Israeli spyware maker NSO Group Ltd. was in the limelight Tuesday after its software was suspected of being used in hacking the phones of human rights activists through WhatsApp. It’s not the company’s first brush with controversy.
Human rights groups and researchers have raised alarms for years about NSO Group, which makes mobile device surveillance software that ostensibly helps governments combat “terror and crime.” Activists, however, say governments misuse NSO’s products to target human rights defenders, journalists and critics.
The Financial Times reported that a vulnerability in the WhatsApp chat app allowed attackers to install surveillance software, developed by NSO, on iPhones and Android devices by calling specific targets through the app. One of those targeted was a U.K.-based human rights lawyer, according to the paper.
NSO says its technology helps government intelligence and law enforcement agencies thwart major terrorist attacks, bring home abducted children and stop pedophiles and other criminals. But U.S. whistleblower Edward Snowden last fall accused the company of helping Saudi Arabia track and kill government critic Jamal Khashoggi.
Internet security think tank Citizen Lab said last year it had identified 45 countries where NSO’s spyware, including flagship product Pegasus, was being used to conduct surveillance operations. The spyware can tap into a phone’s microphone and camera, view email and messages and collect location data on the user.
“Our findings paint a bleak picture of the human rights risks of NSO’s global proliferation,” according to the report. Citizen Lab said the software is being used by countries with “dubious human rights records and histories of abusive behavior by state security services.”
Amnesty International and other human rights groups have sought to block the widespread use of NSO’s technology and filed a petition at an Israeli district court Monday to demand the Ministry of Defense revoke its export license.
At the conference last fall, Snowden cited Citizen Lab, saying the Pegasus software had been installed on the phone of another Saudi dissident who was in contact with Khashoggi. That in turn could have helped the Saudis track Khashoggi, Snowden said.
In an interview, Chief Executive Officer Shalev Hulio categorically denied that NSO software was used to target Khashoggi and said that the software was used to foil several very big terror attacks in Europe — car bombs and suicide bombers. He didn’t elaborate.
WhatsApp said it believes the attacks have the hallmarks of a “private company” that works with governments to deliver spyware, but didn’t name NSO Group or its Pegasus software.
“Even though the link between this most recent attack and NSO Group has not yet been confirmed, the story raises the stakes of discussions between civil society groups and NSO’s international investors, as well as the government licensing that allows the company to continue down its dangerous path,” AccessNow, a digital rights advocacy group, said in a statement.
Founded in 2010, NSO had operated largely in the dark for several years until 2016 when Citizen Lab also exposed the use of Pegasus to target Ahmed Mansoor, a UAE-based human rights defender. NSO says it works under an elaborate set of checks and balances. Its export license is specific to a given customer and the vetting process is tedious, according to the company.
NSO needs a Ministry of Defense license in order to meet with potential clients who must be approved by a business ethics committee. Each license must receive specific government approval and every 12 months each contract is re-examined by the business ethics team before it’s renewed. The company says all credible allegations of misuse of the product are investigated and in three instances, NSO has shut down its product as a result.
NSO, which has dozens of licensed customers, is reportedly valued at almost $1 billion after the company’s founders and executives, along with Novalpina Capital, bought the company from Francisco Partners in February.
WhatsApp encouraged users to update the app after it rolled out the fix to its servers last week, adding that only a handful of users appeared to have been targeted.