‘Amoral Mercenaries of the 21st Century’: Problems Accumulate for NSO Group | Monitoring
Shalev Hulio, the co-founder of the Israeli group NSO, was in Washington DC on a mission to try to resurrect the reputation of the surveillance firm on Capitol Hill shortly before news broke that it had probably arrived too late. to make a difference.
Without warning its allies in Israel, the Biden administration announced on November 3 that it was putting the spyware maker – one of the world’s most sophisticated cyber weapons companies – on a U.S. blacklist, citing the use of company software by regimes around the world for “transnational repression”.
“That’s the little they knew. Then, boom, it’s out, ”said a person familiar with the matter.
Since then, the news has gone from bad to worse for the company, which has long defended itself against criticism by claiming that its main monitoring tool – the Pegasus software, which can penetrate phones and intercept calls and messages encrypted – is used by governments around the world. the world to silently hack the phones of suspected criminals and terrorists, and save lives.
This week Apple, the world’s largest tech company, became the latest to challenge that narrative when it accused NSO in a scathing lawsuit filed in California of being “21st century amoral mercenaries” whose tools had invited “Routine and flagrant abuse”.
“For their own commercial gain, they allow their customers to abuse [Apple] products and services to target individuals, including government officials, journalists, businessmen, activists, academics and even US citizens, ”Apple said in its lawsuit. While NSO was busy “hiding behind its anonymous clients,” it was committing “multiple violations of federal and state laws” by developing and using – “or helping others to use” – tools that had harmed them. Apple users, according to the lawsuit.
Hours after the complaint was filed, activists said Apple began sending threat notification alerts to suspected victims of state-sponsored hackers in Thailand, El Salvador and Uganda. Reuters reported that at least six Thai activists and researchers who have criticized the government have received the notification.
At the same time, rating agency Moody’s warned that NSO risked defaulting on around $ 500million (£ 375million) debt, which would force the group into insolvency.
For Alaa Mahajna, a lawyer who for years fought a lonely – and difficult – legal battle against NSO, the company’s barrage of bad news has been justified.
“NSO has spent years dismissing criticism and shirking responsibility for human rights violations. It’s very encouraging that most of the big tech companies and the US government are now seeing the pernicious effect of NSO’s technology, ”he said.
Mahajna represents Omar Abdulaziz, a Saudi dissident living in exile in Canada who, according to experts at the University of Toronto’s Citizen Lab, was hacked in 2018, months before Abdulaziz’s friend, journalist Jamal Khashoggi, was brutally murdered at the Saudi embassy in Istanbul.
“As the first lawyer to take legal action against them, I am happy to see that these major players are seeing what we saw four years ago. The atmosphere is definitely changing. It was and still is hard work for everyone involved, and some of us have paid the price, but it’s gratifying to see the tide turn, ”said Abdulaziz.
Other complications are on the horizon. A person familiar with the matter said that at least one bank working for NSO and related entities has raised concerns about being placed on the U.S. Department of Commerce’s Entity List. A person close to NSO said his banking relationships were intact.
While listing does not prohibit the provision of banking services, Kevin Wolf, a partner at Akin Gump law firm, said the list has prohibited the transfer of any technology or software to the company since the United States, a fact that generally made banks and other financial institutions that work for listed companies worried that they might inadvertently break the rules in the ordinary course of business and elicit a response from the US government.
Another person familiar with the matter said that Berkeley Research Group (BRG), a US-based advisory group appointed in August 2021 to manage the financial fund that owns a majority stake in NSO on behalf of its investors, consulted with legal experts from McDermott law firm. Will & Emery to ensure that its own work of managing the fund has not inadvertently violated the Entity List rules. He took these steps, one person said, as part of normal business practice and it is understood that he received legal advice that the actions of the Biden administration did not prevent BRG from handling the investment. fund in the NSO.
The main investors in the financial fund are the American pension funds. A person familiar with BRG said they still have limited information on NSO’s decision-making.
Several media reports have suggested that the NSOs are focusing on trying to convince the Biden administration to remove the company from the entity list.
Responding to questions from The Guardian about its viability in the face of developments, an NSO spokesperson said, “The NSO Group remains strong, proud and confident, and we will continue to provide technology to help law enforcement catch pedophiles, terrorists and criminals. “
A person who spoke to the Guardian on condition of anonymity said the administration was made to act at least in part because of the number of U.S. citizens who had been targeted using Pegasus in the past – including Americans living and working abroad.
NSO has denied that its monitoring tools are being used against US-based mobile phones.
Project Pegasus, a major investigation into NSO by the Guardian and other media coordinated by French media group Forbidden Stories, reported in July that Carine Kanimba, the American daughter of Paul Rusesabagina, the imprisoned Rwandan activist who inspired the movie Hotel Rwanda, had been the victim of an almost constant surveillance campaign by a government client using Pegasus during the first half of 2021. A forensic analysis of Kanimba’s phone, conducted by Amnesty International’s security laboratory , revealed that he had been hacked several times while Kanimba, who is also Belgian and lived in Europe, campaigned and lobbied for the release of his father.
Responding to questions about Apple’s lawsuit this week, an NSO spokesperson said in a statement, “Thousands of lives have been saved around the world thanks to NSO Group’s technologies used by its customers. Pedophiles and terrorists can operate freely in tech havens, and we are providing governments with the legal tools to combat it. NSO Group will continue to advocate for the truth.