Israel's NSO: The shadowy firm behind the 'chilling' spyware used to hack WhatsApp and cloud services
For campaigners and lawyers targeted by nation state cyber surveillance, the watchful eye of an authoritarian regime can feel impossible to escape.
“I first started noticing these weird calls in March,” one human rights lawyer told The Telegraph. “It was video calls on WhatsApp, these calls were three or four seconds and by the time you get to the phone the call is gone.”
Random calls are common enough and are usually benign, but when you’re a lawyer representing Mexican and Saudi dissidents who have previously been targeted by spyware, a succession of mystery calls in the early hours of the morning from Sweden, Iceland and Ireland offered understandable cause for alarm.
The lawyer, who requested anonymity, is among a string of people who believe they have been targeted by Pegasus, a powerful smartphone virus developed by a shadowy Israeli security company and sold to security forces around the world.
In the murky world of digital espionage, Pegasus is not the winged horse of Greek mythology, but a devastating cyber weapon.
The software has allegedly been used to remotely target users over WhatsApp, and has recently been reported to have the capability to break into users cloud storage on services like Google Drive and iCloud.
It is the flagship software of Israeli private security company NSO Group Technologies, a company that deals in “chilling” hacks to spy on smartphones.
The software is described by NSO co-founder Shalev Hulio in suitably mythic terms. Pegasus is the company’s “Trojan horse” that could be sent “flying through the air to devices” and infiltrate them, he says.
Founded in 2010, the Herzliya headquartered company is currently valued at $1bn and employs 500 cyber security experts. Hulio, the company’s chief executive, spent his time in the army in a search and rescue unit, before creating the company with Omri Lavie.
NSO’s website says it develops spying technologies to help “government agencies prevent and investigate terrorism” saving “thousands of lives”.
But according to human rights agencies, cyber security experts and Middle East activists spoken to by The Telegraph, the company’s technology is linked to efforts to crack down on activists and journalists in the region.
It is accused of allowing its tool to be used to target activists and create a virus able to infiltrate WhatsApp, a messaging app used by 1.5 billion people. That spyware gives hackers full access to a target’s phone, including their camera and microphone.
“The NSO are no amateurs at this and stop at nothing,” says Jake Moore, a cyber security specialist at Slovakian security firm Eset.
According to Citizen Lab at the University of Toronto, NSO’s Pegasus software has been detected in 45 countries. In six states at least, members of civil society had become targets, Citizen Lab says.
And increasingly, companies like NSO have been used as a diplomatic sales pitch to Israeli neighbours in the Middle East and the Gulf.
While Israel has no formal diplomatic relations with its Gulf Arab neighbours like Saudi Arabia, the two sides have drawn increasingly close in recent years and are cooperating on a range of security issues.
The relationship is driven partly by their shared opposition to Iran. But it is also fueled by the Arab states’ interest in acquiring Israeli security technology like NSO’s spyware, which they see as a powerful tool against terrorists but also political dissidents.
The company does not deny that it provides its services to Saudi Arabia, although it says strenuously that its technology was not used against Jamal Khashoggi, the Washington Post journalist murdered by Saudi operatives last year.
However, Saudi intelligence agencies armed with NSO spyware appear to have gone after several of Khashoggi’s associates. Among them is believed to be Iyad el-Baghdadi, an Arab freedom activist. The CIA recently warned that Mr Baghdadi was being targeted by Saudi Arabia.
Mr el-Baghdadi said he was careful about his digital safety and never clicked links to try to keep his devices free from NSO spyware. “But then they upped their delivery mechanisms, including what we just found about Whatsapp, to the point that it’s impossible to keep yourself safe,” he told The Telegraph.
In May, NSO was accused in a court filing of “chilling attacks” on human rights activists by Amnesty International. The campaign group is calling for an export ban on NSO’s technology to prevent it being used for breaches of the human rights act.
Amnesty pointed to one of its own researchers who it believed had been targeted by NSO technology. A source close to Amnesty said it believed the attack originated from Saudi intelligence forces. A separate attack was also detected against a UK lawyer working on a human rights abuse case in Mexico.
For its part, NSO’s chief executive Hulio says the company has performed tests to ensure its products were not used in the murder of Khashoggi, which he called “a shocking murder”, according to Israeli news site Ynet.
NSO says it strictly vets its clients and would not allow its tools to be used against activists. It said its technology is “solely operated by intelligence and law enforcement agencies”. It has also said its tools are not used for “hacking or mass-collection” from cloud services.
But el-Baghdadi and Amnesty lawyers have both called on Israel to support a tighter control on NSO technology, to prevent it being sold to oppressive regimes. But the prospect of change seems unlikely. For el-Baghdadi, it will be up to technology companies to use full legal force in dealing with these hacking arms deals.
“I think the tech companies themselves need to be extremely concerned about this. Someone has to tell this company to back off,” he said.
While most ordinary people can happily keep using WhatsApp without fear of being spied on by a foreign state, for el-Baghdadi, that is a daily risk. “I am continuing under the assumption they could hack me at any moment,” he says.
An NSO spokesman said: “We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organization, including this individual.”
