Report: US Defense Contractor in Talks to Take Over Israeli Pegasus Spyware Company

Report: US Defense Contractor in Talks to Take Over Israeli Pegasus Spyware Company

NSO’s Pegasus spyware has been linked to abuses by governments

Edited by: Fern Sidman

US defense contractor L3Harris is in talks to take over NSO Group’s surveillance technology, in a possible deal that would give an American company control over one of the world’s most sophisticated and controversial hacking tools, The Guardian of the UK reported on Tuesday.

Multiple sources quoted in the report confirmed that discussions were centered on a sale of the Israeli company’s core technology – or code – as well as a possible transfer of NSO personnel to L3Harris, as was reported by Israel National News. However, any agreement still faces significant hurdles, including requiring the blessing of the US and Israeli governments, which have not yet given the green light to a deal.

A senior White House official said in response, “Such a transaction, if it were to take place, raises serious counterintelligence and security concerns for the US government.”

Asked to comment on the talks, an L3Harris spokesperson said, “We are aware of the capability and we are constantly evaluating our customers’ national security needs. At this point, anything beyond that is speculation.”

INN also reported that the White House said that it had not been involved in “any way in this reported potential transaction”.

The senior White House official also said the US government “opposes efforts by foreign companies to circumvent US export control measures or sanctions, including placement on the US Department of Commerce’s Entity List for malicious cyber activity, “ according to the INN report.

One person familiar with the talks said that if a deal were agreed, it would probably involve selling NSO’s capabilities to a drastically curtailed customer base that would include the US government, the UK, Australia, New Zealand and Canada – which comprise the “five eyes” intelligence alliance – as well as some NATO allies.

Any deal would also face hurdles in Israel. One assumption in the Israeli cyber industry is that it would have to keep oversight of the Israeli-made technology in Israel and keep all development of Pegasus and personnel in Israel, as was reported by INN.

NSO is regulated by the Israeli Ministry of Defense, noted The Guardian, which has had ultimate say over the company’s government clients.

NSO’s Pegasus software has been linked to abuses by governments.

In February, the Finnish foreign ministry said it had detected Pegasus in several phones used by its diplomats abroad.

INN also reported that the Finnish announcement followed a report in The New York Times which said that former Prime Minister Benjamin Netanyahu worked to ensure that Saudi Arabia would be able to use the Pegasus software, around the time that the Abraham Accords were signed with the United Arab Emirates (UAE).

More recently, Canada’s Citizen Lab group said that at least 65 people linked to the Catalan separatist movement had been targets of the Pegasus spyware after a failed independence bid in 2017.

Citizen Lab and Lookout discovered that the link downloaded software to exploit three previously unknown and unpatched zero-day vulnerabilities in iOS. According to their analysis, the software can jailbreak an iPhone when a malicious URL is opened, a form of attack known as spear phishing. The software installs itself and collects all communications and locations of targeted iPhones. The software can also collect Wi-Fi passwords.

Citizen Lab and Lookout notified Apple’s security team, which patched the flaws within ten days and released an update for iOS. A patch for macOS was released six days later. Apple sued the Israeli firm in late November, seeking a permanent injunction to ban NSO Group from using Apple software, services, or devices.

The US Commerce Department recently blacklisted NSO Group, prohibiting it from using American technology in its operations, according to the INN report.

In March of this year, the Jewish Voice reported that Israel found itself in an imbroglio of sorts due to the enigmatic spyware known as Pegasus.

Pegasus spyware was developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is reportedly able to exploit all iOS versions up to 14.6, through a zero-click iMessage exploit, as was reported by Wikipedia. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones, as was reported by Wikipedia.

Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. Wikipedia reported that sews of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever and was the first time that a malicious remote exploit used jailbreaking to gain unrestricted access to an iPhone.

In August 2020, Haaretz reported that NSO Group sold Pegasus for hundreds of millions of US dollars to the United Arab Emirates and the other Gulf States, for surveillance of anti-regime activists, journalists, and political leaders from rival nations, with encouragement and mediation by the Israeli government. Since July 2021, an international investigation Pegasus Project, along with an in-depth analysis by human rights group Amnesty International, reported that Pegasus was still being widely used against high-profile targets, as was reported by Wikipedia.

NSO Group developed its first iteration of Pegasus spyware in 2011. Wikipedia reported that the company states that it provides “authorized governments with technology that helps them combat terror and crime.” NSO Group has published sections of contracts which require customers to use its products only for criminal and national security investigations and has stated that it has an industry-leading approach to human rights.

Pegasus’ iOS exploitation was identified in August 2016. Arab human rights defender Ahmed Mansoor received a text message promising “secrets” about torture happening in prisons in the United Arab Emirates by following a link. Wikipedia reported that Mansoor sent the link to Citizen Lab of the University of Toronto, which investigated, with the collaboration of Lookout, finding that if Mansoor had followed the link it would have jailbroken his phone and implanted the spyware into it, in a form of social engineering.

Wikipedia reported that Pegasus had previously come to light in a leak of records from Hacking Team, which indicated the software had been supplied to the government of Panama in 2015.

Regarding how widespread the issue was, Lookout explained in a blog post: “We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code” and pointed out that the code shows signs of a “kernel mapping table that has values all the way back to iOS 7” (released 2013). Wikipedia reported that the New York Times and The Times of Israel both reported that it appeared that the United Arab Emirates was using this spyware as early as 2013.It was used in Panama by former president Ricardo Martinelli from 2012 to 2014, who established the Consejo Nacional de Seguridad (National Security Council) for its use.

On February 2 of this year, the AP reported that the FBI has confirmed purchasing Pegasus spyware. It suggested its motivation was to “stay abreast of emerging technologies and tradecraft.”

The New York Times recently reported that “the Israeli government rejected requests from Ukraine and Estonia in recent years to purchase and use Pegasus to hack Russian mobile phone numbers, according to people with knowledge of the discussions.”

Fearing that their relationship with Russia and the agreements that Israel established with it as it pertains to Hezbollah in Syria would be placed in jeopardy, Israel decided that selling the Pegasus software to nations that have an adversarial relationship with it, as was reported by the Times.

In the years before the Russian invasion of Ukraine, both Estonia (another country that fears a Russian takeover) and Ukraine had placed their bets on getting their hands on Pegasus as a sure-fire way of gaining access to Russian cell phones, the report indicated.

The Times reported that the Washington Post and The Guardian of the UK, are part of a consortium of news organizations called The Pegasus Project. They reported that these discussions about Pegasus between Ukraine, Estonia and Israel dated back to 2019, and first reported that Israel had blocked Estonia’s efforts to obtain Pegasus.

Those efforts, however, were rebuffed and NSO Group, which is regulated by the Israeli ministry of defense, was never permitted to market or sell the company’s spyware to Ukraine, the Guardian reported.

The spyware has also been used against senior government and diplomatic officials, from Spain to France to Uganda, in cases that were seen as attempts by some countries to use the tool to conduct domestic or international espionage, according to the Guardian report.

NSO has said its spyware is meant to be used by government clients to target serious criminals and terrorists. It has also said it investigates serious allegations of abuse.

In a statement, NSO said the company “can’t refer to alleged clients and won’t refer to hearsay and political innuendo,” according to Times report.

Ukraine’s reaction to Israel declining their request to purchase Pegasus was that of deep disappointment, as it had the ability to provide critical information to them in terms of monitoring Russia’s military movements and assessing the foreign policy objectives of Russia, the Times reported. This information was provided to the Times by a senior Ukrainian official who was familiar with the attempts his country made to buy the spying software.

About a year after Ukraine made its request to Israel about the possible purchase of Pegasus, the Times reported that a senior Russian defense official contacted Israel security agencies to notify them that Russia had learned of Estonia’s plans to use Pegasus against Russia. The Times also reported that subsequent to a series of raucous debates amongst Israeli officials, Israel’s Ministry of Defense blocked Estonia from using the spyware on any Russian mobile numbers worldwide.

(Sources: IsraelNationalNews.com, The Guardian of the UK, Associated Press, Wikipedia.org)