of course, deny these allegations.)
With the company and the country intertwined, Defense Minister Benny Gantz has flown to France to put out the fires from the new scandal, as French President Emmanuel Macron was allegedly one of the targets. On another note, Amazon’s cloud service has shut down infrastructure linked to NSO, which may further jeopardize the tech giant’s relationship with Israel.
The Call for Comprehensive Regulations
This is not the first time NSO has gotten into trouble. In 2018, its Pegasus spyware was implicated in the spying on and murder of journalist Jamal Khashoggi by Saudi officials. Then and now, NSO maintains that it does not sell its products to clients that don’t pass the process of due diligence.
Unfortunately, there is no real way to tell what actually happened — which is why governments and organizations around the world are calling for more regulations of the cyber espionage industry.
Amnesty International said in a statement, “Until this company (NSO) and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer, and use of surveillance technology.”
While NSO is regulated by several countries, including Israel, this scandal might be the straw that breaks the camel’s back in terms of governments cracking down on these types of companies. Time will tell.