NSO Group is once again in the news, and not in a good way. Reporters Without Borders created a new Hall of Shame list of the world’s worst “digital predators.” That is, countries and companies engaged in the most egregious violations of human rights, press freedom, and personal privacy:
To mark this year’s World Day Against Cyber-Censorship, celebrated on 12 March, Reporters Without Borders (RSF) is unveiling its list of press freedom’s 20 worst digital predators in 2020 – companies and government agencies that use digital technology to spy on and harass journalists and thereby jeopardize our ability to get news and information.
This list is not exhaustive but, in 2020, these 20 Digital Predators of Press Freedom represent a clear danger for freedom of opinion and expression, which is guaranteed by article 19 of the Universal Declaration of Human Rights. On World Day Against Cyber-Censorship, created at RSF’s initiative, RSF is for the first time publishing a list of digital entities whose activities are tantamount to preying on journalism.
So NSO joins an ‘august’ group of countries, companies and troll armies including Saudi Electronic Brigade, the Kremlin’s Troll Army and Chinese, Russian and Iranian cyber-attack units.
The list of victims of NSO who are suing it across several continents continues to grow. Amnesty International sued the company and Israeli defense ministry on behalf of one such victim, demanding that the government revoke the company’s export license to sell its most lucrative and damaging product, Pegasus. In the U.S., Whatsapp is suing NSO for hacking its source code in order to steal communications of 1,400 users deemed enemies of the state. In this case, the state appears to be Saudi Arabia, which was known to have paid $55-million to the Israeli malware firm for its services.
Recently, the company’s lawyers failed to show up at a federal hearing and the judge issued a default judgment on behalf of Whatsapp. However, NSO has argued that its opponent failed to satisfy the Hague Convention which specifies the procedures for serving parties to international lawsuits. NSO has issued lurid depictions of
Whatsapp as a “liar” for claiming it had served NSO properly. However, lawyers for Whatsapp described the laborious process they went through to follow the proper procedures for serving the defendant. It has accused the Israeli courts of acting as an accomplice in NSO’s diversionary tactics by refusing to certify that papers were served properly.
This seems garden variety stalling tactics for a defendant who doesn’t want to face the music and try the case against it. Par for the course for a company based on subterfuge and lies like NSO.
The company has also hired an army of DC lobbyists to plead its cause in Congress and the White House. Its main PR consultant is Mercury Public Affairs hired at a cost of $1.4-million last January:
The agreement calls for Mercury to provide “strategic consulting and management services specific to government relations and crisis management issues” that Q Cyber faces in connection with “pending” and “potential future litigation or regulatory actions.” The firm also wrote in the Justice Department filing that it is providing “consulting services in connection with public relations, media relations, government relations, and litigation.”
Digital communications specialist Nicole Flotterton and Ian McCaleb, a former spokesman for the Justice Department’s criminal division who previously worked as a reporter for CNN and producer for Fox News, have registered to work on the account for Mercury.
A few months earlier, Sen. Ron Wyden raised the ominous prospect that NSO’s malware may have been used to hack the communications of U.S. government officials and contractors:
“If foreign surveillance companies like NSO are helping their foreign government customers hack or spy on Americans, particularly US government employees and contractors, that would raise serious national security issues,”
This certainly pricked the ears of the Justice Department, which has opened an investigation of the company’s activities. Hence the need for crisis and litigaton management. Last week, Mercury added more muscle and made its team international in scope:
…Tapping former British officials to help lobby for…the Israeli spyware company [as it] faces a global backlash over accusations that it helped authoritarian regimes spy on dissidents…Mercury has now added three people in its London office to the account.
…Toby Denselow, a former aide to British lawmaker Glenda Jackson, and…George Tucker, a former British diplomat, joined the account in January….They join former Labour Party staffer Louis Rynsard…
NSO has multiple connections to Great Britain. London-based private equity fund Novalpina took control of the company last year, and four Novalpina
executives were served with the lawsuit that Facebook and WhatsApp filed…accusing the company of using WhatsApp servers to send malware to 1,400 users…from 20 countries, including Bahrain and the United Arab Emirates…The firm also faces legal scrutiny in Britain, where Saudi comedian Ghanem Almasarir has sued Saudi Arabia alleging that Riyadh targeted him with NSO software while he was living in London.
Meanwhile, Labour Party politicians have been asking questions about the British government’s relationship with the spyware company. NSO attended a Security and Policing trade fair in southern England this month, prompting a complaint from Labour MP Lloyd Russell-Moyle, who accused the government of “helping despots hunt and kill dissidents.” Meanwhile, Tom Watson, then a member of parliament serving as shadow secretary for digital affairs, raised the issue of the WhatsApp data breach and NSO’s role during a speech to parliament in May 2019, as did Drew Hendry, a Scottish National Party lawmaker.
NSO has also come under fire in the European Parliament. Eva Kaili, a member from Greece, asked the European Commission for answers about NSO in November. In December 2018, Marietje Schaake, then a member representing the Netherlands, asked the European Commission questions about the company.
Curiously, we’ve heard no more of the human rights claptrap advanced by Steven Peel when he bought the firm, claiming it would be held to the highest standards of ethics and observe the UN Guiding Principles on Business and Human Rights. Once two UN rapporteurs for extrajudicial killings and freedom of expression denounced NSO Group for its suspected role in hacking Jeff Bezos’ cell phone, Jamal Khashoggi’s assassination, and other misdeeds, the UN no longer was an optimal world institution to invoke on behalf of its human rights record.
Yes, and NSO is sharing the stage with other Non-State hackers like Germany’s ‘Gamma’, Switzerland, Saudi Arabia and Italy’s ‘Momentum’, Spain’s ‘Mollitiam Industries’ and the United States ‘Zerodium’.
https://rsf.org/en/news/rsf-unveils-202020-list-press-freedoms-digital-predators
BTW, NSO is jointly owned by an American private investment group, a European private investment group, and two Israeli businessmen.
Just thought I’d add some perspective here.
@ Lemonade: You’ve got to keep up with my reporting, buddy. NSO is by far the most successful, largest and most financially remunerative company in this field by an order of magnitude compared to the others RSF listed.
Also, saying NSO is “jointly owned” is misleading. It is owned by Novalpina, which holds by far the largest stake in the company. It’s possible that some of its former owners have retained a small stake. But they have no control or say in running the company. Novalpina seems to have left the day to day management of NSO to the same assholes who founded it as they’re e continuing to follow the same damaging practices they’ve used thus far; learning nothing and changing nothing.
You also failed to mention the three previous attempts Shalev and Hulio made to sell the company to public companies in Israel and the U.S., all of which failed because of the massive controversy generated by the world human rights community. The only reason they could sell it to Novalpina is it’s a private company and doesn’t have to worry about the odious nature of NSO’s business in terms of driving away stockholders.
If we wouldn’t have @ lemontree, where would this blog be? 🌚