NOTE: I did an interview for The Real News Network (above) about my post on Israel’s attempt to sabotage the 2016 election. I also published a piece for Middle East Eye recently on the Israeli Supreme Court’s ratification of a new governing coalition just as corrupt and dysfunctional as the previous one. I hope you’ll give them both a look and a read.
Israeli media watchdog, 7th Eye, reports that the Mexican government officially revealed for the first time that it canceled NSO Group’s contract to provide cyber-hacking tools to the country’s legal, law enforcement and intelligence units. Last year, current President Lopez Obrador announced that his government no longer used the company’s cyber-spying product, Pegasus. This week’s statement further clarifies that it canceled the government’s business dealings with NSO in 2017 and that a corruption investigation into the procurement process is underway.
Mexico was the first nation to buy NSO’s Pegasus tool, the most sophisticated cyber-surveillance product sold in the world. The sale was brokered by two sleazy intermediaries, Mexican oligarch Jose Azano, now serving a federal prison sentence and Eliot Broidy, a Trump donor and confidant, currently under investigation by the Justice Department. Broidy was prosecuted for offering a bribe to New York City controller, Alan Hevesi in return for steering $250-million in municipal pension funds to Broidy’s investment company. Disclosure: Broidy threatened to sue me for an earlier post I wrote about him.
Though the NSO deal was canceled in 2017, the government did not reveal this until earlier this week. It accompanied its announcement with a statement renouncing the dirty-ops ethos Pegasus represents, and the motives of the previous government in employing it. Mexico’s announcement also noted that a special prosecutor was investigating the contract with NSO and how it was procured. It also rejected the surveillance activities of the Nieto government:
The present administration, consistent with its convictions and principles, will continue to fulfill its unwavering commitment to abandon all practices of political espionage or intimidation of possible adversaries with surveillance schemes; That’s a thing of the past. Currently, the intelligence services are used in a legal and transparent way, only for the safety of the population and with respect for human rights.
It’s not clear why the Obrador government, which represented a complete break with the policies and practices of the Nieto administration, waited so long to reveal this information.
In 2011, NSO Group commissioned Israeli tech deal-maker, Matan Caspi to find clients for its first successful product, Pegasus, which originally was designed to hack the then-most-popular cell phone on the market, the Blackberry. Caspi then connected with Broidy, who brought them together with Azano. The latter had developed close business relationships with the Mexican military and intelligence agencies and sold them $350-million in spy gear in the decade before Caspi came on the scene. Azano made the connections with government officials and eventually a deal was consummated.
For an unknown reason, either the Mexicans, NSO or the brokers didn’t want NSO’s role to be public. So Azano created a third-party cut-out company and it sold Pegasus to the attorney general’s office. Azano took a hefty commission in the millions on the $15-million deal. Caspi and Broidy quarreled about their own commission and eventually, the Israeli persuaded NSO to cut the American out of the deal. Broidy apparently earned nothing.
עוד בדיחה (על חשבון הציבור) מבית היוצר של מלמב בחסות מערכת משפט מגוחכת. @calcalist פרסם אתמול ידיעה מרתקת על העסקה ה-1 של חברת הסייבר השנויה במחלוקת NSO. מלמב וביהמש הוציאו צאפ על שם המדינה שכלכליסט עצמו פרסם ב-2012. סילברסטיין בתיקון עולם חושף אותה הבוקר. https://t.co/ZmBQiLMx2b
— Yossi Melman (@yossi_melman) February 26, 2020
There is an Israeli gag order prohibiting identifying any of the parties to this crooked transaction. And even though the Israeli business publication, Calcalist, reported these names in 2012, it is prohibited from doing so today (the 2012 article remains available on its website). Israeli security correspondent, Yossi Melman tweeted in Hebrew on the absurdity of this bit of security censorship, whose main purpose appears to be to conceal massive corruption in the export of Israeli cyber-security technology.
With Mexico’s confirmation that it had ended its business relationship with NSO, things have come full circle. This is yet another blow to the company and Pegasus, which has been accused of complicity in the assassination of Jamal Khashoggi by another NSO client, Saudi intelligence. There are multiple lawsuits pending against NSO in both Israel and the U.S. by businesses and individual victims harmed by its dirty-ops technology.
Israeli human rights lawyer Eitay Mack and then-Meretz MK Tamar Zandberg sued NSO and asked the Supreme Court to rescind the export licenses approved by the defense ministry to export Pegasus to Mexico. The Court slapped a gag order on the proceedings. The only element of the case which may be reported publicly is that the justices rejected the appeal. NSO was free to export its dirty ops technology to whoever in the world had the cash to pay for it.
As I noted in the last piece I published for Jacobin, the Israeli company is seeking to turn a global pandemic into a business opportunity. It has adapted a Shin Bet counter-terror program called the Tool, which was designed as a Big Data response to monitoring and predicting terror attacks. The Tool compiles personal private data of all Israeli citizens, Jewish and Palestinian. It intercepts phone calls, text messages and other communications, both sender and recipient. It records geo-location data.
NSO calls its civilian version of The Tool, Fleming, perhaps in deference to the creator of James Bond, the British author, Ian Fleming. Unlike the Shin Bet database, Fleming is designed to record private data related to Covid19. Clients download information regarding Covid19 victims including their geo-location. The program monitors movement of individuals and tracks who come into contact with victims. The ostensible purpose would be to alert both authorities and those in danger of contracting the virus.
— Citizen Lab (@citizenlab) May 8, 2020
John Scott Railton of the NGO, Citizen Lab, analyzed NSO’s own geo-location data and found that the accuracy offered by Fleming was insufficient to prevent tens of thousands of innocent people from being swept up in potential dragnets. After he tweeted about this embarrassing product flaw, he publicized yet another major flaw discovered by a white hat hacker. NSO maintained a database containing public health information concerning all the potential customers it hoped to sell Fleming. On it, one could find data about UAE, Israel and a number of other countries. Astonishingly, the database had no password. It was essentially open to anyone who could find it. No security protection. For a company selling the concept of cyber-security, this should be almost a fatal blow.
But as PT Barnum said: there’s a sucker born every minute. I just hope that the countries contemplating purchasing this product don’t get taken for a ride as Mexico was.