Established in 2010, NSO Group is one of the largest Israeli hi-tech companies, specializing in spying, with annual revenue of $243m in 2020, according to the company.NSO Is Having a Bad Year – and It’s Showing
NSO Group employed almost 500 people as of 2017 and is based in Herzliya, Israel. The founders are Niv Carmi (N) Shalev Hulio (S) and Omri Lavie (O). Carmi feft the company one month after its inception.
The company is the world leader in a niche market: providing states with “off the shelf” cyber capabilities that allow them to compete with the National Security Agency (NSA) in the US and the UK’s GCHQ.
According to several reports, NSO Group spyware has been used to target human rights activists and journalists in various countries and was used for state espionage.
In November 2021 the US blacklisted the NSO Group, saying the company knowingly supplied spyware that has been used by foreign governments to “maliciously target” the phones of dissidents, human rights activists, journalists and others. The firm, and another Israeli company, Candiru, acted “contrary to the national security or foreign policy interests of the United States,” the Commerce Department said, a striking accusation against a business that operates under the direct supervision of the Israeli government.U.S. Blacklists Israeli Firm NSO Group Over Spyware
The Pegasus Project
An investigation by 17 news organisations into more than 50,000 numbers was published by the Paris-based journalism nonprofit Forbidden Stories and Amnesty International. It found that more than 1,000 individuals across 50 countries were allegedly selected by NSO clients for potential surveillance since 2016. Forbidden Stories : Pegasus Project
That list includes 189 journalists, more than 600 politicians and government officials, and several heads of state, including France’s Emmanuel Macron, South African President Cyril Ramaphosa and Pakistan Prime Minister Imran Khan.France’s Macron among potential Pegasus spyware targets: Report The media consortium reports said most of Pegasus’s clients were clustered in 10 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates. Forbidden Stories : Pegasus Project
Subsidiaries / Acquisitions / Funding
The private equity firm Francisco Partners purchased NSO Group for $120 million in 2014. NSO has close partnerships with a variety of other Israeli surveillance firms as they seek to spread their spy kit across the world. These include among others Ability Inc. Another Israeli company that made headlines for hacking iPhones, Cellebrite, has also been in communication with NSO, though they operate at different levels of police investigations.
In 2019, the company was acquired by its founders and management, with the support of the European private equity firm Novalpina Capital. Q cyber, an NSO affiliate, holds 63% of issued ordinary shares.UK financier loses latest round in fight over future of NSO Group
The company owns the counter-drone company Convexum.
The offensive cyber company Circles Technologies possess close business ties to NSO Group, and according to multiple reports is even under its control or under that of NSO’s founders.Report reveals which countries are using Circles Technologies’ invasive spyware According to a report by Forensic News, documents from Cyprus, where Circles was registered attest that the company was acquired by NSO in 2014 through a Luxembourg-registered subsidiary.Report reveals which countries are using Circles Technologies’ invasive spyware
In 2021, Amnesty International, Privacy International and the centre for Research on Multinational Corporations (SOMO) published this report about NSO’s corporate structure.
In February 2023 it was published that 22 of 26 of the employees of the new Israeli cyber intelligence company Bold are former NSO Group employees. Also Bold’s president and vice presidents were former senior directors at NSO.Former NSO senior directors run a new cyber start up Former NSO cyber experts reunite in new startup Bold, backed by Israeli businessman Shlomi Fogel
Pegasus is a spyware that can infiltrate a mobile phone and harvest personal and location data, and can control the phone’s microphones and cameras without the user’s knowledge or permission. Some of the information Pegasus has access to includes photos, web searches, passwords, call logs, communications and social media posts.
Researchers have found several examples of NSO Group sophisticated tools using so-called “zero click” exploits that infect targeted mobile phones without any user interaction. This means that a successful spyware attack on a phone needs just an operating system installed or a particular vulnerable app.
An investigation by Citizen Lab in 2018 revealed that NSO Group spying technology was allegedly used in at least six countries with a history of tracking human rights activists: Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.HIDE AND SEEK Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
According to the investigation, in 2016, dozens of Mexican lawyers, journalists and human rights defenders were targeted by the Mexican government using NSO’s Pegasus spyware. During the same year, Pegasus spyware was used to target the UAE activist Ahmad Mansour. The Israeli Defense Export Control Agency (DECA) authorized three deals in the UAE, for the total amount of $80 million.Weaving a cyber web
It has been reported that the company also provided the Saudi government with the spyware to spy on the journalist Jamal Khashoggi before his murder.NSO Group allegedly provided software to Saudi Govt. to spy on Khashoggi; Citizen Lab who reported it in turn targeted by undercover agents An associate of Khashoggi filed a suit against the company in an Israeli court, asking to issue an order prohibiting the company from selling its spyware, and halt its installation in Saudi Arabia. The plaintiff has also demanded NIS 600,000 in damages.Saudi friend of slain journalist sues NSO in Israeli court Amnesty International uncovered targeted digital attacks using Pegasus against two Moroccan human rights defenders.Morocco: Human Rights Defenders Targeted with NSO Group’s Spyware In October 2019, the company was sued by Facebook, which claimed that the company attempted to hack 1,400 “target devices” and steal information from human rights activists, journalists and others using the WhatsApp app.Facebook sues Israeli co NSO for allegedly hacking WhatsApp In the lawsuit, WhatsApp claims that servers controlled by NSO rather than government clients were an integral part of the way the hacks were executed.WhatsApp: Israeli firm ‘deeply involved’ in hacking our users
Amnesty International published a list of targets of NSO Group’s Spyware, including journalists, activists and politicians. See here: report.
You can find more information about NSO Group and Pegasus in the project “Digital Violence” by Forensic Architecture, CitizenLab and Amnesty International.
According to an investigation by Forbidden Stories, published in July 2021, at least 180 journalists around the world have been selected as targets by clients of the company.
Forbidden Stories and Amnesty International had access to a leak of more than 50,000 records of phone numbers that NSO clients selected for surveillance. According to an analysis of these records by Forbidden Stories and its partners, the phones of at least 180 journalists were selected in 20 countries by at least 10 NSO clients. These government clients range from autocratic (Bahrain, Morocco and Saudi Arabia) to democratic (India and Mexico) and span the entire world, from Hungary and Azerbaijan in Europe to Togo and Rwanda in Africa.PEGASUS: THE NEW GLOBAL WEAPON FOR SILENCING JOURNALISTS
In December 2021 Citizen Lab reported that Poland used NSO’s Pegasus software to spy on polish political opponents, among them senators.Polish use of NSO spyware against gov’t opponents is ‘tip of the iceberg’ — expert
In January 2022 CitizenLab confirmed 35 cases of journalists and members of civil society in El-Salvador, whose phones were successfully infected with NSO’s Pegasus spyware between July 2020 and November 2021.Project Torogoz Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware
In January 2022 AccessNow and Front Line Defenders revealed the hacking of two women human rights defenders from Bahrain and Jordan using NSO Group’s spyware Pegasus.Unsafe anywhere: women human rights defenders speak out about Pegasus attacks
Usage by Israeli Forces
In November 2021 it was reported by international organizations that Spyware by NSO Group has been used to monitor the cellphones of six Palestinian activists and human rights workers. Four of the infected phones have Israeli numbers, and their owners are East Jerusalem residents with Israeli identity cards. This is the first time Pegasus software has been found on a cellphone with an Israeli number.NSO Spyware Used Against Palestinian Activists From NGOs Israel Outlawed, Report Says
In January 2022 the Israeli newspaper Calcalist exposed that Israel police used NSO’s Pegasus spyware sind 2013 to remotely hack phones of Israeli citizens, control them and extract information from them, Calcalist has revealed. Among those who had their phones broken into by police are mayors, leaders of political protests against former Prime Minister Benjamin Netanyahu, former governmental employees, and a person close to a senior politician. Calcalist learned that the hacking wasn’t done under court supervision, and police didn’t request a search or bugging warrant to conduct the surveillance. There is also no supervision on the data being collected, the way police use it, and how it distributes it to other investigative agencies, like the Israel Securities Authority and the Tax Authority.Israel police uses NSO’s Pegasus to spy on citizens
The Israeli Police first acquired Pegasus from NSO in December 2013 during the tenureship of Yohanan Danino as General Commissioner of Israel Police. The system became operational under his successor Roni Alsheikh, who was appointed as General Commissioner in December 2015 after serving as the deputy head of Shin Bet. Alsheikh was among those who pushed to increase the usage of the spyware, which cost police tens of millions of shekels down the years when calculating its purchase, maintenance, and ongoing usage. The person who negotiated with police on behalf of NSO was then CEO Eran Gorev, who was the representative of investment firm Francisco Partners, which owned NSO at the time.Israel police uses NSO’s Pegasus to spy on citizens
Fleming – Profiteering from the Covid-19 Crisis
In March 2020, Bloomberg reported that NSO developed a new product, named “Fleming”, that has the ability to analyze huge volumes of data to map people’s movements.Israeli Spyware Firm Wants to Track Data to Stop Coronavirus Spreading The tool tracks citizens by assigning them random IDs, which the government can de-anonymize at any given moment. According to media reports, the product was being piloted in a dozen countries.We Saw NSO’s Covid-19 Software in Action, and Privacy Experts Are Worried
A report by Forensic Architecture published in December 2020 reported on a database collected by NSO’s Fleming program that was found unprotected online. It contained more than five hundred thousand datapoints for approximately 32,000 distinct mobile phones. This database was used as a marketing tool to market the system to countries around the world. The mobile phones tracked were those of citizens in Israel, UAE, Bahrain, Saudi Arabia and Rwanda – all countries with ongoing contractual relationships with NSO Group.Forensic Architecture – NSO Group’s Breach of Private Data with Fleming
The Israeli-Military Connection
Shalev Hulio, a co-founder of NSO, served as “a Major in the Israeli army’s Search and Rescue unit and continues to serve in the army reserve and has been involved in a number of search and rescue operations in both Israel and abroad”.Archived – Board of Directors from Official Website of NSO Group
Senior advisor Daniel Reisner served as the head of the Israeli army’s International Law Department and was responsible for advising the Israeli leadership on “Israeli-Palestinian relations” and “counter-terrorism operations.”Archived – Board of Directors from Official Website of NSO Group
Buky Carmeli, another senior advisor, is the former head of Israeli Ministry of Defense (IMOD) Cyber Defense division.Archived – Board of Directors from Official Website of NSO Group
Nearly every member of NSO’s research team is a veteran of the intelligence services; most of them served with AMAN, the Israeli Military Intelligence Directorate, the largest agency in the Israeli espionage community — and many of them in AMAN’s Unit 8200. The company’s most valuable employees are all graduates of elite training courses, including a secretive and prestigious Unit 8200 program called ARAM that accepts only a handful of the most brilliant recruits and trains them in the most advanced methods of cyberweapons programming.New York Times: Emirati Surveillance Firm Poached NSO Employees Israeli intelligence veterans’ letter to Netanyahu and military chiefs – in full PEGASUS: THE NEW GLOBAL WEAPON FOR SILENCING JOURNALISTS