Pegasus’ Maker Reportedly Got Extensive Support From Israeli Government in Selling Spyware Abroad
19:05 GMT 20.07.2021 (Updated: 19:54 GMT 20.07.2021)
Subscribe
The Israeli security software maker is at the center of an international scandal after media investigations revealed that at least 50,000 phones, including those of 600+ senior politicians and officials and hundreds of journalists, had been targeted by its military-grade spyware.
The Israeli government was heavily involved in pushing NSO Group’s Pegasus software to foreign state clients, and even intervened directly in situations where the cybersecurity giant showed hesitation to do so, Israel’s Haaretz newspaper has reported, citing half-a-dozen officials and businesspeople said to be familiar with the situation.
Unnamed executives from Israel’s ‘offensive cyber industry’ told the newspaper that the Israeli government heavily lobbied for its cyberweapons firms, especially NSO Group, during now former Israeli Prime Minister Benjamin Netanyahu’s formal state visits and secret trips to other countries, with company representatives believed to have secretely accompanied him during some of the outings.
NSO Group would not have been able to sell its products, whose export is regulated by the Defence Ministry, to countries like Saudi Arabia, with which Israel has no formal diplomatic relations, unless Tel Aviv allowed them to do so.
One senior official told the newspaper that “Israel marked Saudi Arabia as a strategic target” for an aggressive spyware marketing campaign in 2017, with Tel Aviv reportedly considering Riyadh to be a ‘moderate’ force in the Arab world and actively seeking to exacerbate the Gulf kingdom’s tensions with regional rival Iran, which is also a key strategic adversary of Israel's.
“This is a project that the Defence Ministry was involved in, the desire was to coddle and indulge the Saudis of our capabilities,” the official said in reference to the campaign. “That’s how Cellebrite and NSO got to sign such big deals with the Saudis,” the source added. Cellebrite is a cybersecurity hardware maker which produces devices capable of cracking phones, and reportedly inked a major contract with Saudi Arabia’s police forces.
A second senior official said Israel sought to “arm the Saudis” with its spyware tech, including Pegasus, amid Tel Aviv’s quiet efforts to normalize relations with Riyadh and other Gulf sheikdoms.
A third official, who also requested that their identity be withheld, told the newspaper that Saudi Arabia deserved Israeli help via spyware sales amid “serious threats from Iran and its different terror cells and proxies.”
Just Business
One person said to be present at a 2017 tech event in Cyprus where NSO Group demonstrated its products recalled the company’s showcasing of its zero-click hack capability to Saudi officials, during which a freshly-bought iPhone was hacked using only its phone number. “They went to discuss it amongst themselves. You don’t need to know Arabic to understand that they were in awe and super excited from what they saw – it was clear that this was what they were looking for,” the person said.
Riyadh reportedly went on to purchase NSO software in a $50 million multi-year deal.
One of the officials indicated that the outsized power of Israel’s cyber industry in proportion to the country itself gives it a “relative advantage” which it could trade with other intelligence services.
A CEO from an unnamed Israeli company told the newspaper that there were times when the government openly pressured companies to sign contracts to export their offensive cybersecurity capabilities abroad. In one instance, the businessman said, the United Arab Emirates offered his/her company $40 million for its cyber solutions. The company refused, only to have an Emirate representative ask whether it would “help” if they talked to “Bibi” Netanyahu about the request.
Another businessman said an official acting on behalf of the Israeli government had asked them to “take the deal” with one country because “it helps Israel’s security.”
Responding to the newspaper’s reporting, the Israeli Defence Ministry confirmed that the government was “in charge of overseeing the sale of cyber tools from Israel,” and added that “a number of considerations” are taken into account, among them defence and security deliberations, as well as diplomatic and strategic ones, when it comes to military exports.
The ministry maintained however that “Israel authorizes sales of cyber tools only to official state organs and law enforcement agencies that are committed to make use of it according to the terms of fighting terrorism or serious crimes.” Such a commitment, it said, is “stipulated in terms of use.” The ministry further stated that “the state of Israel does not have access to the information and data collected by NSO’s clients.”
NSO Group has similarly suggested that its software is made strictly for the purposes of fighting crime and terrorism, that its products have saved “tens of thousands” of lives, and has offered a blanket rejection of the wave of reporting on the potential illegal use of its products.
Sources speaking to The Guardian partially corroborated the statements made by Haaretz’s state and business sources, with anonymous sources telling the British newspaper that Saudi Arabia was temporarily cut off from being allowed to use Pegasus in 2018 after the murder of Jamal Khashoggi, but had its access to the software restored in 2019 following pressure from the Israeli government.