NSO could have its days numbered. The company responsible for the development of espionage programs that have hacked hundreds of world leaders, politicians and activists, will have to answer for it in court for the complaints of Apple or Meta (Facebook, WhatsApp and Instagram parent company) and has been included blacklisted in the US or UK. Now she acknowledges that so much public exposure has left her out of business.
This is how the “cyber-spy industry” that harasses activists and journalists works
This is how the lawyers of the venture capital fund that owns the firm expose it, who have affirmed before a London court that it is “absolutely clear” that the developer of the Pegasus spy virus has become “worthless”.
The litigation pits the investors of the Novalpina Capital fund, which bought NSO in 2019 for $1 billion, against two of the three people responsible for its management at the time the operation was carried out. According to the documentation provided by the investors, exposed by the Financial Timesthere have been no new orders from Pegasus since July 2021 and the fund “has lost virtually all of its investment in NSO”.
Pegasus is a powerful hacking and espionage tool that can turn your target’s phone into a recorder of all their activity. It is capable of remotely activating the microphone, camera or GPS at the attacker’s request and sending them everything they record, as well as accessing messages, photos or any file stored on the device. NSO claims that it only sells it to legitimate governments for use in fighting crime and terrorism. But his trail has been found on the phones of activists, politicians, opponents of authoritarian regimes and journalists around the world.
Already before July 2021, it had been documented that Pegasus was used to hack, for example, the phones of Catalan pro-independence politicians, as revealed by elDiario.es. However, last summer an investigation by several international media in collaboration with Amnesty International exposed that spy software had been used massively against members of civil society and political leaders who are not accused of any crime.
French President Emmanuel Macron’s phone was among those Pegasus had tried to break into. Also that of the South African president, Cyril Ramaphosa. Or the Pakistani Prime Minister, Imran Khan, until a few days ago, as well as those of diplomats, military chiefs and high-ranking political officials from 34 countries. Activists, journalists and lawyers from Armenia, Azerbaijan, India, Saudi Arabia, Palestine, Morocco or El Salvador appeared on the list of targets, presumably assaulted by the intelligence agencies of their respective countries. Israeli police have also confessed to using Pegasus against protest organizers.
NSO denies all allegations and claims that if Pegasus has been used in this way it has been without their knowledge. But the scandals do not stop. This same week the Reuters agency has revealed that European Commissioner for Justice, the Belgian Didier Reynders, as well as members of his team, have been attacked by spyware. The developer of it has again denied it in statements to the agency and affirms that the hack “could not have happened with NSO tools.”
will answer in court
Reynders was informed that his phone has been attacked by Pegasus through Apple. The manufacturer discovered last September that NSO had found a security hole in its devices that it used to inoculate its victims with Pegasus. He prepared an urgent update to patch the breach and sent messages to the hundreds affected. He also filed a lawsuit against the Israeli firm for abusing its systems.
It will be the second of its kind to which NSO will have to respond. The first was filed by WhatsApp in 2019 after detecting that it had hacked 1,400 users following the exact same manual. The case was bogged down until November 2021 by an appeal that the Israeli company filed to try to get rid of being prosecuted in the US, based on an alleged diplomatic immunity derived from its contracts with different governments. The American justice has rejected the allegation, with which the process will begin soon.
Legal problems are piling up for NSO. Last week she was sued in French courts by the Franco-Palestinian activist Salah Hammouri, who also saw how his phone was infected with Pegasus. The NGOs The International Federation for Human Rights and the Ligue des droits de l’homme have appeared in the complaint together with Hammouri. “The violation began in the Occupied Palestinian Territory and continued on French soil, which constitutes a violation of the right to privacy under French law,” the organizations point out.
NSO has not responded to requests for information from elDiario.es about Hammouri’s complaint. This is the first judicial process that it will have to face in the EU and, together with the recent revelations about espionage on the Justice Commissioner, may lead Brussels to adopt a firmer position against the Israeli company. The community bloc has not followed in the footsteps of the US and the UK and has not raised any veto against the firm for its alleged human rights violations.
Last December, 82 civil society organizations urged the EU to reconsider that position. They call for “urgently placing NSO on its global sanctions list and taking all appropriate measures to prohibit the sale, transfer, export, import and use of NSO Group technologies, as well as the provision of NSO product services. NSO, until adequate human rights safeguards are put in place.”