[‘hacking for hire industry’] Pegasus: US lawmakers call out NSO without mentioning Israel

The logo of Israeli cyber firm NSO Group at one of its branches in the Arava Desert, southern Israel (Reuters)

Ali Harb

Middle East Eye  /  July 2021

Four Democrats call for action against the ‘hacking for hire industry’ without mentioning Israel, where Pegasus spyware originated.

Four Democratic US lawmakers have called on the Biden administration to consider placing sanctions against the NSO Group, the Israeli company whose Pegasus spyware targeted journalists, human rights advocates and politicians across the world.

US House members Tom Malinowski, Katie Porter, Joaquin Castro and Anna Eshoo issued a statement on Monday demanding greater scrutiny against the “hacking for hire industry”.

“Private companies should not be selling sophisticated cyber-intrusion tools on the open market, and the United States should work with its allies to regulate this trade,” the legislators said. 

“Companies that sell such incredibly sensitive tools to dictatorships are the A.Q. Khans of the cyber world. They should be sanctioned, and if necessary, shut down.”

Khan is a Pakistani scientist who is accused of running a network to sell nuclear expertise to various states.

Israel unmentioned

Monday’s statement did not have a single reference to Israel, where NSO Group operates and acquires export permits to sell its products to autocratic governments. Israeli intelligence is accused of links to the private company.

Earlier this month, a joint investigation by Forbidden Stories, Amnesty International and 16 media outlets, revealed that thousands of phone numbers may have been compromised by Pegasus across the world. 

Dozens of the numbers on the leaked list were proven to have been hacked by the spyware, which gives the hackers access to the phone’s content as well as the ability to stealthily activate its camera and microphone.

Potential targets included journalists, human rights defenders and government officials. NSO Group maintains that American numbers are technically immune to Pegasus spyware – a claim challenged by cybersecurity experts.

Even then, the numbers of Americans abroad, including diplomats and journalists, were on the list of potential Pegasus victims, the Washington Post reported last week.

On Monday, the four lawmakers called on the US government to launch an investigation to “determine whether America’s national security was harmed, and take steps to protect all Americans, including federal employees, from the threat posed by the growing mercenary spyware industry.”

The leaders of intelligence committees in the House of Representatives and the Senate have been quiet about the issue. 

The chairs and ranking members of the committees in each chamber did not respond to MEE’s questions on whether they plan to investigate Pegasus’s possible threat to US national security.

Saudi Arabia and the United Arab Emirates, both close US allies, are reported to be major clients of NSO’s spyware. The two countries have denied the allegations.

In their statement, Malinowski, Porter, Castro and Eshoo called for depriving the NSO Group of access to American investors, including being publicly traded in US stock markets.

They also urged adding the Israeli firm on the US Commerce Department’s Entity List of companies engaged in activities considered detrimental to US national security and foreign policy interests. 

Companies on the list, including the Chinese phone manufacturer Huawei, face US trade restrictions and additional requirements.

‘Not credible’

The lawmakers said the Biden administration should consider sanctions against NSO’s “abusive clients” under the Global Magnitsky Act, a US law that enables penalizing human rights abusers globally.

NSO Group has denied the allegations that it enabled the spying on activists and journalists, but the Congress members said the denials are “not credible”.

The legislators suggested that spyware firms should be subject to the same rules as conventional weapons manufacturers.

“We would never tolerate a company that contracts with the Pentagon to develop drone, or missile, or laser technology, and then sells that technology on the open market to governments that might use it against us,” they said. 

“If hacking for hire companies continue to exist, clear rules must be established to ensure they only do business with governments in rule of law states.”

Raed Jarrar, advocacy director at Democracy for the Arab World Now (DAWN), said while the congressional statement is a step in the right direction, it falls short of the desired response from Washington.

He criticized the lawmakers for failing to mention Israel in their statement.

“The government of Israel is responsible for approving every single sale by NSO,” Jarrar told MEE. “Officials from the government of Israel who have been involved in this scandalous affair should be condemned and sanctioned by the United States.”

He added that if Iran, North Korea, Russia or China were behind Pegasus spyware, Congress and the administration would have promptly “jumped into action to hold the government responsible”.

“In this case, we have not heard a single mention of Israel,” said Jarrar.

He called on the Biden administration to use all the tools at its disposal, including the Magnitsky Act and Khashoggi Ban, to hold NSO Group, Israeli officials involved and the human rights abusers who used the spyware accountable.

Ali Harb is a writer based in Washington, DC; he reports on US foreign policy, Arab-American issues, civil rights and politics