Israel begins investigation into NSO Group spyware abuse

Israeli government officials visited the offices of the hacking company NSO Group on Wednesday to investigate allegations that the firm’s spyware has been used to target activists, politicians, business executives, and journalists, the country’s defense ministry said in a statement today.

An investigation published last week by 17 global media organizations claims that phone numbers belonging to notable figures have been targeted by Pegasus, the notorious spyware that is NSO’s best-selling product.

The Ministry of Defense did not specify which government agencies were involved in the investigation, but Israeli media previously reported that the foreign ministry, justice ministry, Mossad, and military intelligence were also looking into the company following the report. 

NSO Group CEO Shalev Hulio confirmed to MIT Technology Review that the visit had taken place but continued the company’s denials that the list published by reporters was linked to Pegasus.

“That’s true,” he said. “I believe it’s very good that they are checking, since we know the truth and we know that the list never existed and is not related to NSO.”

The reports focused largely on the successful hacking of 37 smartphones of business leaders, journalists, and human rights activists. But they also pointed to a leaked list of over 50,000 more phone numbers of interest in countries that are reportedly clients of NSO Group. The company has repeatedly denied the reporting. At this point, both the source and meaning of the list remain unclear, but numerous phones on it were hacked, according to technical analysis by Amnesty International’s Security Lab.

When asked if the government’s investigation process will continue, Hulio said he hopes it will be ongoing.

“We want them to check everything and make sure that the allegations are wrong,” he added.

International scandal

Despite the emphatic denials, the “Pegasus Project” has drawn international attention.

In the United States, Democratic members of Congress called for action against NSO.

“Private companies should not be selling sophisticated cyber-intrusion tools on the open market, and the United States should work with its allies to regulate this trade,” the lawmakers said. “Companies that sell such incredibly sensitive tools to dictatorships are the AQ Khans of the cyber world. They should be sanctioned, and if necessary, shut down.”

The French government has said it will question Israeli defense minister Benny Gantz after French president Emmanuel Macron’s phone showed up on the leaked list. NSO denied any attempt to hack French officials. 

NSO is not the only Israeli hacking company in the news lately. Microsoft and the University of Toronto’s Citizen Lab also recently reported on hacking tools developed by Candiru that were subsequently used to target civil society groups.

NSO Group is under the direct regulation of Israel’s Ministry of Defense, which approves each sale. Critics say the export licensing process is broken because it results in sales to authoritarian regimes that have used the hacking tools to commit abuses. NSO recently said the company has cut off five customers for abuse.

The ministry said last week that it will “take appropriate action” if it finds that NSO Group violated its export license.