Facing a public backlash, an Israeli spyware firm is now scoring its government customers
WASHINGTON — When Shmuel Sunray accepted the job in the fall of 2019 as chief legal counsel for NSO Group, an Israeli spyware company accused of selling malware used against journalists and dissidents, he knew it would be a challenge.
Founded in 2009 by ex-military and intelligence officers, the company created a hacking tool called Pegasus that promised cops and spies access to criminals’ and terrorists’ private text messages, photos, cameras and microphones.
But NSO’s customers don’t always just go after child pornographers and drug traffickers. In 2018, human rights group Amnesty International accused NSO in court of helping the Saudi government spy on a close associate of Washington Post columnist Jamal Khashoggi, who was murdered at the Saudi Consulate in Istanbul. Then Facebook sued NSO just a day after Sunray started work, alleging the company had helped hack over 1,400 of its customers.
Novalpina Capital, the London-based private equity firm that acquired NSO in February 2019, was already under fire from activists demanding answers about how the firm would address the company’s alleged abuses and advocating for stricter regulation of the spyware industry.
NSO co-founder Shalev Hulio has publicly denied helping the Saudis monitor Khashoggi, and several other attacks linked back to its spyware, but the company recognized it had a potential problem and turned to Sunray. “We need more structure, we need more experience,” Sunray recalled NSO’s executives telling him when they brought him on.
The company’s future might depend on it. NSO is reportedly considering going public with an estimated valuation of up to $2 billion (Sunray declined to comment on those plans). Novalpina, which knows that bad publicity could affect NSO Group’s ability to raise capital, has promised to strengthen oversight of the firm’s activities and increase transparency.
In a series of interviews with Yahoo News over the last several months, Sunray explained some of the details of NSO’s internal processes, which include an elaborate system for scoring countries that wish to buy the company’s products. NSO says it permanently cut ties with four clients so far, giving up $200 million in sales opportunities, though it won’t say which ones. Sunray wouldn’t speak about the details of any sales or customers.
For experts who have followed NSO’s work, like Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, these promises ring hollow.
“A human-rights-respecting framework that is entirely opaque, cannot be checked by anyone, and that security researcher reports indicate concludes selling to Saudi Arabia is just fine is a framework that might as well not exist at all,” Galperin said.
But NSO argues it’s a leader in the shadowy spyware industry, taking on both risk and reward by opening up to the world — at least a little.
“We’re not naive,” Sunray said, acknowledging the impact the company’s software can have on those people targeted by it. “We understand that these tools are very intrusive.”
NSO announced its new human rights policy in September 2019, and Sunray said this policy is always evolving, taking lessons from international bodies and other industries’ compliance regimes. The program is, according to NSO, the “first in the sector” of similar surveillance companies.
According to internal slides and documents provided to Yahoo News by NSO, every sales opportunity first arrives on the desk of NSO’s business unit, and the company then conducts a “country review,” taking into account a range of different sources of information to calculate a score out of 100 to evaluate the “relative strengths of certain fundamental rights within a particular country.”
NSO then compiles a chart that demonstrates how potential clients might be evaluated based on the combination of the country review and a risk assessment, from “low” to “elevated” risk. Some governments end up in a blacked-out section, and are ruled “presumptively no-go” or even automatically ruled out. If a country is sanctioned, that’s also a no.
According to the chart, a country that scores above 60 out of 100 will likely be classified as a “low” risk. If it scores below 20, NSO “generally will not engage” with it, according to the slideshow.
It’s almost impossible to know exactly how the scores come down on specific countries, as NSO refuses to provide examples. The company says a majority of its sales are to governments in Western Europe but won’t provide a more specific percentage.
This system is unlikely to assuage the concerns raised by privacy and digital rights experts.
“This score is quite vague,” said Natalia Krapiva, a technology and legal adviser for the digital rights group Access Now who helped assemble a coalition of like-minded groups to demand answers from NSO and Novalpina Capital in an open letter from late April. “Even some countries who receive a score below 20, they still engage with. This is quite a concern.”
Bill Marczak, a senior research fellow with the University of Toronto’s Citizen Lab who has been investigating NSO for years, agreed that the matrix is a bit of a “black box” and doesn’t provide much value. He’d like to see examples of how, for example, a Western European country might score versus one in the Middle East like Saudi Arabia.
While Sunray declined to comment on any work with Saudi Arabia, he did say that NSO factors in the country’s entire governance when deciding who to sell its tools to. While NSO might, for example, work with a counterterrorism agency in one country but not a nearby local police department, based on the possible risk, it wouldn’t be possible in an authoritarian regime to distinguish between agencies when power is so centralized, according to Sunray. “It’s really very much case-specific as far as how the regime is, how the rule of law is, the interrelationship between the different agencies,” he said.
If there are still outstanding questions, NSO sometimes uses a network of independent consultants and advisers for additional review. Those advisers are paid by NSO for their work and don’t receive any additional payment if a sale goes through.
The company told Yahoo News that the management committee, which is made up of the CEO, the chief product adviser and the general counsel, Sunray, rejects around 15 percent of prospective clients, while around 30 percent are approved with certain mitigations put in place. (It considers about five to six opportunities in its monthly meetings.)
The main layer of independent oversight occurs through the Israeli Ministry of Defense, according to Sunray. To sell tools like Pegasus, the company needs both a marketing license and an export license. The Ministry of Defense denies a contract to NSO “a few times a year,” Sunray said.
Once a sale is made, however, NSO is almost completely hands-off, beyond providing periodic technical assistance and conducting training sessions for the governments operating the tools, he said.
According to Sunray, NSO delivers the individual servers, the equipment and all the information necessary to use the tool, and then steps away. He said there is no way for the information to beam back to NSO, either via the digital infrastructure set up by the company or by the tool’s online interface. NSO sells customers a “black box,” Sunray said, which he claimed also prevents clients or others from stealing information about how it works and reselling their own tool in turn.
Sunray said NSO’s biggest challenge is detecting wrongdoing in real time, because “we don’t have visibility into the actual use on a day-to-day basis.” He said the company focuses on identifying potential problems before they happen, but when asked what technical restraints NSO codes into its tool, he admitted that such protections are the “weakest link.”
NSO can block a customer from using its tool in a certain country; Pegasus doesn’t work on U.S. area codes, Sunray confirmed (though NSO has a separate product for U.S. law enforcement, according to a Motherboard investigation). NSO has thought about how it could prevent its customers from targeting journalists, for example, using code embedded in the tool, but that would likely require having the phone numbers of every reporter in the world, he said.
“There’s no replacement for the human discretion of the intelligence agencies, and there’s no way for us to go and override while the operation is going on,” he said.
While NSO doesn’t watch over government officials while they operate the tool, it does have a loss-prevention team, Sunray said, which tries to prevent targets from discovering details about the malware the company develops.
On at least one subject, NSO and technical experts tasked with exposing their tools might agree: If a prominent dissident or journalist ends up as a target, and that target has access to someone who can analyze the attack, it’s not only an abuse of the system but bad for business. Researchers can learn things about NSO’s tools that can tip off tech companies to vulnerabilities being exploited in their systems.
“Clearly, NSO takes steps to ensure spyware only hits intended targets (and that security researchers don’t get a copy),” wrote Marczak of Citizen Lab in an email to Yahoo News. “For example, spyware links (which deliver NSO’s core trade secrets, representing multi-million dollar [research and development] to the target’s phone) can only be clicked once, and the behavior of servers is changed when researchers publish a report.”
NSO currently relies on two avenues to discover incidents of abuse. The first is an internal whistleblowing program, in which its employees, who might be on site with a client, report potential abuses back to the company. “The people that have the interaction with the customer, the support people ... when they sit down over coffee with the operators or in a training session ... they start hearing different things that might show there’s not total awareness of the right use of the system,” Sunray said. This has happened “one or two times,” he said.
However, NSO receives the bulk of its tips about abuses from the outside, to include reports from NGOs, media or victims themselves, according to Sunray. But by that time the damage may already be done.
If NSO deems there’s a credible report of an abuse, the company kicks off an internal investigation, Sunray said. During the probe it has a few safeguards in place to help verify a misuse, he said. The software automatically compiles a log of its uses that can’t be tampered with by the client, though that log is available to NSO only if the client is willing to provide access, Sunray explained. According to NSO, no client has ever said no in opening up its books to investigation.
During the investigation, NSO sometimes temporarily shuts off access to the tool, Sunray said. The company did not provide statistics on how often it has taken that step, but said the disruption can sometimes last a few months.
The abuse itself could be any use of an NSO product “inconsistent with the end user’s agreement with NSO, domestic law and/or international norms,” an extremely broad category, particularly as each contract is individually tailored to the client, Sunray said.
He explained that NSO’s contracts have evolved over time, to include specific definitions of crime and terrorism, depending on the country. Even if a client comes to NSO with a court order to defend its use of the hacking tool during an investigation into abuse, Sunray said, the company can still determine if “we believe it’s a misuse.”
Earlier sample contracts shared with MIT Technology Review and a contract with Ghana revealed by Facebook in its lawsuit against the company do not include language about human rights. However, the most recent version of NSO’s basic client contract, dated 2021 and shared with Yahoo News on the condition it not be published in its entirety to protect trade secrets, goes into more detail on those policies.
The contract requires customers to “promptly investigate any allegations of human rights violations” and then notify NSO of the results and any actions taken to address the claims. Additionally, the contract includes a section on “permissible uses” of its malware tool, including lengthy definitions of “terrorism,” “national security threats” and “serious crimes.” Any “material breach” of the contract gives NSO the right to “suspend or cancel” the license, the contract reads.
NSO executives, under this system, have a lot of discretionary power, Sunray acknowledged. “Everything is a balance between the rights of stakeholders,” he said. “They are sovereign states. These are intelligence agencies and law enforcement agencies. They have full legitimacy to work under their rule of law. On the other hand, human rights and privacy and civil liberties and everything else is also something that’s taken into account.”
One major question that victims and activists both want answered is what NSO is actually doing about abuses.
“If you take them at face value, the noises that NSO makes about a human rights framework, ranking countries and transparency reports are all the right noises,” said Galperin of the Electronic Frontier Foundation. “They just happen to be entirely insincere, and NSO does not give civil society any way to check for compliance.”
NSO says it will hear out people who come forward, but those who have dealt with the company say they’ve had a different experience. Ben Hubbard, the Beirut bureau chief for the New York Times, for example, wrote about his experience talking with NSO after Citizen Lab researchers concluded that the company’s software was used to hack his phone. The company denied its tools were used to penetrate Hubbard’s phone but refused to refute technical observations made by researchers.
Citizen Lab last winter published a wide-ranging report on increasingly sophisticated attacks on journalists at Al Jazeera, abuses linked to both Saudi Arabia and the United Arab Emirates that the researchers uncovered in December 2020, after NSO’s human rights policy was first published.
The problem may be that NSO won’t go public about its investigations into abuse, nor how it responds. On only four occasions has it made the decision to end a client relationship permanently, an increase of one time since interviews given to MIT Technology Review in August 2020. NSO claims it has lost over $200 million in profit after turning down opportunities due to human rights concerns, but it’s unclear how large a percentage of the firm’s business that amounts to.
When asked why NSO, after discovering violations of its own contract and with no intention to renew it, won’t simply go public, Sunray said he believes that’s beyond what the company should be expected to do.
“We’re a business,” he said. “We need to make sure our systems are used responsibly, but beyond the fact that we have very strict confidentiality, we believe that is too much of what could be expected from us. Taking away the eyes and ears of an intelligence agency as a private company, that’s a very harsh decision.”
The critics aren’t buying that explanation.
Peter Micek, the general counsel for Access Now, brought up the recent example of the surveillance company Sandvine, which canceled a contract with Belarus amid a violent government crackdown on dissent. In that case, the company did publicly announce its decision, Micek told Yahoo News in an interview. “I don’t know what is preventing NSO from similarly disclosing the clients who have been terminated,” he said.
The company does say it plans to publish its first transparency report in June, though activists argue it has been making that promise for years, and so far has not delivered. For now, it appears that NSO will acknowledge only that it has made sales it shouldn’t have, but won’t say what those were, or what abuses took place.
“There have been mistakes. There will be mistakes under my watch,” Sunray said. “My whole philosophy in life is, if you don’t work, you don’t err.”
____
Read more from Yahoo News: