Application Security , Cybercrime , Cyberwarfare / Nation-State Attacks
NSO's Troubles Extend Beyond CEO-Designate QuittingUS Blacklisting; Appeal for Israeli Intervention Rejected
"Shalev Hulio, the co-founder and CEO of NSO Group, announced that he will remain in his position as CEO for the near future, due to the need for stability and continuity during this period," an NSO spokesperson told Information Security Media Group, following reports by local Israeli media agency Calcalist Tech that NSO Group CEO-designate Itzik Benbenisti, currently NSO's co-president, has resigned.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Benbenisti's move comes just two weeks after the Israel-based intelligence company's board of directors on Oct. 31 decided on his appointment to the position, which was supposed to begin on Nov. 15, the media agency says. "I am impressed with the high moral standards, ethical framework and compliance policies that streamline throughout everything NSO Group does, and especially the willingness to continue improving at all fronts," Benbenisti was quoted as saying at the time.
But Benbenisti - who joined the company as a co-president in August - wrote in his resignation letter submitted to NSO Chairman Asher Levy that he "would not be able to assume the position of the CEO, in light of the special circumstances created in the company," Calcalist reports. It added that he specifically cited the blacklisting of NSO Group - among four surveillance tech companies - by the U.S. Department of Commerce last week (see: US Commerce Department Blacklists Israeli Spyware Firms).
Earlier in the week, it was disclosed that NSO spyware had been detected on the cellphones of six Palestinian human rights activists, primarily those associated with groups that Israel’s defense minister controversially claimed had been involved in terrorism, say security researchers from Front Line Defenders, a group that advocates protection of human rights.
To confirm its findings, Front Line Defenders shared its technical report with security researchers from Amnesty International and the University of Toronto’s Citizen Lab - which is known to have closely studied and followed NSO Group's intrusive spyware. The peer review of these organizations affirmed Front Line Defenders' speculations in a joint technical report published by the Citizen Lab.
"The revelation marks the first known instance of Palestinian activists being targeted by the military-grade Pegasus spyware," The Associated Press reports. Ahmed al-Deek, the assistant Palestinian foreign minister for political affairs, later told the AP, "We are 100% sure that the phones belonging to senior officials were hacked." The AP also cites a statement from the Palestinian Ministry of Foreign Affairs that blames Israel for the hacking, calls it a "blatant and immoral violation of international law," and urges an international boycott of all parties involved.
UK Lawmakers Demand Action
Ten U.K. lawmakers - seven members of Parliament and three lords - have written a letter to British Prime Minister Boris Johnson demanding that the government end all its joint cybersecurity initiatives with countries that are known to have used NSO spyware to target dissidents, journalists and lawyers, among others, reports the Guardian newspaper.
The lawmakers are adamant about imposing sanctions on the NSO Group and the countries whose governmental organizations deals with it. They suggest that the government take immediate action against them as they may "pose a serious threat to our national security," according to the letter.
The lawmakers cite the blacklisting by the U.S. and the findings from the Pegasus Project carried out in collaboration with the Citizen Lab that reveals two human rights activists now living in exile in London were targeted by Pegasus spyware (see: Citizen Lab: Bahrain Used Pegasus to Spy on Activists).
"The use of NSO Group’s Pegasus spyware by Gulf regimes against U.K. residents and nationals, including members of the House of Lords and refugees living under British protection, poses a threat to our national security and reveals the contempt with which our so-called allies in the Gulf view our laws," says Andy Slaughter, the Labor Party Member of Parliament for Hammersmith and one of the 10 lawmakers who signed the letter to Johnson.
Slaughter urges the sanctioning of the NSO Group and requests that the government investigate the harms caused by these operations and "ensure consequences, starting with a fundamental reassessment of their relationship with Saudi Arabia, Bahrain and the UAE."
In October 2021, the NSO Group, however, reported implementing a change in its spyware preventing its client countries from targeting over 44 U.K. country code numbers, the Guardian reported, citing unnamed company sources.
Arrests in Mexico
Mexico has been added to the long list of countries calling out the NSO Group for its allegedly illegal use of spyware against a journalist and a top Mexican official, reports the Israeli news platform Haaretz.
The report claims that in July, the Mexican federal prosecutor's office issued a statement saying that journalist Carmen Aristegui provided enough data to determine that the NSO Group used a private Mexican company - a reference to a company called KBH - to target various officials in Mexico whose identity has been kept secret due to legal issues.
The investigators raided the company and examined a hard disk that showed KBH had tapped the telephones of various officials. Although a complete list was not made public by the Mexican authorities, the report said it could confirm that the phone of Mexican national security adviser Dr. Manuel Mondragon had been tapped.
Citing this as a Mexican security and law enforcement concern, Mexico’s attorney general announced the arrest - for using Pegasus spyware - of Juan Carlos García Rivera, a technical support executive at private companies Proyectos y Diseños and KBH Track. Both companies were founded by Israeli national Uri (Emmanuel) Ansbacher, Haaretz reports. If proven, this could mean that NSO's claims of providing services exclusively to governments are false, the report adds.
NSO has denied having any connections with Rivera and says, "The person reported arrested is not, and never was, an employee of NSO Group, or any of its affiliates," in a statement given to the AP.
"Due to contractual and national security considerations, we cannot confirm or deny the identity of our government customers. As we stated in the past, NSO Group does not operate the products itself; the company licenses approved government agencies to do so, and we are not privy to the details of individuals monitored," an NSO spokesperson tells ISMG.
Facebook vs. NSO Group
Making matters worse in its already bad past two weeks, the U.S. Court of Appeals for the Ninth Circuit on Monday rejected NSO Group’s claim of immunity as a foreign sovereign. This allows a lawsuit brought by Facebook - now known as Meta - and supported by other tech firms to move forward (see: Other Tech Firms Back Facebook's Lawsuit Against NSO Group).
"The panel held that the Foreign Sovereign Immunity Act occupies the field of foreign sovereign immunity and categorically forecloses extending immunity to any entity that falls outside the Act’s broad definition of 'foreign state,'" the court ruling says.
Citing the Supreme Court verdict in Samantar v. Yousuf, 560 U.S. 305 (2010) that does not extend foreign official immunity to entities, "The panel rejected [the] defendant's argument that it could claim foreign sovereign immunity under common-law immunity doctrines that apply to foreign officials." Facebook can now sue NSO for allegedly exploiting vulnerabilities in its products in order to install spyware.
NSO Demands Government Intervention
Citing the wide range of issues targeting it from various fronts and particularly its blacklisting by the U.S. Commerce Department, NSO asked the Israeli government to intervene on its behalf to lift sanctions imposed against it by the U.S., according to digital news platform Axios, which cites a letter reportedly sent by NSO CEO Hulio to Prime Minister Naftali Bennett.