These have included reporter Javier Valdez, who was shot dead by a cartel in Mexico. Pegasus was then used to target his family and colleagues. Amnesty International have been targetted too, and they are one of several outfits suing NSO Group for its abuses.
NSO’s system has also been indirectly implicated in the death of exiled Saudi columnist, Jamal Khashoggi – who was so brutally murdered by a Saudi royal death squad in Turkey in 2018. Pegasus was used to intercept phone calls between him and some of his associates.
NSO has long unconvincingly claimed that it has no control over how its clients operate the software systems it sells.
Facebook is one of the companies suing NSO Group for hacking users of WhatsApp – the popular messaging app owned by the social media giant.
The app was the primary attack vector for Pegasus – in other words, a now-patched security flaw in WhatsApp was used to infiltrate Pegasus onto targets’ phones.
WhatsApp revealed, in its investigation of the NSO hack of its users filed in court, that servers controlled by NSO – and not its government clients – were an “integral” part of the attacks, according to The Guardian in Washington DC.
That is to say that, according to these court filings, the Pegasus “software suite” sounded very much like a service rather than a simple off-the-shelf software product.
Pegasus is reported to have cost its government clients tens of millions of dollars to license. If it were a simple off-the-shelf software product that NSO has no control over once it sells, it seems far more likely that the clients would have pirated the software rather than pay such astronomical fees.
NSO’s nefarious mercenary behaviour has earned it some well-deserved negative publicity over the last few years.
So now, it is attempting to use the global COVID-19 pandemic to launder its image.
The World Health Organisation claims that contract tracing has an important role to play in defeating the killer pandemic – compiling lists of everyone infected persons have been in contact with since they got the virus so that they can be warned and tested.
NSO and Israel have been peddling “Fleming” as a high-tech contract tracing solution.
But according to one cybercrime expert, the project looks more like a ruse to expand NSO from the world of targetted cybercrime, and into the realm of invasive mass surveillance.
John Scott-Railton, a senior researcher with CitizenLab, analysed screenshots of “Fleming” released publicly by NSO and Bennett. He concluded that it is probably not effective for any genuine contact tracing effort and looks more like another spy tool – perhaps even just a new face for the old ones.
He suggested that Fleming: “Is actually a skin on NSO’s existing surveillance software. NSO can’t say because they are pushing it [to] some existing espionage customers, and naming them is forbidden by contract.”
NSO and other mercenary Israeli spy firms – such as Black Cube, which helped convicted rapist Harvey Weinstein spy on his victims as revenge for daring to speak out – have one particular advantage in the market.
They have a literally captive population – the Palestinians – as a test subject.
Whistleblowers from Unit 8200 revealed that their cybercrime gang spies on the entire Palestinian population.
Such criminals are not to be trusted with our safety during a global pandemic.