|Shalev Hulio (CEO)|
NSO Group Technologies is an Israeli technology firm focused on cyber intelligence. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. It is reported to employ around 500 people and is based in Herzliya near Tel Aviv.
Annual revenues were said to be around $40 million in 2013 and $150 million in 2015. In June 2017, the company was put for sale for $1 billion by its owner Francisco Partners Management, and it was sold to its own management in 2019.
According to the company, it provides "authorized governments with technology that helps them combat terror and crime". Electronic Frontier Foundation and Citizen Lab, a digital rights group and a human rights group respectively, claimed, and proved with the help of Lookout Security, that software created by NSO Group was used in targeted attacks against human rights activists and journalists in several countries.
Its former chairman of the board of directors was retired general Avigdor Ben-Gal, previously head of Israel Aircraft Industries in the 1990s. The founders are said to be ex-members of Unit 8200, the Israeli Intelligence Corps unit responsible for collecting signals intelligence. The company's start-up funding came from a group of investors headed by Eddy Shalev, a partner in the venture capital fund Genesis Partners. The group invested a total of $1.8 million dollars for 30% of the company's shares.
In 2012, the government of Mexico said that it had signed a $20 million contract with NSO Group. In 2015 the company reportedly sold surveillance technology to the government of Panama. The contract became the subject of a Panamanian anti-corruption investigation following its disclosure in a leak of confidential information from the Italian firm Hacking Team.
In 2014, the American private equity firm Francisco Partners bought the company for $130 million. It was reported in 2015 to be seeking to sell the company for up to $1 billion. The company was reported for sale (June 2017) for $1 billion by its owner Francisco Partners Management. The owner was seeking about ten times what it originally paid in 2014; about $120 million.
Hulio, Lavie, and Avi Rozen founded Kaymera, a mobile security company, as a counterpart to the NSO Group. Kaymera is located in Herzliya Pituah, in the same building as NSO. Early in April 2019, NSO froze its deals with Saudi Arabia over a scandal that Pegasus was allegedly used in tracking slain journalist, Jamal Khashoggi.
Use as a spy program
On August 25, 2016, Citizen Lab and Lookout revealed that software known as Pegasus, created by the company, was being used to target human rights activist Ahmed Mansoor in the United Arab Emirates. Mansoor is an internationally recognized human rights activist and 2015 Martin Ennals Award Laureate. He informed Citizen Lab researchers Bill Marczak and John Scott-Railton that his iPhone 6 had been targeted on August 10, 2016, by means of a clickable link in an SMS text message.
Analysis by Citizen Lab and Lookout discovered that the link downloaded software that exploited three previously unknown and unpatched zero-day vulnerabilities in the iPhone's operating system iOS. According to their analysis, the software can silently jailbreak an iPhone when the phone owner, through spear phishing, is sent and opens a specific URL. After a user opens this link, the software installs on the phone, collecting all communications and locations of the targeted iPhones including iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram and Skype communications. The software can also collect Wi-Fi passwords. The researchers noticed that the software's code referenced an NSO Group product called 'Pegasus' in leaked marketing materials. Pegasus had previously come to light in a leak of records from the Italian company Hacking Team, when it was said to have been supplied to the government of Panama. The researchers claim that a Mexican journalist, Rafael Cabrera, had also been targeted and they think that the software could have been used in Israel, Turkey, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria, and Bahrain.
In 2017, the Citizen Lab researchers revealed that NSO exploit links may have been sent to Mexican scientists and public health campaigners. The targets supported measures to reduce childhood obesity, including Mexico's "Soda Tax."
In July 2017, the international team assembled to investigate the 2014 Iguala mass kidnapping publicly complained they thought they were being surveilled by the Mexican government. They claim that the Mexican government utilized Pegasus to send them messages about funeral homes that contained links which, when clicked, granted the government the ability to surreptitiously listen to the investigators. The Mexican government has repeatedly denied any unauthorized hacking.
In June 2018, an Israeli court indicted a former employee of NSO Group for allegedly stealing a copy of Pegasus and attempting to sell it online for $50 million worth of cryptocurrency.
In December 2018, a New York Times investigation concluded that Pegasus software played a role in the murder of Jamal Khashoggi. A friend of Khashoggi claimed in a filing that Saudi authorities had used the Israeli-made software to spy on the dissident.
Undercover agents target Citizen Lab
According to a report by AP News journalist Raphael Satter, Citizen Lab researchers who reported in October 2018, that Israeli NSO Group surveillance software was used to spy on the "inner circle" of Jamal Khashoggi just before his murder, "are being targeted in turn by international undercover operatives." Citizen Lab October report revealed that NSO's "signature spy software" which had been placed on the iPhone of Saudi dissident Omar Abdulaziz, one of Khashoggi’s confidantes, months before. Abdulaziz said that Saudi Arabia spies used the hacking software to reveal Khashoggi's "private criticisms of the Saudi royal family". He said this "played a major role" in his death.
- Franceschi-Bicchierai, Lorenzo; Cox, Joseph (August 25, 2016). "Meet NSO Group, The New Big Player In The Government Spyware Business". VICE Magazine. Retrieved August 25, 2016.
- Hirschauge, Orr; Orpaz, Inbal (February 17, 2014). "U.S. Fund to Buy NSO and Its Smartphone-snooping Software". Retrieved August 26, 2016.
- Coppola, Gabrielle (September 29, 2014). "Israeli Entrepreneurs Play Both Sides of the Cyber Wars". Bloomberg News. Retrieved August 25, 2016.
- Nicole Perlroth (February 11, 2017). "Spyware's Odd Targets: Backers of Mexico's Soda Tax". The New York Times. Arthur Ochs Sulzberger Jr. Retrieved February 13, 2017.
- Oneill, Patrick Howard (June 12, 2017). "Israeli hacking company NSO Group is on sale for more than $1 billion". Cyberscoop. Retrieved June 18, 2017.
- Lee, Dave (August 26, 2016). "Who are the hackers who cracked the iPhone?". BBC News. Retrieved August 26, 2016.
- Stone, Mike; Roumeliotis, Greg (November 2, 2015). "Secretive cyber warfare firm NSO Group explores sale: sources". Reuters. Retrieved August 26, 2016.
- Fox-Brewster, Thomas (August 25, 2016). "Everything We Know About NSO Group: The Professional Spies Who Hacked iPhones With A Single Text". Forbes. Retrieved August 25, 2016.
- "Activists and journalists in Mexico complain of government spying". Reuters. June 20, 2017. Retrieved June 20, 2017.
- Fischer, Yisrael; Levi, Ruti (August 29, 2016). "The Israelis Behind History's 'Most Sophisticated Tracker Program' That Wormed Into Apple". Retrieved September 1, 2016.
- Rodriguez, Rolando B.; Diaz, Juan Manuel (August 7, 2015). "Abren sumario en caso Hacking Team". La Prensa (Panama City). Retrieved August 25, 2016.
- Yadron, Danny (August 1, 2014). "Can This Israeli Startup Hack Your Phone?". The Wall Street Journal. Retrieved August 25, 2016.
- "The Israelis Behind History's 'Most Sophisticated Tracker Program' That Wormed Into Apple". Haaretz. August 28, 2016.
- Franceschi-Bicchierai, Lorenzo (August 25, 2016). "Government Hackers Caught Using Unprecedented iPhone Spy Tool". VICE Magazine. Retrieved August 25, 2016.
- Peterson, Andrea (August 25, 2016). "This malware sold to governments could help them spy on iPhones, researchers say". The Washington Post. Retrieved August 25, 2016.
- Marczak, Bill; Scott-Railton, John (August 24, 2016). "The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender". Citizen Lab. Retrieved March 25, 2017.
- Technical Analysis of Pegasus Spyware (PDF) (Technical report). Lookout. August 25, 2016. Retrieved August 25, 2016.
- "About the security content of iOS 9.3.5". Apple Inc. August 25, 2016. Retrieved August 25, 2016.
- "About the security content of Security Update 2016-001 El Capitan and Security Update 2016-005 Yosemite". Apple Inc. September 1, 2016. Retrieved September 1, 2016.
- Scott-Railton, John; Marczak, Bill; Guarnieri, Claudio; Crete-Nishihata, Masashi (February 11, 2017). "Bitter Sweet: Supporters of Mexico's Soda Tax Targeted With NSO Exploit Links". Citizen Lab. Retrieved March 25, 2017.
- Ahmed, Azam (July 10, 2017). "Spyware in Mexico Targeted Investigators Seeking Students". The New York Times. ISSN 0362-4331. Retrieved July 13, 2017.
- Steinberg, Joseph (July 9, 2018). "Rogue CyberSecurity Company Employee Tried To Sell Powerful, Stolen iPhone Malware For $50-Million". Retrieved July 10, 2018.
- "Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says". Retrieved December 3, 2018.
- Bergman, Ronen (January 10, 2019). "Exclusive: How Mexican drug baron El Chapo was brought down by technology made in Israel". Ynetnews. Ynet. Retrieved May 15, 2019.
- Bergman, Ronen (January 11, 2019). "Weaving a cyber web". Ynetnews. Retrieved May 15, 2019.
- Satter, Raphael (January 25, 2019). "APNewsBreak: Undercover agents target cybersecurity watchdog". The Seattle Times via AP News. New York. Retrieved January 26, 2019. Updated January 26
- According to Raphael Satter's January 25 article, Citizen Lab "has drawn attention for its repeated exposés of NSO Group", whose "wares have been used by governments to target journalists in Mexico , opposition figures in Panama and human rights activists in the Middle East".