The last lawsuit we considered with NSO, an Israeli tech company that produces and sells a form of spyware was the Apple vs. NSO case. NSO has developed a powerful tool, called Pegasus, which allows users to crack IOS and Android encrypted devices. Pegasus has drawn the ire of governments, tech companies and journalists, not due to its abilities, but more to whom NSO markets and pushes those abilities to for a profit. This can include cyber terrorists, black hat hackers, nation states with not so friendly relations to the rest of the world, and others involved for years with a fundamental lack of human rights and a closed press.
How Pegasus Gets Added to a Personal Device
Recently, Apple notified eleven U.S. State Department employees that Pegasus was installed on their government phones. For all of its advanced decryption capabilities, Pegasus is installed through common methods such as finding vulnerabilities in mobile software (like Whatsapp) or spear phishing a target into opening a link or document that once open, installs the spyware. This link can also come in the form of a text message, which is the typical entry. As with any high quality spyware, it can steal passwords, text messages, contacts, and photos.
Valuable Law Enforcement Tool or Threat to Society?
NSO officials deny the malevolence of Pegasus, noting that the tool is invaluable to law enforcement and counterintelligence units, to expose cyber criminals, child predatory behavior, and terrorism. While it seems to be true that both allies and adversaries of the United States use Pegasus, the former has drawn recent attention. In November, the Biden Administration put NSO on a list of “companies engaging in activities that are contrary to national security or foreign policy interests of the United States”, which makes doing business with U.S. entities very difficult for NSO and its subsidiaries. The ongoing battle between NSO and the tech sector is a bit like a cat and mouse game, where one adapts to the advances of the other to either protect the encryption or crack it, depending on which side they are on.
Last week, the New York Times filed suit against the Department of Justice to compel the agency to expedite a FOIA request filed by the Times in January. The newspaper has maintained an ongoing ‘watchdog approach” to NSO and Pegasus for multiple years. Both they and the Washington Post (owned by Amazon’s Jeff Bezos), have recently reported that the FBI has according to their sources, continued to use Pegasus. The FBI admitted to the Post, according to Ellen Nakashima’s February 2 article that it has bought and tested NSO spyware. The Times has asked for in their FOIA request to the FBI “all contracts, memoranda of understanding, and correspondence between the FBI and NSO Group”. The suit was filed because the FBI denied their request for expedited processing.
It’s a Tangled Cyber Web
There are several issues in this matter that continues to paint it a bright gray. Israel is recognized as an ally of the United States and this conflict between the tech sector, the U.S. government, journalists, and NSO, has most certainly complicated that relationship. NSO and its parent company, Q Cyber technologies, in fact have offices in the United States (under company named Westbridge), with a very similar product to Pegasus called Phantom. NSO has swapped owners over the last few years, including primary ownership at one time, by a U.S.-based private equity firm. The ties to NSO run not only deep to the rest of the world, but to the U.S. as well. The “tangled web we weave” doesn’t seem to be organizing itself anytime soon in this complex ongoing saga.