“I really feel like this would have been a bigger story if we weren’t dealing with the pandemic right now, and people should pay attention to what Facebook tried to do a couple of years ago,” Garaffa told host John Kiriakou on Monday. “The NSO Group is a very shady company. They are based out of Israel, and effectively, they sell software that lets you attack mobile phones. That is essentially what their primary business is.”
“The NSO company is one of these companies that sells to governments around the world. They have security researchers that try to find security issues in primarily, in this case, the iPhone, but really in all sorts of devices, and they develop what’s called an ‘exploit.’ They develop a way to take advantage of that security issue to take over that phone, and usually in ways that you are not even going to be able to notice unless you’re highly trained. We know that they’ve sold to countries around the world - many countries that you certainly wouldn’t want attacking your phone. This software has been used against journalists and human rights activists, and it turns out, in 2017 Facebook approached the NSO Group and tried to buy the Pegasus software from them,” Garaffa added.
According to a report by Motherboard, NSO CEO Shalev Hulio recently said in a court filing that two Facebook representatives asked the company in October 2017 whether they could purchase Pegasus, which allows operators to infect mobile phones remotely and steal data from them. Around the time that it approached NSO, Facebook had developed and released a VPN product called Onavo Protect, which, if downloaded on a person’s phone, could determine what other apps they were using.
Motherboard reports that Facebook was interested in purchasing Pegasus so it could monitor the phones of people who had already downloaded Onavo Protect.
“At that time, Facebook was developing a product called Onavo - which it said was a VPN, which they claimed will keep you safe and secure online. Well it turns out that Onavo Protect - this product was analyzing the web traffic of the people who were using it. It was feeding data on literally every web page you went to,” Garaffa explained.
“It’s not completely clear what part of Pegasus they would have used in Onavo Protect, and it’s also not clear if this would have been detected by Apple. But the fact that Facebook tried to purchase the rights to use this software and to include this hacking tool in this system just shows how far Facebook will go in order to collect data on us to feed its advertising machine - and also, of course, to feed the national surveillance state. Facebook partners with the NSA [US National Security Agency] and law enforcement,” they added.
According to NSO Group, Facebook offered to pay the company a monthly fee for every Onavo Protect user.
“The NSO Group says it turned them down because it only sells this Pegasus software to law enforcement and intelligence agencies. It doesn’t sell to private entities, so at least we can believe that this software was not in any version of an app that anyone would have downloaded. But we have to remember that Facebook’s apps are installed on the majority of phones. Facebook owns not just Facebook and Messenger, but they also own WhatsApp, they also own Instagram,” Garaffa pointed out.
“We have to be aware that maybe in two years we’re going to find out that maybe Facebook has added some other software - some other similar, Pegasus-like software - to an app that we have on our phones,” Garaffa added.
In a statement obtained by Motherboard, Facebook - which is currently suing NSO Group over claims that the firm used a vulnerability in WhatsApp to help governments hack users - denied the claims made by the surveillance firm.
"NSO is trying to distract from the facts Facebook and WhatsApp filed in court over six months ago. Their attempt to avoid responsibility includes inaccurate representations about both their spyware and a discussion with people who work at Facebook. Our lawsuit describes how NSO is responsible for attacking over 100 human rights activists and journalists around the world. NSO CEO Shalev Hulio has admitted his company can attack devices without a user knowing and he can see who has been targeted with Pegasus. We look forward to proving our case against NSO in court and seeking accountability for their actions," the social media giant said.