The NSO Group's latest scandal is the gift that keeps on giving. The malware purveyor has always been controversial, thanks to its decision to sell powerful cellphone exploits to known human rights violators. That these exploits have been used to place world leaders, journalists, activists, and religious leaders under surveillance is just the expected result of choosing to do business with extremely shady governments.
A list of 50,000 phone numbers portrayed as potential targets for NSO's Pegasus malware is the latest black eye for the Israeli company. The list contains numbers linked to all of the sorts of individuals listed above -- not exactly the criminals and "Bin Ladens" of the world, as NSO claims its software is used to surveil.
These revelations have led to a lot of obfuscation and backpedaling by NSO, which simultaneously claims its customers do not abuse its products while also claiming it has no insight into how its customers choose to deploy the Pegasus malware. So, when NSO says it takes action when customers use its product to target people who aren't suspected criminals or terrorists, it's pretty much just making stuff up because it really doesn't know the malware is being used or who it's being deployed against.
This has prompted reactions all over the world. In France (where activists are being sued for claiming governments have deployed this spyware), French President Emmanuel Macron recently acquired a new phone after discovering his old one had potentially been targeted by a foreign government using NSO's spyware. This prompted a call from the French government to the Israeli government demanding some answers about NSO Group, its customers, and its targets.
It also prompted an investigation into the deployment of the Pegasus malware in France. And this shows you just how quickly a government can wrap up an investigation when it's sure it will be pointing its finger at other governments or their constituents: it only took nine days to get some actionable results.
France’s cybersecurity agency has confirmed the mobile phones of two French journalists from the investigative news outlet Mediapart were hacked with the Pegasus spyware, the first instance of such surveillance being detected by a government agency.
The hacking of the phones of Lénaïg Bredoux and Edwy Plenel, the two journalists from Mediapart, was earlier detected by Amnesty International’s security lab as part of the reporting by an international consortium of journalists on the targeting of 50,000 phone numbers around the world by clients of the Isreali firm NSO Group, which developed Pegasus.
Meanwhile, the Israeli government has opened its own... something... of NSO Group. But this inquiry is moving much more cautiously with local agencies showing much less urgency.
The Record reports NSO Group was "raided" by Israeli government agencies, including the Ministry of Defense. But The Record's own reporting shows this was much more casual than its headline suggests.
Israeli news outlet Calcalist, which also reported on the raids earlier today, cited an anonymous source who said the raids were more of a formal meeting than an in-depth audit of NSO’s documents and computer systems.
A tweet by the Ministry of Defense also appears to confirm this wasn't really a raid.
Representatives from a number of bodies came to NSO today to examine the publications and allegations raised in this case.
NSO says it "welcomes" the investigation and is cooperating with the Israeli government. As for the Ministry of Defense, it won't even go so far as to call it an "investigation."
Israel’s Defense Ministry has been mum about its plans to investigate the firm and remained laconic about the matter on Wednesday, refusing to elaborate on the nature of the visit, if a formal investigation had been launched, who the officials were and what specific allegations they were checking.
NSO must be feeling some pressure. While it's obligated to follow local export license laws when selling its products to foreign governments, it pretty much takes violating a UN embargo to run afoul of Israeli law, allowing NSO Group to sell its products to a number of countries that aren't exactly on good terms with the company's homeland. Nevertheless, for the first time ever, NSO Group is actually taking the sort of action it claims has always been standard operating procedure when its customers are suspected of abusing its products.
Israeli spyware company NSO Group has temporarily blocked several government clients around the world from using its technology as the company investigates their possible misuse, a company employee told NPR on Thursday.
The suspensions are in response to an investigation by the Pegasus Project, a consortium of media outlets that reported the company's Pegasus spyware was linked to hacks and potential surveillance of telephones of people including journalists, human rights activists and heads of state.
This seems to indicate that the list of numbers is actually related to NSO Group and potential targets of its customer base. If the list has nothing to do with NSO or its customers -- as NSO has claimed -- it likely wouldn't feel compelled to cut off customers and/or curtail their use of Pegasus malware. While this isn't an explicit admission of culpability by NSO, the implication is that the company sold its products to governments it knew would abuse them to surveil people they didn't like, rather than just criminals and terrorists.