Company:NSO Group

From HandWiki
Short description: Israeli technology firm
NSO Group Technologies Ltd.
TypePrivate
IndustrySurveillance technology
Founded2010; 14 years ago (2010)
Founders
  • Niv Carmi
  • Omri Lavie
  • Shalev Hulio
Headquarters
Herzliya
,
Israel
Key people
Shalev Hulio (CEO)[1]
ProductsPegasus
Owner
  • Novalpina Capital
  • Omri Lavie
  • Shalev Hulio
Websitewww.nsogroup.com

NSO Group Technologies (NSO standing for Niv, Shalev and Omri, names of company's founders) is an Israeli technology firm known for its Pegasus spyware enabling the remote surveillance of smartphones. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio.[2][3][4] It reportedly employed almost 500 people as of 2017, and is based in Herzliya, near Tel Aviv.[1][5][6]

Annual revenues were said to be around $40 million in 2013 and $150 million in 2015.[2][7] In June 2017, the company was put up for sale for $1 billion by Francisco Partners Management.[5] Founders Lavie and Hulio, partnering with European private equity fund Novalpina Capital, purchased a majority stake in NSO in February 2019.[8]

NSO claims that it provides "authorized governments with technology that helps them combat terror and crime".[9] According to several reports, software created by NSO Group was used in targeted attacks against human rights activists and journalists in various countries[10][11][12], was used in state espionage against Pakistan [13], and played a role in the murder of Saudi dissident Jamal Kashoggi.[14] In October 2019, instant messaging company WhatsApp and its parent company Facebook sued NSO under the US Computer Fraud and Abuse Act (CFAA).

History

NSO's founders are said to be ex-members of Unit 8200, the Israeli Intelligence Corps unit responsible for collecting signals intelligence.[9] The company's start-up funding came from a group of investors headed by Eddy Shalev, a partner in venture capital fund Genesis Partners. The group invested a total of $1.8 million dollars for a 30% stake.[15][2]

In 2012, the government of Mexico announced the signing of a $20 million contract with NSO.[2] In 2015, the company reportedly sold surveillance technology to the government of Panama. The contract became the subject of a Panamanian anti-corruption investigation following its disclosure in a leak of confidential information from Italian firm Hacking Team.[16]

In 2014, the American private equity firm Francisco Partners bought the company for $130 million.[17] It was reported in 2015 that Francisco was seeking to sell the company for up to $1 billion.[7] The company was officially put up for sale for more than $1 billion in June 2017, roughly ten times what Francisco originally paid in 2014.[5] At that time, NSO had almost 500 employees, up from around 50 in 2014.[5]

Citizen Lab researchers reported in October 2018 that they were being targeted by undercover operatives connected to NSO. An AP report on the incident could not find direct evidence connecting the operative surveillance of Citizen Lab’s researchers to NSO, and NSO has denied any involvement.[18][19]

In early February 2019, one of the operatives targeting Citizen Lab researchers was identified as Aharon Almog-Assouline, a "former Israeli security official living in the Tel Aviv suburb of Ramat Hasharon."[20][21]

On February 14, 2019, Francisco Partners sold a 60% majority stake of NSO back to co-founders Shalev Hulio and Omri Lavie, who were supported in the purchase by Novalpina Capital.[8] Hulio and Lavie invested $100 million, with Novalpina acquiring the remaining portion of the majority stake, thus valuing the company at approximately $1 billion.[22] The day after the acquisition, Novalpina attempted to address the concerns raised by Citizen Lab with a letter, stating their belief that NSO operates with sufficient integrity and caution.[23]

In April 2019, NSO froze its deals with Saudi Arabia over a scandal alleging NSO software's role in tracking slain journalist Jamal Khashoggi in the months before his death.[24]

In May 2019, messaging service WhatsApp alleged that a spyware injection exploit targeting its calling feature was developed by NSO.[25][26] Victims were exposed to the spyware payload even if they did not answer the call.[27] WhatsApp told the Financial Times that "the attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems."[28] NSO denied involvement in selecting or targeting victims, but did not explicitly deny creating the exploit.[26] In response to the alleged cyberattack, WhatsApp sued NSO under the Computer Fraud and Abuse Act (CFAA) and other US laws in a San Francisco court on October 29.[29] WhatsApp stated that the exploit targeted 1,400 users in 20 countries, including "at least 100 human-rights defenders, journalists and other members of civil society".[30][31][32]

NSO employees had complained to WhatsApp about improved security, according to the court filings by WhatsApp and its parent company Facebook: "On or about May 13, 2019, Facebook publicly announced that it had investigated and identified a vulnerability involving the WhatsApp Service (CVE-2019-3568). WhatsApp and Facebook closed the vulnerability, contacted law enforcement, and advised users to update the WhatsApp app. Defendants subsequently complained that WhatsApp had closed the vulnerability. Specifically, NSO Employee 1 stated, 'You just closed our biggest remote for cellular . . . It’s on the news all over the world.'"[33] WhatsApp has also alerted the 1,400 targeted users. At least in one case, the surveillance was authorized by a judge.[34]

Technologies

Pegasus spyware

Early versions of Pegasus were used to surveil the phone of Joaquín Guzmán, known as El Chapo. In 2011, Mexican president Felipe Calderón reportedly called NSO to thank the company for its role in Guzmán's capture.[35][36]

The Israeli Ministry of Defense licenses the export of Pegasus to foreign governments, but not to private entities.[37]

On August 25, 2016, Citizen Lab and Lookout revealed that software known as Pegasus, created by NSO, was being used to target human rights activist Ahmed Mansoor in the United Arab Emirates.[11] Mansoor informed Citizen Lab researchers Bill Marczak and John Scott-Railton that his iPhone 6 had been targeted on August 10, 2016, by means of a clickable link in an SMS text message.[9][38]

Analysis by Citizen Lab and Lookout discovered that the link downloaded software to exploit three previously unknown and unpatched zero-day vulnerabilities in iOS.[39][40] According to their analysis, the software can jailbreak an iPhone when a malicious URL is opened, a form of attack known as spear phishing. The software installs itself and collects all communications and locations of targeted iPhones, including communications sent through iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram and Skype. The software can also collect Wi-Fi passwords.[9] The researchers noticed that the software's code referenced an NSO Group product called "Pegasus" in leaked marketing materials.[6] Pegasus had previously come to light in a leak of records from Hacking Team, which indicated the software had been supplied to the government of Panama in 2015.[16] The researchers discovered that Mexican journalist Rafael Cabrera had also been targeted, and that the software could have been used in Israel, Turkey, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria, and Bahrain.[9]

Citizen Lab and Lookout notified Apple's security team, which patched the flaws within ten days and released an update for iOS.[41] A patch for macOS was released six days later.[42]

In 2017, Citizen Lab researchers revealed that NSO exploit links may have been sent to Mexican scientists and public health campaigners.[43] The targets supported measures to reduce childhood obesity, including Mexico's "Soda Tax."[44]

In July 2017, the international team assembled to investigate the 2014 Iguala mass kidnapping publicly complained they thought they were being surveilled by the Mexican government.[45] They stated that the Mexican government used Pegasus to send them messages about funeral homes containing links which, when clicked, allowed the government to surreptitiously listen to the investigators.[45] The Mexican government has repeatedly denied any unauthorized hacking.[45]

In June 2018, an Israeli court indicted a former employee of NSO Group for allegedly stealing a copy of Pegasus and attempting to sell it online for $50 million worth of cryptocurrency.[46]

In October 2018 Citizen Lab reported on the use of NSO software to spy on the inner circle of Jamal Khashoggi just before his murder. Citizen Lab's October report[47] stated, with high confidence, that NSO's Pegasus had been placed on the iPhone of Saudi dissident Omar Abdulaziz, one of Khashoggi’s confidantes, months before. Abdulaziz stated that the software revealed Khashoggi's "private criticisms of the Saudi royal family," which according to Abdulaziz "played a major role" in Kashoggi's death.[18] In December 2018, a New York Times investigation concluded that Pegasus software played a role in the Kashoggi's murder, with a friend of Khashoggi stating in a filing that Saudi authorities had used the Israeli-made software to spy on the dissident.[48] NSO CEO Shalev Hulio stated that the company had not been involved in the "terrible murder", but declined to comment on reports that he had personally traveled to the Saudi capital Riyadh for $55 million Pegasus sale.[14]

See also

References

  1. 1.0 1.1 Franceschi-Bicchierai, Lorenzo; Cox, Joseph (August 25, 2016). "Meet NSO Group, The New Big Player In The Government Spyware Business". https://motherboard.vice.com/read/nso-group-new-big-player-in-government-spyware. 
  2. 2.0 2.1 2.2 2.3 Hirschauge, Orr; Orpaz, Inbal (February 17, 2014). "U.S. Fund to Buy NSO and Its Smartphone-snooping Software". http://www.haaretz.com/israel-news/business/economy-finance/1.574805. Retrieved 2016-08-26. 
  3. Coppola, Gabrielle (September 29, 2014). "Israeli Entrepreneurs Play Both Sides of the Cyber Wars". https://www.bloomberg.com/news/2014-09-29/israeli-entrepreneurs-play-both-sides-of-the-cyber-wars.html. 
  4. Nicole Perlroth (February 11, 2017). "Spyware’s Odd Targets: Backers of Mexico’s Soda Tax". Arthur Ochs Sulzberger Jr.. https://www.nytimes.com/2017/02/11/technology/hack-mexico-soda-tax-advocates.html. 
  5. 5.0 5.1 5.2 5.3 Oneill, Patrick Howard (June 12, 2017). "Israeli hacking company NSO Group is on sale for more than $1 billion". Cyberscoop. https://www.cyberscoop.com/nso-group-for-sale-1-billion-pegasus-malware/. Retrieved June 18, 2017. 
  6. 6.0 6.1 Lee, Dave (August 26, 2016). "Who are the hackers who cracked the iPhone?". BBC News. https://www.bbc.co.uk/news/technology-37192670. Retrieved 2016-08-26. 
  7. 7.0 7.1 Stone, Mike; Roumeliotis, Greg (November 2, 2015). "Secretive cyber warfare firm NSO Group explores sale: sources". https://www.reuters.com/article/us-nsogroup-m-a-idUSKCN0SR2JF20151103. Retrieved 2016-08-26. 
  8. 8.0 8.1 Ziv, Amitai (February 14, 2019). "Israeli Cyberattack Firm NSO Bought Back by Founders at $1b Company Value". https://www.haaretz.com/israel-news/business/.premium-israeli-cyberattack-firm-nso-bought-back-by-founders-at-1b-company-value-1.6937457. Retrieved July 20, 2019. 
  9. 9.0 9.1 9.2 9.3 9.4 Fox-Brewster, Thomas (August 25, 2016). "Everything We Know About NSO Group: The Professional Spies Who Hacked iPhones With A Single Text". https://www.forbes.com/sites/thomasbrewster/2016/08/25/everything-we-know-about-nso-group-the-professional-spies-who-hacked-iphones-with-a-single-text. 
  10. "Activists and journalists in Mexico complain of government spying". Reuters. June 20, 2017. https://www.reuters.com/article/us-mexico-spyware-idUSKBN19A30Y. 
  11. 11.0 11.1 Franceschi-Bicchierai, Lorenzo (August 25, 2016). "Government Hackers Caught Using Unprecedented iPhone Spy Tool". https://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group. 
  12. "Who is spying on Indians? WhatsApp, Pegasus spyware maker, the government are caught in a blame game". Reuters. Dec 13, 2019. https://prime.economictimes.indiatimes.com/news/72498345/technology-and-startups/who-is-spying-on-indians-whatsapp-pegasus-spyware-maker-the-government-are-caught-in-a-blame-game. 
  13. "Israeli spyware allegedly used to target Pakistani officials' phones". Reuters. Dec 19, 2019. https://www.theguardian.com/world/2019/dec/19/israeli-spyware-allegedly-used-to-target-pakistani-officials-phones. 
  14. 14.0 14.1 Falconer, Rebecca (2019-03-24). "Israeli firm won't say if it sold Saudis spyware linked to Khashoggi killing" (in en). https://www.axios.com/hacking-firm-nso-saudi-sale-no-comment-khashoggi-b0d4f4d1-9218-4614-b1f1-03495f8be67f.html. 
  15. Fischer, Yisrael; Levi, Ruti (August 29, 2016). "The Israelis Behind History's 'Most Sophisticated Tracker Program' That Wormed Into Apple". http://www.haaretz.com/israel-news/business/.premium-1.738998. Retrieved 2016-09-01. 
  16. 16.0 16.1 Rodriguez, Rolando B.; Diaz, Juan Manuel (August 7, 2015). "Abren sumario en caso Hacking Team". La Prensa (Panama City). http://www.prensa.com/locales/Espiar-obsesion-Martinelli_0_4271572998.html. Retrieved 2016-08-25. 
  17. Yadron, Danny (August 1, 2014). "Can This Israeli Startup Hack Your Phone?". https://blogs.wsj.com/digits/2014/08/01/can-this-israeli-startup-hack-your-phone/. Retrieved 2016-08-25. 
  18. 18.0 18.1 Satter, Raphael (January 25, 2019). "APNewsBreak: Undercover agents target cybersecurity watchdog". The Seattle Times via AP News (New York). https://www.seattletimes.com/business/apnewsbreak-undercover-agents-target-cybersecurity-watchdog-2/.  Updated January 26
  19. According to Raphael Satter's January 25 article, Citizen Lab "has drawn attention for its repeated exposés of NSO Group", whose "wares have been used by governments to target journalists in Mexico, opposition figures in Panama and human rights activists in the Middle East".
  20. "Undercover spy exposed in NYC was one of many". The Times-Republican (London). February 11, 2019. https://www.timesrepublican.com/news/todays-news/2019/02/undercover-spy-exposed-in-nyc-was-one-of-many/. 
  21. Satter, Raphael (February 11, 2019). "Exposed Israeli spy linked to apparent effort by NSO Group to derail lawsuits". The Times of Israel (London). https://www.timesofisrael.com/exposed-israeli-spy-linked-to-apparent-effort-by-nso-group-to-derail-lawsuits/. 
  22. "Novalpina Capital and founders buy NSO at $1b co value" (in he). https://en.globes.co.il/en/article-novalpina-capital-and-founders-buy-nso-for-1b-1001273312. 
  23. "Novalpina Capital buys spyware co. NSO Group & commits to helping it become more transparent | Business & Human Rights Resource Centre" (in en). https://www.business-humanrights.org/en/novalpina-capital-buys-spyware-co-nso-group-commits-to-helping-it-become-more-transparent. 
  24. staff, T. O. I.. "Israeli spy tech firm linked to Khashoggi murder said to freeze Saudi deals". https://www.timesofisrael.com/israeli-spy-tech-firm-linked-to-khashoggi-murder-said-to-freeze-saudi-deals/. Retrieved July 20, 2019. 
  25. "WhatsApp voice calls used to inject Israeli spyware on phones". Financial Times. 2019-05-13. https://www.ft.com/content/4da1117e-756c-11e9-be7d-6d846537acab. 
  26. 26.0 26.1 Newman, Lily Hay (2019-05-14). "How Hackers Broke WhatsApp With Just a Phone Call". Wired. ISSN 1059-1028. https://www.wired.com/story/whatsapp-hack-phone-call-voip-buffer-overflow/. 
  27. Newman, Lily Hay. "How Hackers Broke WhatsApp With Just a Phone Call". Wired. ISSN 1059-1028. https://www.wired.com/story/whatsapp-hack-phone-call-voip-buffer-overflow/. Retrieved 2019-10-30. 
  28. Doffman, Zak. "WhatsApp Has Exposed Phones To Israeli Spyware -- Update Your Apps Now" (in en). https://www.forbes.com/sites/zakdoffman/2019/05/14/whatsapps-cybersecurity-breach-phones-hit-with-israeli-spyware-over-voice-calls/. 
  29. "WhatsApp sues Israeli firm NSO over cyberespionage". https://www.afp.com/en/news/717/whatsapp-sues-israeli-firm-nso-over-cyberespionage-doc-1lu56d1. Retrieved 2019-10-30. 
  30. Satter, Raphael; Culliford, Elizabeth (30 October 2019). "WhatsApp sues Israel's NSO for allegedly helping spies hack phones around the world". https://www.reuters.com/article/us-facebook-cyber-whatsapp-nsogroup-idUSKBN1X82BE. Retrieved 2019-10-30. 
  31. Bajak, Frank (29 October 2019). "Facebook sues Israeli company over WhatsApp spyware". https://apnews.com/a7ad0788b9e4498a878009d1a8c5a206. Retrieved 2019-10-30. 
  32. Cathcart, Will. "Why WhatsApp is pushing back on NSO Group hacking". https://www.washingtonpost.com/opinions/2019/10/29/why-whatsapp-is-pushing-back-nso-group-hacking/. Retrieved 2019-10-30. 
  33. Leblanc, Travis; Mornin, Joseph; Grooms, Daniel (October 29, 2019). "Facebook Inc. v. NSO Group Technologies Limited (3:19-cv-07123)". https://www.courtlistener.com/recap/gov.uscourts.cand.350613/gov.uscourts.cand.350613.1.0.pdf. Retrieved 2019-10-29. 
  34. "Police Tracked a Terror Suspect—Until His Phone Went Dark After a Facebook Warning". 2 January 2020. https://www.wsj.com/articles/police-tracked-a-terror-suspectuntil-his-phone-went-dark-after-a-facebook-warning-11577996973. Retrieved 2020-01-03. 
  35. Bergman, Ronen (January 10, 2019). "Exclusive: How Mexican drug baron El Chapo was brought down by technology made in Israel" (in en). Ynet. https://www.ynetnews.com/articles/0,7340,L-5444330,00.html. Retrieved May 15, 2019. 
  36. Bergman, Ronen (January 11, 2019). "Weaving a cyber web" (in en). https://www.ynetnews.com/articles/0,7340,L-5444998,00.html. Retrieved May 15, 2019. 
  37. "יש לנו מאזין על הקו". Calcalist. 2012-10-18. https://www.calcalist.co.il/local/articles/0,7340,L-3585117,00.html. 
  38. Peterson, Andrea (August 25, 2016). "This malware sold to governments could help them spy on iPhones, researchers say". https://www.washingtonpost.com/news/the-switch/wp/2016/08/25/this-malware-sold-to-governments-helped-them-spy-on-iphones/. Retrieved 2016-08-25. 
  39. Marczak, Bill; Scott-Railton, John (August 24, 2016). "The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender". https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/. 
  40. Technical Analysis of Pegasus Spyware (PDF) (Technical report). Lookout. August 25, 2016. Retrieved 2016-08-25.
  41. "About the security content of iOS 9.3.5". Apple Inc.. August 25, 2016. https://support.apple.com/en-us/HT207107. Retrieved 2016-08-25. 
  42. "About the security content of Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite". Apple Inc.. September 1, 2016. https://support.apple.com/en-us/HT207130. Retrieved 2016-09-01. 
  43. Scott-Railton, John; Marczak, Bill; Guarnieri, Claudio; Crete-Nishihata, Masashi (February 11, 2017). "Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links". https://citizenlab.org/2017/02/bittersweet-nso-mexico-spyware/. 
  44. "Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links" (in en-US). 2017-02-11. https://citizenlab.ca/2017/02/bittersweet-nso-mexico-spyware/. 
  45. 45.0 45.1 45.2 Ahmed, Azam (2017-07-10). "Spyware in Mexico Targeted Investigators Seeking Students" (in en-US). The New York Times. ISSN 0362-4331. https://www.nytimes.com/2017/07/10/world/americas/mexico-missing-students-pegasus-spyware.html. 
  46. Steinberg, Joseph (2018-07-09). "Rogue CyberSecurity Company Employee Tried To Sell Powerful, Stolen iPhone Malware For $50-Million" (in en-US). https://josephsteinberg.com/rogue-cybersecurity-company-employee-tried-to-sell-powerful-stolen-iphone-malware-for-50-million/. 
  47. "The Kingdom Came to Canada - How Saudi-Linked Digital Espionage Reached Canadian Soil". The Citizen Lab (Toronto). October 1, 2018. https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/. 
  48. "Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says" (in en). https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html?action=click&module=Top%20Stories&pgtype=Homepage. 

External links