Surveillance firm NSO Group is facing mounting pressure from US politicians, Israeli authorities and an internal dispute among its private equity owners following the leak of a database containing 50,000 phone numbers of people allegedly selected as candidates to be monitored using the company’s Pegasus spyware.
Among them are government ministers, human rights activists, journalists and heads of state, including French President Emmanuel Macron.
A coalition of 17 media organisations including The Guardian and The Washington Post uncovered the database. NSO Group claimed the database is “not related” to the company “in any way”.
Once installed, Pegasus spyware gives the operator complete access to the contents of the target’s phone. The operator can, for instance, access any messages, files and emails along with the ability to secretly activate microphones and cameras.
Amnesty International researchers conducted forensic analysis on the smartphones of 67 people listed on the leaked database. They found that 37 devices were infected with Pegasus. NSO Group dismissed this as a “coincidence”.
On Wednesday officials from Israel’s Ministry of Defense visited NSO Group’s company offices near Tel Aviv for an inspection in relation to the ongoing allegations against the surveillance firm.
A Google-translated tweet by the Ministry said: “Representatives from a number of bodies came to the NSO company today to examine the publications and allegations raised in its case.”
Macron has also spoken with Israeli Prime Minister Naftali Bennet to raise concerns about NSO Group. Meanwhile, Israel Defence Minister Benny Gantz has told his French counterpart that he will investigate the matter “with the utmost seriousness”.
An NSO spokesperson confirmed the visit by the Ministry of Defense to Verdict and said it “welcomes their inspection”.
They added: “The company is working in full transparency with the Israeli authorities. We are confident that this inspection will prove the facts are as declared repeatedly by the company against the false allegations made against us in the recent media attacks.”
Earlier this week NSO Group said it will no longer reply to media inquires on Pegasus because it deems coverage of it to be a “well-orchestrated media campaign”.
NSO – not so ESG?
It comes as the private equity firm that owns NSO Group, Novalpina Capital, is to be dissolved following a dispute between its partners. The founders and management team of NSO Group acquired a majority stake in the spyware company from private global equity firm Francisco Partners with the backing of Novalpina Capital in February 2019. Novalpina is to be removed as the manager of its fund, multiple media outlets have reported.
While the development is not directly connected to the NSO spyware allegations, it is likely to complicate any future sale of NSO Group, a feat that will already be difficult given the intense backlash against the company.
The allegations have also raised questions about Novalpina’s ownership of NSO. According to Novalpina’s website, it sees environmental, social and governance (ESG) issues as “an integral part of our business model” and its ESG policy seeks to “reduce or eliminate any negative impacts on society and the environment from companies in which it invests”.
It is not publicly known whether the fallout from the Pegasus scandal has played a role in the internal dispute at Novalpina. However, it is understood that the future ownership of NSO Group is a factor. Verdict has contacted Novalpina Capital for comment.
Only fighting crooks
NSO Group continues to insist that it only sells its spyware to militaries, law enforcement and intelligence agencies for use against criminals and terrorists. It claimed that it does not sell its spyware to governments with poor human rights records.
However, in 2017 the Israeli government gave NSO Group permission to sell its software to the Saudis in a deal reportedly worth $55m, The Guardian reported last week.
The Saudi government has been accused of using Pegasus software in the murder of Washington Post journalist Jamal Khashoggi. NSO Group has denied this allegation.
The revelation has raised questions about NSO’s relationship with then Israel Prime Minister Benjamin Netanyahu.
Last week, NSO Group told the BBC that the company could not be blamed for any misuse of its software.
“All the allegations and all the finger-pointing should be at the customer,” the NSO spokesperson.
Calls in US to blacklist Pegasus spyware
On Tuesday four US Democrat lawmakers joined the chorus of criticism against NSO Group. They called on the Biden administration to place the company on an export blacklist with the likes of Chinese tech giant Huawei.
“Private companies should not be selling sophisticated cyber-intrusion tools on the open market, and the United States should work with its allies to regulate this trade,” said Tom Malinowski of New Jersey, Katie Porter and Anna Eshoo of California, and Joaquin Castro of Texas lawmakers in a joint statement. “Companies that sell such incredibly sensitive tools to dictatorships are the AQ Khans of the cyber world. They should be sanctioned, and if necessary, shut down.”
Last week Amazon Web Services said it shut off cloud infrastructure it provided to NSO Group in response to reports of Pegasus’ misuse.
The capabilities of Pegasus software first came to light in May 2019 when the Financial Times revealed the spyware could infiltrate end-to-end encryption protected messaging app WhatsApp.
Facebook-owned WhatsApp has sued NSO Group over this. The suit is still ongoing.
In January 2020 the United Nations called for an investigation into the hacking of Amazon founder Jeff Bezos’ phone. The Crown Prince of Saudi Arabia had allegedly ordered the breach. The attackers used spyware sold be a private company “such as the NSO Group’s Pegasus-3 malware”, the UN said at the time.
At the time, an NSO spokesperson “unequivocally” denied its technology was used “in this instance”.
Pegasus software can reportedly infiltrate Android smartphones and iPhones, which GlobalData thematic analysts note “damages Apple’s security credentials”.
Aaron Cockerill, chief strategy officer at cybersecurity firm Lookout, said: “Apple should allow third parties to enhance their products so they can cater to the more demanding security scenarios that journalists, human rights activists, politicians, and executives find themselves in. Doing so will help protect their consumer-oriented reputation.”