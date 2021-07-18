The head of the Israeli surveillance giant NSO Group pledged Sunday to investigate potential cases of human-rights abuse following a sweeping report by The Washington Post and other media organizations that uncovered how NSO’s government clients had deployed its spyware tool Pegasus against activists, journalists and private citizens around the world.

Shalev Hulio, NSO’s chief executive and co-founder, continued to dispute that a list of more than 50,000 phone numbers assessed during the investigation had any relevance to NSO. The numbers were concentrated in countries known to have been NSO clients, the investigation found, and forensic analysis of some of the smartphones that had been on the list showed evidence of a suspected Pegasus targeting or successful hack.

But Hulio nevertheless told The Post that some of the reported allegations were “disturbing,” including the surveillance of journalists. He also said the company intended to investigate the allegations regarding Pegasus and would terminate the contracts of clients in cases where they learned the tool had been misused.

“Every allegation about misuse of the system is concerning me,” he told The Post. “It violates the trust that we give customers. We are investigating every allegation … and if we find that it is true, we will take strong action.”

NSO has said its products should only be used by its government clients to investigate terrorism or major crimes. NSO said in a transparency report last month that it had terminated five clients following investigations of misuse since 2016, including one case last year in which Pegasus was misused to “target a protected” individual.

Human rights activists, political dissidents, technology executives and others around the world expressed outrage at the widespread hacking and surveillance revealed in the Pegasus Project, an investigation by The Post and 16 international media partners. Initial stories were published Sunday, and more are expected in the coming days.

Advertising

The investigation detailed how a leak of more than 50,000 phone numbers helped expose how the tool was used for the targeting and surveillance of politicians, journalists and business leaders.

Edward Snowden, the former National Security Agency contractor whose 2013 leak of highly classified documents sparked a global conversation about government spying, said on Twitter that the leak would be “the story of the year” and called for a “comprehensive moratorium” on sales of phone-hacking tools.

NSO, he added, “should bear direct, criminal liability for the deaths and detentions of those targeted by the digital infection vectors it sells, which have no legitimate use.”

Forbidden Stories, a Paris-based journalism nonprofit, and Amnesty International, a human rights group, had access to the list of numbers and shared it with the news organizations, which did further research and analysis to determine who the numbers belonged to. Amnesty’s Security Lab conducted forensic analyses on smartphones obtained to find traces of attempted or successful hacks.

Before publication, NSO had called the investigation’s findings exaggerated and baseless. The company said in statements last week that it does not operate the spyware licensed to its clients and “has no insight” into their specific intelligence activities.

Sunday, Hulio was more conciliatory. “The company cares about journalists and activists and civil society in general,” Hulio said. “We understand that in some circumstances our customers might misuse the system and, in some cases like we reported in [NSO’s] Transparency and Responsibility Report, we have shut down systems for customers who have misused the system.”

Advertising

Hulio said Sunday that NSO had suspended two clients in the past 12 months for human rights abuses.

The Israeli government on Sunday also released a statement following publication saying the country “does not have access to the information gathered by NSO’s clients.” The Israeli Defense Ministry must approve any Pegasus license to a government that wants to buy it, according to previous NSO statements.

The reports re-energized calls for stronger regulation of the digital surveillance tools that governments use to monitor the public. David Kaye, a United Nations special rapporteur from 2014 to 2020, said Sunday that the “out-of-control spyware industry” should be placed under “a global moratorium” that would halt the sale and transfer of such technologies.

Will Cathcart, the head of WhatsApp, the Facebook-owned messaging service fighting NSO in court on allegations the company spied on 1,400 WhatsApp users, urged companies and governments on Sunday to “hold NSO Group accountable” for building spyware used to “commit horrible human rights abuses all around the world.”

“This is a wake up call for security on the internet,” he tweeted. “The mobile phone is the primary computer for billions of people. Governments and companies must do everything they can to make it as secure as possible. Our security and freedom depend on it.”

Madawi al-Rasheed, a prominent Saudi academic and dissident who lives in exile in London, said on Twitter on Sunday that she had been among those targeted for surveillance or hacking by the Saudi regime. Rasheed, a visiting professor at the London School of Economics Middle East Center and the author of a recent book on Crown Prince Mohammed bin Salman, is also co-founder of a Saudi exile opposition party that was launched last year.

Advertising

“An axis of evil is developing in the Middle East to spy on activists and suffocate democracy-KSA, UAE and Israel,” she wrote in another Twitter message, referring to Saudi Arabia and the United Arab Emirates. “All close allies and partners of the USA.”

Some inside NSO’s home country of Israel also questioned the potential users of such tools. One of Israel’s most prominent cyber investors, Erel Margalit, said his firm has drawn a red line when it comes to investing in cybersecurity, focusing only on defensive tools rather than offensive ones that are used to attack an adversary.

“It’s tricky,” said Margalit, the founder and executive chairman of the Israeli investment fund Jerusalem Venture Partners. “You know the people you are selling to, but you don’t know what your technology is used for; you know where it starts but you don’t where it ends.”

– – –

The Washington Post’s Elizabeth Dwoskin and Kareem Fahim contributed to this report.

The Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 news organizations coordinated by Forbidden Stories with the technical support of Amnesty International’s Security Lab.