Originally appeared at Zero Hedge
A seven-year-old Israeli firm founded by three veterans of Israel’s military intelligence unit is raking in millions selling CIA-tier hacking software to governments around the world. With over 200 employees, a sales arm in Bethesda, Maryland, and a long list of clients identified by watchdogs which have dubious civil rights records, the NSO Group – owned by U.S.-based Francisco Partners, charges $500,000 plus $65K per phone to completely hack and infiltrate a device with their flagship “Pegasus” software suite.
Omar Lavie, co-founder of NSO group
Housed in an office complex in the northern Tel Aviv district of Herzelia, the NSO Group has created the world’s most invasive mobile spy kit responsible for some of the most aggressive attacks in the world of espionage. From Mexico’s misuse of NSO’s software, to the UAE targeting dissidents, to the ex-President of Panama using Pegasus to spy on his enemies, researchers at Canada’s Citizen Lab have uncovered dozens of instances of inappropriate hacking.
The Pegasus software suite uses similar techniques to the CIA for hacking an iPhone, according to Forbes:
Of the similarities between NSO Group and the CIA techniques, the researcher said: “They both use the same vulnerability, but implementation differs a bit.” NSO Group had not responded to a request for comment. It’s entirely possible the CIA used the same technique without going through NSO. -Forbes
The software works by luring people to websites in SMS text messages, where the Pegasus malware package is surreptitiously installed on the device to take advantage of a “zero-day” exploit. As Fast Company explains “anything you can do on the phone, Pegasus can do on your phone,” says John Scott-Railton, a senior researcher at Citizen Lab, which released its initial findings on the spyware in August 2016. “Turning on the camera and watching somebody in the room, turning on the microphone and listening to somebody: It can even do some things that you can’t, like put files on the phone and take files off, to manipulate data on the phone.”
One of the suspicious SMS messages Mexican citizens received from the NSO Group software, Photo: Citizen Lab.
The software can even foil encryption – intercepting messages and calls either before or after they are encrypted. Moreover, Pegasus can delete itself, foiling forensic researchers who have called it “the most sophisticated commercial spyware yet to be made public.”
And if it can do all that, perhaps, just perhaps, it can also camouflage itself as a Russian hacker and penetrate John Podesta’s email system.
Apple and Google have issued security patches to eliminate the “zero-day” exploit used by the NSO (and the CIA) to gain access, however many Android devices have not yet received recent security updates. On top of that, according to Fast Company, “Since Pegasus was first deployed, at least three years ago, security researchers says it’s likely that NSO and other cyberarms makers have developed even more sophisticated techniques.”
Installs of an Android version of Pegasus, as found by Google and Lookout, via Fast Company
In June, Citizen Lab released a report with the New York Times which detailed an extensive effort by the Mexican government to use Pegasus spyware on journalists, human-rights activists, lawyers and others looking into corruption, murders, and even the disappearance of dozens of college students – paying NSO Group $80 million for the software. The Pegasus malware had even been used against scientists and public health advocates trying to battle childhood obesity, such as Mexico’s “Soda Tax.”
While NSO said that it only sells to “authorized” government customers, a huge potential for misuse of the system reportedly ended up killing a $400 million deal by Blackstone Group to acquire part of NSO group from Francisco Partners, after Citizen Lab and other human rights groups told Blackstone that NSO could not prevent customers from misusing the spying tool – pointing to over 20 documented cases of reckless misuse.
“We would expect such a track record to trigger exceptional due diligence by an American company, and we asked Blackstone if they had done so,” says Scott-Railton of Citizen Lab. “We also asked what oversight Blackstone proposed to implement to prevent future misuse, if the purchase had gone through.”
The protest letter Citizen Lab sent to Blackstone regarding its possible stake in NSO, Photo: Citizen Lab.
Former Panama president Ricardo Martinelli was also caught using NSO’s Pegasus to hack citizens’ smartphones, which the government of Panama has opened an investigation into. Martinelli was reportedly running a personal NSO deployment out of a secret office, in order to spy on opponents, including Americans.
“What my colleagues and I say informally is, there is the principle of misuse, where it’s only a matter of time if you sell this kind of software to a government that doesn’t have very rigorous rules in place before it gets misused,” adds senior researcher at Citizen Lab, Scott-Railton. “It’s clear that the industry that sells the commercial spyware to governments is not wired to take that very basic fact into account and mitigate it.”
NSO claims every client is fully vetted, however, pointing to Israel’s export laws which require the Israeli government body SIBAT to promote and review all weapons exports. NSO also says they have an “ethics committee” that reviews every deal before it’s executed, according to a NSO executive who spoke with The Marker.
Citizen Lab’s Scott-Railton disagrees – insisting that companies like NSO need to institute a more stringent vetting process, and pointing to egregious abuse uncovered by Mexico, the United Arab Emirates and Panama.
NSO has a U.S. sales arm in Bethesda, Maryland called WestBridge Technologies, which bills itself as a seller of “top-of-the-line technologies to various government agencies in North America, particularly in the U.S.,” according to its LinkedIn profile. Sometime before January, 2015, WestBridge met with U.S. Drug Enforcement Administration (DEA) officials to discuss implementing its software, reported Motherboard, which received leaked emails regarding the meeting. While we don’t know the outcome of the meeting, and NSO’s offices have been mum on the deal, the strong possibility exists that the DEA has been using NSO software for several years.
In an interesting “small-world” coincidence, financial disclosure forms reveal that former Trump advisor and short-lived National Security Advisor Lieutenant General Michael Flynn is connected to the NSO group, earning $40,280 from May 2016 through January 2016 on an advisory board of an NSO Group offshoot, OSY Technologies based in Luxembourg. Flynn also worked for NSO Group parent company Francisco Partners, earning “less than $100,000” according to the New York Times.
When asked by Reuters about reports of NSO software being abused, NSO co-founder Omar Lavie – who is launching a new startup named, Orchestra, with a mission to ironically-enough protect phones from cyberattacks, said “I think people believe that NSO is a company that does good. [Security experts] understand the value that this company has generated for the world. I am extremely proud of NSO.”
The world is truly full of sick fucks willing to make the world an even more screwed up place, just to make a quick buck. We like to think that Hitler, Stalin and Mao were evil individuals, well, people like Lavie are the ones who are willing to enable that evil. And without enablers evil people would never have been able to do what they did.
Use the good old Nokia 3310. Good product, good quality and made in Sweden. Indestructible. XD.
Here in Mexico indeed the massive hacking of phones is a common practice. Here exists an oligarchy and a government of traitors, there’s no other way they find to keep themselves in their positions. As some other commentary points out, they can do it because they receive technology from outside, since the oligarchs and traitors lack the intelligence to develop anything, as always. Anyone anywhere can notice that the US technological firms are 100% partners in this, they just set the flaws and then ‘play dumb’.
░░░░░░░░░░░░░░▄▄▀▀██▀▄▄▒ ░░░░░░░░░░░░▄▀░▄▀▀░░░▒▒▀▀▄ ░░░░░░░░░░░▐░▄▀░░░░░░░░░░░█ ░░░░░░░░░░░▌▌▒▒▒▒░░░░░░░░░░█ ░░░░░░▄▄▄░▐▒▒▒▒▒▒░░▒▄▄▄▄░▄░░▌ ░░░░▄▀░▄░▐▐▒▒▒▒▒░░░▀░░░░▀░▄▀▐ ░░░█░▌░░▌░▐▐▀▄▒▒░░░▒▌██▐░░▌▄▐ ░░▐░▐░░░▐░▌▐▐░▒░░░░░░▀▀░░░░░▀▌ ░░▌░▌░░░░▌▐▄▀░▒▒▒░░░░░░░▄▀▄░░▐ ░▐▐░▌░░░░▐▐░▌▒▒▒▒▒▒▒▒▒▒█▄▄▄░░░▌ ░▌░░▌▌░░░░▌░▐▒▒▒▒▒▒▄▄▄▄▄▄▄▄▀▄▄▀ ░▐░░▌▌░░░░▐░░▌▒▒▒▒▒▄▀█▄▄▄▄▀ ░▌▌░▌▌░░░░░▌░▐▒▒▒▒▒▒▀▄▀▀▀▄ ▐░░░▐▐░░░░░▐▐░▌▒▒▒▒▒▒▒▀▀░▄▀█ ▌▌░░░▌▌░░░░░█▐░▌▒▒▒▒▒▒▒▄▀░▄▐▄▄ ▌░░░░▐▐░░░░░░▀░▐▒▒▒▒▒▄▀░░░▀▀▄▀▌ ░░░░░░▌░░░░░▄▀█▄█▄▀▀░▀▄░░░░▀░▀▐ ░░░░░░▐░░░░░░░▌░░░░░░▐▐░▀▄▀▄▀▄▀ ░░░░░░░█░░░░░▐░░░▌░░░█▀▀▄▀▄▀▄▀ ░░░░░░░░▀▄░░▄▄▄▀▐▄▄▀▀ ░░░░░░░░░░▀▄▄▄▄▄▀
WHY are so many of those active and ex-nationals police military, intelligence operatives, all shaving their heads? Maybe they want to look like circumcised Peter’s or electelectric dildos, and they seem to do it for their male compadres and awe their he/she customers. That this firm is selling spyware to gov, that will of course not abuse it¿¿¿¿¿, does not mean they are bad guys, just doing a job to make lots of money is all. Recent exposures that Micro soft operating ware has spyware installed and is in use in all major Brand notebooks, phones, laptop and home desktops, HP, Lenovo, DELL and others, that allows GOogle and other Search to enter units even when supposedly turned off and track everywhere users went, so forget privacy. Today’s software and hardware producers are not seperat E from Governments , many combat and skill games receive financing, and in war game one will be playing against gov and company experts, that monitor players for intel. US today is fully integrated into police State surveillance system, but as yet gov lacks enough manpower to close the doors fully upon those they deem subversive. That is the why of all providers are in partnerships as “private” sick sick sick, partnerships. It is the less technologicly advanced police state, and it’s people’s that buy this spyware today. Do not be alarmed folks as if this is Iraeli, Asian, or US, they who sell have backdoors into those sovereign nations systems. In the digital spy warfare there is no trusting anyone, or any nations. So shut up and play selfie games , and wear plastic gloves if you eat Cheetos while watching sex sites. Otherwise your doc may think it is diseased and wanna cut it off. Just think of money from hits on your U-tube if you film operaton.