WSJ News Exclusive | Head of Israeli Cyber Firm NSO Group Reaffirms Company Commitment to Spyware
WASHINGTON—Embattled Israeli technology firm NSO Group acknowledged that its clients had sometimes misused the company’s high-powered hacking tools but defended the need to give law-enforcement and intelligence agencies the ability to digitally break into and monitor smartphones.
In his first media interview since taking over as chief executive in 2022,
Yaron Shohat
said NSO Group has lost customers since the Biden administration levied stiff measures against the company in late 2021, but has stabilized itself financially and recently attracted new deals. Mr. Shohat didn’t specify how many customers NSO Group currently has but said it was around a few dozen.
“NSO products are in high demand, and I really believe this kind of technology is necessary for any law-enforcement agency or intelligence agency,” he said.
Mr. Shohat, 52, said NSO Group was committed to its core business of supplying governments around the world who are allies of the U.S. and Israel with hacking tools despite recent struggles that have forced the company to downsize.
The Wall Street Journal and others last year reported that NSO had been considering a pivot to cyber defense or other markets, but Mr. Shohat said the company is now committed to its core Pegasus spyware product.
“NSO is in the business of cyber intelligence,” he said. “That’s the focus. That’s my mission, to make sure that our products are the best in the market.”
Unlike most cyber intrusion methods, Pegasus allows users to infiltrate phones using “zero click” malware that doesn’t require a target to click on any link or attachment. Once installed, Pegasus can turn the smartphone into a silent spying device by gaining access to its files, messages, microphone and camera, according to researchers. Such tools are considered rare, expensive and powerful, though
Apple Inc.
and others have taken steps to interfere with their deployment.
Independent security researchers have said they have found evidence of NSO Group’s Pegasus spyware on devices belonging to politicians, human-rights activists, journalists and other high-profile people in more than a dozen countries over the past several years. The U.S. government made a similar assessment when it blacklisted NSO Group in 2021.
Mr. Shohat said NSO Group had terminated 10 customers because of alleged misuse of its technology, adding that the spyware vendor had learned lessons from those experiences. He didn’t name the customers.
“I will not tell you that we never had mistakes, but we act responsibly,” he said. “We make sure that all of our customers understand what abuse means; understand what are the legitimate use cases for the tool.”
NSO Group is facing legal challenges from American tech companies in U.S. federal court.
Photo:
AMIR COHEN/REUTERS
Mr. Shohat said NSO’s customer base now consists largely of members of the U.S.-led North Atlantic Treaty Organization and other allies of the U.S. and Israel. He declined to say whether all of NSO’s clients were democracies, but said “all the customers or countries that the U.S. would sell weapons to, and all of them according to the regulation and the law.”
He said Saudi Arabia isn’t a current customer but refused to discuss any other specific country.
John Scott-Railton,
a senior researcher at Citizen Lab, a cyber-research group at the University of Toronto that has closely monitored NSO Group, dismissed the idea that selling Pegasus, even to allies, was the same as other types of weapons exports.
“If I went around selling ICBMs to all the countries that the U.S. sells various weapons to, I’d imagine the U.S. would be pretty upset, too,” Mr. Scott-Railton said. “Pegasus is a cyber weapon with no logical limitation on range.”
NSO Group, founded in 2010 by three Israelis, has found itself at the center of a global debate about the selling of cyberintelligence capabilities that give governments tools to remotely break into smartphones and extract data from them.
A series of articles published by a global consortium of journalism organizations in 2021 alleged that NSO Group’s Pegasus has been used by dozens of law-enforcement and intelligence customers globally to target and break into cellphones belonging to politicians, human-rights activists and journalists.
NSO Group has disputed the list of phone numbers said to include targets of Pegasus spyware. Mr. Shohat said the total universe of devices targeted by its technology was an “order of magnitude” smaller than the list, which was reported to have roughly 50,000 numbers worldwide attached to it.
U.S. agencies, including the Federal Bureau of Investigation, held talks and in some cases purchased NSO Group products, according to people familiar with the matter. FBI Director
Chris Wray
has said in congressional testimony the FBI bought NSO Group technology to test it and didn’t use it for operational purposes. Mr. Shobat declined to discuss any U.S. customers.
“‘We make sure that all of our customers understand what abuse means; understand what are the legitimate use cases for the tool.’”
In 2021, the Biden administration placed NSO Group on an export-prohibition list that restricted the firm from obtaining some types of technology from the U. S.—imperiling the company’s ability to do business across the world. The Commerce Department also blacklisted three other similar vendors based in Israel, Russia and Singapore in a coordinated crackdown on private companies selling such services.
Mr. Shohat said it was a mistake for NSO Group to be placed on the list, adding he was hopeful that it was “something that would be corrected in the future.”
Ratings firm
Moody’s Corp.
said in the aftermath that NSO Group was at risk of defaulting on its debt, which it estimated to be about $500 million.
Intelligence agencies such as the U.S. National Security Agency or the United Kingdom’s Government Communications Headquarters routinely use hacking tools as part of their mission. NSO Group, however, often sells such cyber capabilities to countries that don’t have their own bespoke capabilities.
In Saudi Arabia, Mexico, Rwanda, the United Arab Emirates and elsewhere, NSO Group’s technology has been found on devices belonging to opposition politicians, journalists and human-rights activists, according to researchers. The firm says it trains customers on appropriate uses of its products and doesn’t publicly discuss to whom it sells them.
NSO Group is also facing a number of landmark legal challenges from American tech companies in U.S. federal court.
Meta Platforms Inc.,
which owns Facebook and the messenger service WhatsApp, sued NSO in 2019 over what it alleged was a breach of its servers to install NSO malware on target devices. In addition, Apple has filed a separate suit in 2021 asking a court to permanently prohibit NSO Group from penetrating iPhones and other Apple devices.
The U.S. Supreme Court earlier this month ruled that Meta’s lawsuit could proceed against NSO, rejecting the company’s argument that it had immunity on the grounds that all its customers were governments, which typically can’t be sued in U.S. courts.
Mr. Shohat said that if NSO Group doesn’t pursue contracts, the decades-old international spyware market will become dominated by companies less interested in playing by any rules, including by firms in countries that are adversarial to the U.S., such as Russia and China.
“Someone has to fill the vacuum,” he said.
Write to Byron Tau at [email protected] and Dustin Volz at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
