SEATTLE — After investigating some suspicious text messages sent to an Emirati human rights activist in early August, researchers at the University of Toronto’s internet watchdog Citizen Lab and Lookout Security announced on Aug. 24 that they’d detected the most sophisticated mobile hacking tool ever developed.
The spyware, known as Pegasus, was created by the secretive cyber warfare firm NSO Group, one of the many high-tech startups that has emerged from Israel’s advanced military technology sector. These firms, and the hoards of veteran hackers they employ, offer cutting edge products to the internet security industry. But they also offer their clients — which include a host of totalitarian regimes and nanny states — the opportunity to intrude on the digital privacy of private citizens and engage in industrial espionage or illicit surveillance.
Pegasus targets victims via a link sent in a text message, a process known as the “one-click” variant. The link opens to a site which automatically downloads the software onto the victim’s iPhone, allowing it to harvest the data from, and control, virtually every function of the device, from phone calls, location tracking and email, to the camera and apps, without the user or the phone realizing it.
Rather than clicking the links in the texts, however, Ahmed Mansoor, the human rights activist, sent them to Citizen Lab researchers, who eventually connected the dots between the “exploit infrastructure” contained in the text messages and NSO Group.
Although the FBI reportedly bought an exploit from an unknown company to break into the iPhone of one of the San Bernardino terrorists, Pegasus is the first known piece of software capable of “jailbreaking” the iPhone 6 remotely. The “beauty” of the product is that it circumvents the mobile provider and internet service provider, which traditionally must give permission to security services to snoop on their customers.
And, as Citizen Lab noted, Pegasus is “a government-exclusive ‘lawful intercept’ spyware product.” It’s not available to the general public or even savvy non-state clients willing to pay top dollar for the ultra-sophisticated spyware.
“The high cost of iPhone zero-days [software vulnerabilities unknown to the vendor], the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government provide indicators that point to the UAE government as the likely operator behind the targeting,” Citizen Lab reported.
NSO: Huge and operating mostly under the radar
NSO inhabits a rarefied but growing market niche in which governments around the world are acquiring spyware and exploits for millions of dollars. While it’s one of the largest companies in the field, it also operates much like its Pegasus spyware — without anyone really noticing.
In an Aug. 25 report, Forbes noted that NSO, which doesn’t have any online presence to speak of, sold a single exploit to a state security service for $18 million. It also has a $16 million contract with the Mexican government to hack the communications systems of drug traffickers. However, in investigating Pegasus, Citizen Lab discovered that Mexican authorities used the spyware to target a journalist, Rafael Cabrera.
In November, Reuters reported that the company’s annual earnings stood at about $75 million. Since acquiring NSO for $120 million in 2014, the American private equity firm Francisco Partners Management reportedly shopped the company around, seeking a $1 billion sale.
That’s pretty good for the company’s Israeli founders, Omri Lavie and Shalev Hulio. These are two guys who were average students, never served in the Israeli Defense Forces Unit 8200 that produces the lion’s share of Israel’s technology startups, and first got to know each other playing on the beaches of Tel Aviv.
However, they were smart enough to know that to succeed they needed to hire exceptional personnel. NSO reportedly counts Unit 8200 cyber-hacking veterans among its roughly 200 employees.
In 2013, the Financial Times’ John Reed sat down with Lavie and Yair Pecht, NSO’s chief executive, to discuss the company. Reed reported:
“NSO emphasises that its business with foreign governments and government agencies is subject to approval from Israel’s defense ministry, which screens and monitors them before giving the green light. NSO will not say who its clients are, but its executives have visited about 35 countries over the past 18 months, they say.”
Not much has changed in the intervening years. In a statement released after Citizen Lab connected the dots between the spyware and NSO, the company stated that its mission was to provide “authorized governments with technology that helps them combat terror and crime,” according to Business Insider.
It’s unclear, though, how NSO is reacting to the suggestion that Ahmed Mansoor, the Emirati human rights activist whose iPhone was targeted unsuccessfully by Pegasus, is involved in terrorism or crime.
Mansoor is one of the country’s few human rights activists whose calls for a free press and democratic freedoms have earned him an international profile and press contacts. He is not a terrorist, at least not according to any reasonable definition of the term. Yet it seems that the government agencies most willing to pay for high-end spyware services like Pegasus tend to be those which view any dissent, including non-violent dissent, as serious threats to national security or terrorism.
NSO bets on both sides of the coin
The next major product NSO’s owners are developing is Kaymera, a secure smartphone that the company swears can not be hacked. Based on the marketing material on its website, it appears that the target market for this product is governments, including security services, seeking secure communications systems. Ironically, that’s the very same clientele using Pegasus. The startup received its first round of funding — $3 million — in 2013.
If it seems like Omri Lavie and Shalev Hulio are playing both sides against the middle, it’s because they are. And they’ve admitted as much.
“Anybody who sees the capability of NSO systems immediately thinks of ways to protect themselves against similar capabilities,” Avi Rosen, who partnered with Lavie and Hulio to get Kaymera off the ground, told Bloomberg in 2014. “When we saw the potential, we decided to build a company out of it.”
While Apple patched the software hole exploited by Pegasus after Citizen Lab and Lookout Security brought it to the company’s attention, the fact of the matter is that the developer or developers behind Pegasus identified a software hole to exploit. With enough time and money, it’s likely to happen again.
And with Lavie and Hulio currently offering products to both sides of the market — governments and security services looking to hack encrypted devices and those looking to avoid being hacked by using encrypted devices — is it unreasonable to believe that someone willing to shell out for Pegasus wouldn’t also be willing to pay to have a Kaymera phone cracked?
Israel exports tools of repression
Israel’s cyber security industry is a direct outgrowth of the country’s status as a security state. The country, which is no bigger than the state of New Jersey, ranks among the world’s top arms exporters.
In addition to its history of supplying arms to failed states and repressive regimes with authoritarian rulers that use the weaponry to maintain control of the population, promote civil strife or even carry out genocide. One of Israel’s top clients is India, which uses its sophisticated arsenal to maintain its occupation of Muslim-majority Kashmir. In fact, both countries maintain a decades-long occupation of territory seized by war and conquest. That, and their antipathy toward their respective Muslim enemies, serve as a major source of mutual interest.
The IDF’s Unit 8200, which intercepts communications and penetrates the security systems of Israel’s Arab enemies, is the largest single unit in the Israeli army. It enjoys privileged status in terms of resources allocated to it, and its veterans exit the military with the brightest job prospects of anyone in the service.
On 11 September 2013, The Guardian released a leaked document provided by Edward Snowden which reveals how Unit 8200, referred to as ISNU, receives raw, unfiltered data of U.S. citizens, as part of a secret agreement with the U.S. National Security Agency:
This unit offers the Israeli military the ability to intrude on the private life of any Israeli target. That’s why nearly 50 reservists serving there signed a letter in 2014 refusing to participate in operations against Palestinians in the occupied territories. They maintained that Unit 8200 was engaged in morally untenable activities which offered no value to the military, including recording embarrassing personal conversations, sexual dalliances and homosexual activity. These were exploited in order to compel Palestinians to serve as informers for Israeli intelligence.
Companies like NSO offer other countries the opportunity to turn themselves into the same type of surveillance state that Israel has become. Just as Israel pioneered drone warfare and the “art” of targeted killing, which have been appropriated by the CIA and U.S. special forces, so too has Israel opened a Pandora’s box of espionage and hacking capabilities.
Pegasus: Israel’s path to a dictator’s heart
Through companies like NSO, Israel’s cyber warfare industry provides governments that rule by force with the tools they need to maintain their hold on power. While investigating the text messages sent to Ahmed Mansoor’s iPhone, Citizen Lab and Lookout Security also identified connections between domain names tied to Pegasus software and a number of countries.
“The UAE and Mexico dominate this list, although other countries are also worth noting, including: Turkey, Israel, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria, and Bahrain,” Citizen Lab reported.
NSO may already have clients in those places or anticipate doing business there. It’s noteworthy that the vast majority are authoritarian or far-right regimes that may be expected to exploit the technology to spy on dissidents.
The inclusion of Israel in the above list indicates that Israeli police and/or Shin Bet, the country’s domestic security agency, may be using Pegasus against both Palestinians and Israeli Jews. The Mossad, Israel’s national intelligence agency, may even be using it outside Israel’s borders.
Israel has a history of seeking allies in its long-running conflict with its Arab neighbors. At its founding, David Ben Gurion sought friends among the newest states which had recently thrown off the yoke of colonialism in Africa and Asia. But over the past few decades, as Israel earned greater international opprobrium for its illegal occupation of Palestine and the Syrian Golan, such allies largely dropped by the wayside.
As a result, Israel concocted a new enemy, Iran, which has offered fertile ground for cultivating new friends among the Sunni states in the Gulf region, including Saudi Arabia and Egypt. Over the past decade, Israeli Prime Minister Benjamin Netanyahu and his predecessors virtually invented a combustible, hostile relationship with Iran that led its enemies right into Israel’s arms.
There should be no surprise that the UAE’s intelligence services turned to NSO; Israel has entered into similar intelligence-sharing relationships with other states in its war on Iran. Saudi Arabia was reported to be a major financier of Israel’s cyber warfare program that birthed malware like Flame and Stuxnet, which sabotaged Iranian nuclear facilities. The same Saudi-financed terror project also resulted in the deaths of five Iranian nuclear scientists.
New York Times trumpets Israeli-Saudi alliance
Israel and these Sunni states share a mutual hatred of Iran but little else. There are no constructive aspects to these relations, and they certainly will not result in transforming these societies into democracies, boosting their economies or lifting their poor from poverty.
That’s why a recent New York Times editorial which trumpeted Israel’s new alliance with Saudi Arabia was so misguided. The Editorial Board began:
“Israel and Saudi Arabia have no formal diplomatic relations. The Saudis do not even recognize Israel as a state. Still, there is evidence that ties between Saudi Arabia and other Sunni Arab states and Israel are not only improving but, after developing in secret over many years, could evolve into a more explicit alliance as a result of their mutual distrust of Iran. Better relations among these neighbors could put the chaotic Middle East on a more positive course. They could also leave the Palestinians in the dust, a worrisome prospect.”
Referring to the Boycott, Divestment and Sanctions movement, the board continued:
“As an international boycott movement is seeking to isolate Israel over its treatment of Palestinians, Mr. Netanyahu is determined to expand the number of countries that recognize his state and to capitalize on the economic potential of trade between it and the Arab states. He also has repaired relations with Turkey and has sought to strengthen ties with Africa.”
Given that the economies of most of these countries are quite small, it seems highly unlikely that Arab states have anything useful to Israeli consumers except perhaps oil. And Israel itself plans to invest billions in harvesting natural gas reserves it has discovered in the region.
Meanwhile, other than food exports, there is little Israel can offer these states except the kinds of security services and cyber warfare technology outlined above.
Considering these important facts, the type of trade described in the Times’ editorial is not the usual bread-and-butter trade between nations which builds economies and permits a society to feed or clothe itself.
One of the Editorial Board’s few accurate observations is that this new alliance is designed by Netanyahu to leave the Palestinians out in the cold. If he can focus his new friends on their mutual hatred of Iran, they will be diverted from helping Palestinians to obtain their own rights.
Thus, contrary to the Times’ perspective, this budding relationship is built on shifting, rather than long-term, interests. Friends united by nothing more than antipathy toward a mutual enemy can rapidly turn on each other. Just look at what happened to the U.S. relationship with the Afghan mujahadeen, or Washington’s alliance with Saddam Hussein against Iran in the 1980s war.