Israel’s cyberwarfare industry had a bad year

NSO Group was effectively acting as an extension of the Israeli state (Amir Cohen - Reuters)

Tamara Nassar

The Electronic Intifada  /  December 21, 2021

It’s been a bad year for Israel’s notorious cyberwarfare firm NSO Group.

As more news of its role in human rights abuses surfaces, the company has been hammered with lawsuits from tech giants and US government sanctions. It may even be on the verge of collapse.

But that does not mean Israel’s state-sponsored cyberwarfare and espionage industry would disappear with it.

Over the summer, an investigation by the global reporting consortium Forbidden Stories with the help of Amnesty International revealed that NSO Group’s spying technology has been used much more widely than previously known.

When a device is infected with NSO Group’s Pegasus spyware, those doing the spying can extract a staggering amount of data, including pictures, recordings, screenshots, passwords, and email and text messages.

Hackers can also control the device remotely, turning on the camera and recording audio at will. Infection can be difficult or impossible to detect for an average user, and has typically required expert analysis.

Apple last month admitted that NSO Group had breached its iPhone devices, but the firm says that since it recently introduced additional security protections in the iOS operating system, no further compromises have been detected.

Apple is suing NSO Group and its parent company “to hold it accountable for the surveillance and targeting of Apple users.” The iPhone maker wants NSO Group permanently barred from using any of its devices, software or services.

It is only the latest Silicon Valley giant to take legal action against the Israeli firm, with Microsoft and Meta, which owns WhatsApp and Facebook, doing the same in recent years.

It has been known since at least 2016 that the firm’s technology has been used by various governments to monitor opponents.

Reports keep piling up revealing that journalistshuman rights workerspoliticians and others have been spied on using NSO Group technology.

The company’s Pegasus spyware has also been linked to the 2018 murder of Washington Post columnist Jamal Khashoggi inside Saudi Arabia’s consulate in Istanbul.

Now, the US government is cracking down on NSO Group and US lawmakers are calling for more sanctions.

Punishment

Last month, the US government blacklisted NSO Group and another Israeli firm Candiru for making spyware “to maliciously target government officials, journalists, businesspeople, activists, academics and embassy workers.”

This severely limits their ability to do business in the US or with Americans.

The companies are rivals, as both make similar products and share roots.

Many of their personnel are veterans of Unit 8200, a high-tech branch of the Israeli military that spies on Palestinians in order to blackmail them.

Tel Aviv daily Haaretz revealed on Friday that some of Candriu’s clients include Israel’s domestic spying and torture agency Shin Bet, Saudi Arabia, the United Arab Emirates, Spain, Germany and Singapore.

Targets of the firm’s hacking software have been identified in the Palestinian Authority, Lebanon, Iran, Yemen, Turkey and Spain’s Catalonia region.

A month after the US announced its blacklisting of the Israeli firms, Reuters revealed that NSO Group software was used to hack the phones of nine State Department employees.

Reuters cited four unnamed sources for its report. Two said the targeted Americans were either stationed in Uganda or specialized in it.

It is unknown who is behind the hacks, though the Israeli firm insists it only sells its products to governments.

Legal proceedings in the UK have revealed, however, that the ruler of Dubai used NSO Group technology to spy on his estranged wife Princess Haya of Jordan and her legal team during their high-profile divorce.

This calls into serious question the assertion that the Pegasus software is available only to governments or that it is not abused by those in power for personal gain.

Israel’s Haaretz noted that the governments of Uganda and Rwanda, which are both NSO clients, “are the immediate suspects” in the hacking of the US State Department employees.

US lawmakers then called for additional sanctions against NSO Group as well as on DarkMatter Group, a cyberwarfare firm with close ties to the Emirati government. They also want sanctions on European surveillance firms Nexa Technologies and Trovicor.

Adam Schiff, chair of the House Intelligence Committee, and 17 other Democratic lawmakers signed a letter urging measures including freezing the companies’ bank accounts and banning their executives from entering the United States.

Their aim is “to meaningfully punish them and send a clear signal to the surveillance technology industry,” the lawmakers wrote, accusing the companies of facilitating the “disappearance, torture and murder of human rights activists and journalists.”

DarkMatter recruits veterans of Unit 8200.

An arm of the Israeli state

Now, more than 80 human rights groups are calling on the European Union to follow the US government and also sanction NSO Group.

The EU must “prohibit the sale, transfer, export, import and use of NSO Group technologies,” the groups said in a joint letter shared by Human Rights Watch.

According to Haaretz, NSO Group is planning to fight back against the US sanctions by arguing what many already suspected: The company was effectively acting as an extension of the Israeli state.

Eli Pincu, the former head of Israel’s defense export control division – the body that would approve exports to countries like Saudi Arabia – all but confirmed this, Haaretz reported.

“If a company that helped the country’s interest in any way enters the US blacklist for that reason … Isn’t the State of Israel obligated to support it, to defend it, to deal with the issue for it?” Pincu mused at a recent conference.

But the fates of NSO Group and Candiru may already be sealed, according to Haaretz. They may already be too discredited and facing too big an exodus of talent to survive even if the Israeli government lobbies for them in Washington.

However, the newspaper revealed that at least two other Israeli companies – whose existence was until recently secret – are waiting in the wings to take their place: Quadream and Paragon.

The first was founded by former NSO Group employees and the latter by veterans of Unit 8200. Saudi Arabia is already reportedly a client of Quadream.

Paragon can boast Ehud Barak, a former Israeli prime minister, as one of its investors. Paragon says that “authoritarian or undemocratic regimes,” won’t be among its customers, a claim that should be treated with considerable skepticism.

The Israeli defense ministry also now claims to have tightened controls over cyber exports to make sure they are only used in legitimate actions against “serious crime and terrorism.”

But given that the same Israeli defense ministry considers documenting Israeli violations of Palestinian rights and advocating for human rights to be “terrorism,” that is hardly comforting.

Such announcements appear to be nothing more than an attempt to save face by Israel’s defense ministry as NSO Group piles up bans and lawsuits and as embarrassing revelations keep rolling in.

Indeed, an unnamed “senior” Israeli official told a Times of Israel correspondent at a conference of lobby group the Israeli American Council this month that “We have no issues with NSO Group.”

“We have issues with the ones who are violating the use of their technologies,” the Israeli official added. “We explained this to the US.”

Hacked activists

Meanwhile, the global harm from Israel’s cyberwar industry continues to mount.

The phones of at least four Kazakhstani activists were infected with NSO Group’s Pegasus malware, Amnesty International revealed this month.

“This case adds to an already mounting pile of evidence that NSO’s spyware is the weapon of choice for governments seeking to silence social movements and crush dissent,” Amnesty’s Marie Struthers said.

Tamara Nassar is an assistant editor at The Electronic Intifada

Ali Abunimah contributed reporting