Veteran Israeli journalist, Amir Oren, posted a series of tweets revealing news even more troubling than we’ve been reading about NSO Group. We thought we were dealing with a runaway Israeli company wreaking havoc among human rights activists, political dissidents and even national leaders in 50 countries. But it’s far worse than that.
Where do you think NSO came up with this spyware? It wasn’t invented out of whole cloth by a few clever hackers and programmers hired for astronomical sums. Those employees learned their trade elsewhere before they came to NSO. They did so in Unit 8200, the Israeli army’s signals intelligence branch. It is the largest unit in the IDF and produces surveillance technology to rival, or even exceed, the NSA.
Here are Oren’s tweets followed by my translation:
1/1 העוקץ בסיפור NSO – שם דומה להפליא ל-NSA; יפה שהבעלים התאפקו לא לכנות את החברה 8200 וחצי – אינו עיסקי או דיפלומטי, אלא מודיעיני ואסטרטגי. אם המוכר הישראלי ובעקבותיו הלקוח הזר מסוגלים להינעל באמצעות סמרטפון, טבלט או מחשב על תכולתם ואפליקציותיהם והלאה, באמצעות נמענים ואנשי קשר..— Amir Oren (@Rimanero) July 27, 2021
2/2 ..כי אז ברור ש(1) גם אמ״ן, שב״כ, מוסד ואם תורשה להב 433 מסוגלים לאותה חדירה מודיעינית, כולל לטלפון של מקרון (או ביידן) (2) למודיעין הישראלי גירסה משודרגת; הגירסה שנמכרה בחו״ל משונמכת (3) ישראל מאובטחת באמצעי נגד (4) אעפ״כ, נתניהו, החשוף ליכולות או חושד בהן, נמנע מהחזקת טלפון.— Amir Oren (@Rimanero) July 27, 2021
The real sting in the NSO story, a [company] name remarkably similar to NSA: It was nice of the founders [of NSO] not to name the company “8200-and-a-half.” It has little to do with business or diplomacy; but rather intelligence and strategic [interests]. If the Israeli seller and consequently the foreign client are able to hack a smartphone, tablet or PC, their contents and apps, recipients and contacts, then it’s obvious that…
1) AMAN [Israeli military intelligence], Shin Bet, Mossad and the police investigations unit can also achieve the same results, including [hacking] Macron’s (or even Biden’s) phone.
2) Israeli intelligence has an upgraded version [of Pegasus]; the version sold abroad is downgraded.
3) Israel is secured [from such hacks] by counter-measures.
4) Nevertheless, Netanyahu, who has been exposed to these capabilities [spied upon] or who suspects them, refuses to own such a phone.
5) Given the capabilities of the NSA, CIA, FBI–the lax security of the telephone and private e-mails of, for example, Hillary Clinton–is a security breach the width of the gates of the White House.
6) This demands tightening supervision and the oversight of the Knesset constitution, foreign affairs, security and internal affairs committees–and even a court, possibly modeled on FISA, to ensure it is not exploited to the detriment of Israelis.
The important take-aways here are the warning that the Israeli state and its domestic and foreign intelligence apparatus have developed surveillance tools even more powerful than Pegasus; and that these tools are deployed around the world to advance Israeli interests. We can further assume that US intelligence agencies like the ones Oren mentioned have either tools comparable to Pegasus or even more powerful; and that we use them in the same way Israel does. That we hack the phones of both allies and enemies and pry into their personal, political and military secrets.
As I wrote in an earlier post, states with advanced surveillance capabilities like the US, Israel, China and Russia should be extremely nervous about the NSO scandal. While they pay lip service to the issues of violations of human rights or even the murder of journalists like Jamal Khashoggi, what scares the living daylights out of them is the potential for this to rebound against state intelligence interests.
If we outlaw private spyware as Edward Snowden advocates, it will not stop there. Digital rights activists and privacy advocates will next turn to state actors and tell them that they are far more dangerous than private actors like NSO. Fancy Bear and his NSA counterparts can do far more than hack cell phones. They can sabotage major infrastructure. They can cause failures of communication systems, power plants, airports, etc. They can grind an entire nation to a halt practically with the flick of a few switches. Now that’s danger!
Members of Congress have been curiously silent in the midst of this controversy. Other than Sen. Ron Wyden, who spoke out a few years ago about the dangers of NSO, there has been silence. Until now. Today, a group of Democratic House members from California and New Jersey offered a joint statement, Enough is Enough! They demanded an end to NSO’s havoc:
“Enough is enough. The recent revelations regarding misuse of the NSO Group’s software reinforce our conviction that the hacking for hire industry must be brought under control. Private companies should not be selling sophisticated cyber-intrusion tools on the open market, and the United States should work with its allies to regulate this trade. Companies that sell such incredibly sensitive tools to dictatorships are the A.Q. Khans of the cyber world. They should be sanctioned, and if necessary, shut down.
…To that end, we call on the United States government to urgently:
- Call out by name publicly and in reports provided to Congress private companies that sell cyber-intrusion tools to governments with a history of misusing them.
- Consider the immediate addition of the NSO Group and any other company engaged in similar activities to the Entity List administered by the Commerce Department and consider the company’s abusive clients for sanction under the Global Magnitsky Act.
- Establish by legislation or executive order a sanctions regime to hold accountable individuals and companies that sell these tools to authoritarian states.
- Ensure that the NSO Group and companies engaged in similar activities do not access American investors funds—including through a potential IPO—through SEC regulations that would protect non-securitized capital from funding their activities.
- Accelerate efforts to finalize accession to the Wassenaar Arrangement’s limited controls on cyber-intrusion tools, lead a multilateral initiative to impose strengthened controls with transparent human rights assessments on items with surveillance capabilities, and consider SEC regulations requiring companies to publicly disclose exports of technologies with surveillance capabilities and to carry out published human rights due diligence for any such exports.
- Investigate and assess the possible targeting of American ‘journalists, aid works, diplomats and others’ with NSO Group’s Pegasus spyware, determine whether America’s national security was harmed, and take steps to protect all Americans, including federal employees, from the threat posed by the growing mercenary spyware industry.”
Now, we need every Democrat in Congress to join in this effort. Even Republicans who favor the right to privacy and protection of individual liberty should sign on. This is the sort of teeth NSO and its investors need to see in order to rein in their worst impulses.
nessim dayan says
i said it in a previous remark all this is part of the yearly 3b gift to idf and by extension 8200 etc..
nothing to see here, keep moving
as far as the bombastic declarations , nah, just pissing against the wind
Units like 8200 are needed if the Yinon Plan were to bear fruitition. So no surprise this goes on in Israel. I also think, the US is complicit, just my own belief. If the West needs a non Muslim ally in the Middle East, and there is no Christian State, then Israel would have to do. Which means, UK, Australia, EU would also look the other way.
By the way, Richard, seeing that you expose the Israeli security state, who is/was Obadiah Shoher, the author known as Samson Blinded? Would be great if you could do a write up.
First time commenting, really like your blog, richard, somewhat new here (found your blog after the tomer eiges scandal). I must say i dont think Oren׳s tweets deserve any mentioning since he uses the words ״it׳s obvious that…״ the internet (and twitter) is full of people who have ‘opinions about stuff’, but you set a certain standard , so far, of using sources who supposedly KNOW what they’re talking about, not just stating their opinions on what probably or definitely is or isn’t. If mr. Oren has proof for any of his claims, that would be a whole different thing. I, too, can come up with conspiracy theories (i love em!) but i wouldn’t expect anyone to treat my thoughts as newsworthy. Anyways, just my thoughts…. Thanks for your hard work richard!
Richard Silverstein says
@ Maya: the difference between you (and me, for that matter) and Amir Oren is he has a distinguished record of reporting on this and many other important issues. I’ve known and respected him for many years. His statements/tweets are worth a great deal.
What Tom Malinowski and Co. will achieve, is that IF indeed the private surveillance sector will be barred from selling on the open market – They WILL do that on the black market.
This way it will become far more malicious and away from any sort of oversight or checks and balances.
If there is a buyer – there will ALWAYS be a seller.
NSO and other companies will have no problem at all closing their official doors and establishing the same business under new names in the shadows.
P.S. it is ironic that people who are “worried” about privacy – still use Facebook and Gmail…
Richard Silverstein says
@ Alex: Not so fast pardner. Yours is the typical Israeli cynical response. The fact is that there are thousands of markets which are regulated. Of course, there are ways around regulations and people will try to do so. But that doesn’t mean regulation doesn’t work and isn’t effective. Once the black marketeer discover there are punishments for their behavior most of them will come into line.
As for privacy, many people who are worried about privacy either don’t use Facebook or Gmail; or figure out more secures ways to do so. You vastly underestimate the market for secure alternatives to these platforms.
Amir Oren on Intelligence sharing NSA and Unit 8200 … the Snowden papers. NSA provided raw Intelligence to Israel, Unit 8200. Obama succeeded to prevent Israel bombing Iran in 2012 … at a price.
Birds on a Wiretap | Haaretz – Dec. 29, 2013 |
Leaked Classified Memo Reveals U.S.-Israeli Intel Cooperation on Egypt, Iran | Haaretz – Aug. 5, 2014 |
With approval from U.S. National Intelligence Director Lt. Gen. (ret.) James R. Clapper …
It’s good that Barack Obama prevented Israel from bombing Iran. That would’ve been a disaster for them, and the entire mid-east. What Obama failed to do, however, is to put pressure on Israel to pull out of West Bank, Gaza Strip and East Jerusalem, rescind control of the water and air-space in those territories, and to allow the Palestinians to create their own independent, sovereign nation-state alongside Israel (and NOT in place of Israel) thus allowing the 2-state solution (the only safe, sane and sensible solution to the decades-old Israeli-Arab debacle) to come into fruition.