The Guardian / July 30, 2021
Top Biden administration official reportedly raised questions about spyware sold by NSO Group.
The White House has raised concerns with top Israeli officials about allegations that spyware sold by Israeli surveillance company NSO Group has been used by governments around the world to monitor journalists and activists and – potentially – government officials with close ties to the US.
Brett McGurk, a top Biden administration adviser on the Middle East, raised questions privately about NSO in a meeting last week with Zohar Palti, a senior Israeli defence ministry official, according to reports by Axios and the Washington Post.
Palti reportedly told McGurk that the controversy was being taken very seriously and that Israel was examining whether it needed to change rules around how offensive cyber-weapons were sold to other countries.
Under the current rules, Israel’s ministry of defence reviews requests for export licences before NSO’s surveillance technology is sold to a foreign country. NSO has said the reviews are rigorous and take into account a country’s human rights record.
The development comes two weeks after the Pegasus project, a journalistic consortium that includes The Guardian and 16 other media partners, revealed details of a massive leak of phone numbers of individuals who are believed to have been selected as candidates for possible surveillance by NSO’s government clients, including Saudi Arabia, the United Arab Emirates and Hungary.
The phone numbers of the French president, Emmanuel Macron, and Joe Biden’s Iran envoy [and former Program Director for Middle East and North Africa at the International Crisis Group], Robert Malley, were among tens of thousands of numbers of individuals who were apparently considered people of interest by NSO clients.
Forensic analysis of dozens of phones by Amnesty International’s Security lab, a technical partner of the Pegasus project, found that many of the phones analyzed and included on the leaked list had either been infected by NSO’s spyware, called Pegasus, or that there had been attempted infections.
When NSO’s Pegasus spyware infects a phone, government clients who use it can gain access to an individual’s phone conversations, messages, photos and location, as well as turn the phone into a portable listening device by manipulating its recorder.
The leak contains a list of more than 50,000 phone numbers that are believed to have been identified as those of people of interest by NSO clients since 2016.
The appearance of a number on the leaked list does not mean it was subject to an attempted or successful hack. NSO said Macron was not a “target” of any of its customers, meaning the company denies there was any attempted or successful Pegasus infection of his phone. It says it is technically impossible for its foreign government clients to target US phone numbers with Pegasus.
NSO has also said the data has “no relevance” to the company, and has rejected the reporting by the Pegasus project as “full of wrong assumptions and uncorroborated theories”. It denied that the leaked data represented those targeted for surveillance by the Pegasus software. NSO has called the 50,000 number exaggerated and said it was too large to represent individuals targeted by Pegasus.
The Washington Post, a partner in the Pegasus project, reported on Thursday that an Israeli official had confirmed contact in recent days between US and Israeli officials about the consortium’s findings, and that Israeli officials had told US counterparts that the matter was being taken seriously.
Israel has reportedly also launched its own investigation into the matter.
Israeli authorities inspected NSO’s offices near Tel Aviv on Wednesday, at the same time as the defence minister, Benny Gantz, arrived for a pre-arranged visit to Paris in which the Pegasus revelations were discussed with his French counterpart.
Early media reports described the moves on NSO’s offices as a raid, but the company said in a statement that the authorities had “visited” rather than raided its premises.
NSO said it had been informed in advance that defence ministry officials responsible for overseeing commercial exports of sensitive cyber-exports would be doing an inspection.
“The company is working in full transparency with the Israeli authorities,” it said.
Stephanie Kirchgaessner is The Guardian’s US investigations correspondent, based in Washington DC