Israel’s NSO Group, the world’s most successful spyware developer, is on the ropes. An Israeli court appointed a trustee for three of its subsidiaries which specialize in cyber-defense products. These companies argue that their interests are separate from those of NSO Group; and that CEO Shalev Hulio is withholding salary from its employees in order to preserve cash to pay hundreds of millions in looming debt repayments. Over $500-million in outstanding debt comes due in the coming months with no visible means of repaying it. Meanwhile, the US government has blacklisted NSO and crippled its ability to finance its operations.
Haaretz reported in the past few days that NSO is in “advanced” talks with US investment company, Integrity Partners, who would buy it for $300-million. The funds would be invested in the new company and allow it to dump most of its current clients and transform its business model from cyber-offensive to cyber-defensive products. Integrity’s co-founders served in the US military and maintain close ties to high-level US officials. These ties would be used to lobby for removal of NSO from a US blacklist, which currently hamstrings the company’s financing and client recruitment.
Under the corporate restructuring plan outlined in Haaretz, the new company, to be called Integrity Labs, would cancel contracts with all but five of its 37 current clients. The only ones which would remain would be the Five-Eyes US allies: Australia, UK, New Zealand, US and Canada. Pegasus would no longer be a tool for cyber-offense, but rather be used in a defensive mode; though it’s hard to see how such a product could be retooled in such a radical fashion, given that its sole purpose is to attack devices and steal their contents.
Since these reports emanate from NSO rather than Integrity, it’s difficult to know how credible they are. NSO is in dire straits and it is in its interests to drum up positive news regarding a sale. Despite NSO’s claims that talks with Integrity are nearing conclusion and a sale may be imminent, such deals are not over “till the fat lady sings.” And she hasn’t sung her final aria, by any means.
The $300-million sale price would be an enormous come-down for the formerly high-flying NSO, which was purchased a few years ago by Novalpina Partners for $1-billion. Instead of a unicorn, NSO has become an albatross.
FBI Paid $5-Million for Pegasus
The NY Times Magazine published a new profile of NSO featuring an account of the FBI entertaining the purchase of Pegasus in 2019, and spending $5-million before deciding not to go forward with implementation and deployment of the product. As part of the demonstration phase, NSO technicians installed in an FBI building in New Jersey all the equipment needed to show off Pegasus’ capabilities to their potential client. After the US agents bought iPhones, the company’s hackers went about the process of exfiltrating all the content of the devices.
However, there was a hitch: Pegasus could not be used to attack cell phones with US phone numbers. It could only hack foreign phones. The Israeli company solved the problem by developing a second spyware product, Phantom, which could break US phone numbers. To do so, the FBI offered a phone using a US phone number and successfully hacked it.
This offered the FBI a legal and political quandary: while it could wiretap and surveil US citizens with judicial oversight, how could it employ Phantom in a way that would satisfy legal and civil liberty safeguards? And how would the US public and federal officials react to the use of the world’s most intrusive spyware against US citizens?
While the Times story provided a great deal of hitherto unknown information about NSO’s relations with US agencies, using the FBI story as the lede for the entire article aroused skepticism. Clearly, the source of the story was not in the US. It’s highly unlikely the FBI or any other federal agency that might be aware of these deliberations would have leaked the story.
The co-author of the report, Ronen Bergman, is especially close to sources in Israeli intelligence (specifically the Mossad). He has also written flattering profiles of NSO for Yediot Achronot, his Israeli media outlet. But why would an Israeli source leak this story to him? The Times story documents the anger Israeli officials felt when they learned of the Biden administration’s blacklisting of NSO:
The United States delivered the news to Israel’s Ministry of Defense less than an hour before it was made public. Israeli officials were furious. Many of the headlines focused on the specter of an out-of-control private company, one based in Israel but largely funded offshore. But authorities in Israel reacted as if the ban were an attack on the state itself. “The people aiming their arrows against NSO,” said Yigal Unna, director general of the Israel National Cyber Directorate until Jan. 5, “are actually aiming at the blue and white flag hanging behind it.”
Israeli news reports after the blacklisting was announced, described an Israeli government in crisis mode, placing all hands on deck to fight the decision, as if the State’s very life depended on it. Thus, there are Israeli officials with scores to settle. If I were to bet, I’d guess Bergman’s source is either inside the Israeli intelligence community or NSO itself.
The company’s leaders would have ample motivation to embarrass America’s leading domestic law enforcement agency, as a means of retaliating for bringing the company to its knees. And it certainly is embarrassing that as late as 2019 the FBI was seriously entertaining the purchase of a product already known to have wrought enormous damage on the lives of thousands of foreign officials, journalists, human rights activists, and attorneys.
NSO to the Finland Station
The media just keeps those NSO hits coming with a new report from Finland, that its diplomats serving in foreign assignments were targeted by Pegasus. Though Finland would not speculate on who was responsible, it’s well-known that Russia has ratcheted-up pressure in several regions on its border including Ukraine and the Baltic:
Finland has enhanced its military readiness as international tensions rise over Russia’s military build-up near Ukraine.
…”Readiness (of the Finnish Defence Forces) has been enhanced due to the fact that the situation in nearby areas has become more unstable,” said Colonel Petteri Kajanmaa, head of the warfare department at the Finnish National Defence University, referring to the Baltic Sea region.
Kajanmaa, who was speaking on behalf of the armed forces, said instability in the Baltic Sea region stemmed from the unpredictability of Russia.
…Kajanmaa declined to specify what actions Finland was taking but said that enhancing readiness usually meant collecting more intelligence, briefing the state leadership more often and moving resources such as planes and ships to new locations.
…The Finnish Security and Intelligence Service has said it has seen an increase in foreign intelligence activities targeting Finland.
“One topic which is the subject of increased interest is Finland’s relationship with the military alliance NATO,” Deputy Director Teemu Turunen told Reuters and added the topic is especially interesting to Russian intelligence.
Given that one of Putin’s major bêtes noir is NATO encroachment on Russia, he clearly wants to know the posture of a non-NATO neighbor like Finland. Not to mention that it is a close neighbor of the three Baltic republics which were once part of the Soviet Union, and now have tense relations with their much larger neighbor, Russia. My money is on Putin and his intelligence chiefs as the instigators of the attacks on Finnish diplomats.
There is one complication regarding this claim: Russia has never been identified as an NSO client. Citizen Lab compiled such a list, which does not mention Russia. In fact, the Moscow Times, wrote about its surprise regarding the results of its investigation into Russian cyber-spying and noted this. There are several explanations: one, that Russia is a client but has never been publicly revealed as one; or Russia has contracted its use of Pegasus to a third-party cutout precisely to avoid being associated with NSO Group.