NSO accused of providing technology linked to murders

A new research database from human rights groups accuses Israeli company NSO Group of providing technology to governments that has been used to snoop on dozens of journalists, activists and lawyers and alleges that the product is linked to acts of violence including break-ins, harassment, intimidation and murder.

NSO’s technology, known as Pegasus, is exclusively sold to governments and law enforcement agencies, who use it to hack into mobile phones and covertly record emails, phone calls and text messages.

NSO has said its technology is a valuable tool to prevent terrorism and curb violent crime.

A new database released on Saturday by Amnesty International, Citizen Lab and Forensic Architecture documents more than 60 cases in which NSO’s spyware has been used to target dissidents and government critics from countries including Rwanda, Togo, Spain, the United Arab Emirates, Saudi Arabia, Mexico, Morocco and India.

Many of the details contained in the database have been publicly aired before by rights groups and media organisations. But in piecing together disparate fragments of information about NSO Group and making it accessible in one place, the database provides a granular portrait of the company’s geographic reach and business structure, researchers said.

“This is the first global mapping of victims and targets of NSO spyware and promises to be an essential resource for those seeking to understand the harm of the global proliferation of this shadowy spyware,” said John Scott-Railton, senior researcher at Citizen Lab.

Shutting down

A spokesperson for NSO Group said the company had not reviewed the database but said it is likely to be “filled with inaccuracies and old and recycled claims”.

“NSO Group investigates all credible claims of misuse, and NSO takes appropriate action based on the results of its investigations. This includes shutting down a customer’s system — a step NSO has taken several times in the past and will not hesitate take again if a situation warrants,” the spokesperson said.

On June 30, NSO Group published its first annual Transparency and Responsibility Report, which defends its technology and the company’s progress on limiting customer misuse.

According to the report, NSO products have been used by states to “save lives on a massive scale”, helped thwart major terrorist attacks and dismantle drug trafficking rings. The 32-page report outlines steps the company has taken to minimise customer misuse that external advisers hoped would jump-start a debate on standards for the industry.

Need regulation

The company said it refuses to sell its spyware to 55 countries, according to the report, and 15% of potential Pegasus sales were rejected this past year due to human rights concerns.

“This is an industry that gets a lot of criticism,” said CEO Shalev Hulio. “In the end, we have to understand that there isn’t any other way to fight crime and terror. We need tools like this, and we need regulation and an international standard.”

Cherie Blair, an external adviser for the company, said she is “encouraged by the company’s recent progress on human rights matters and its recognition that big challenges remain and can best be tackled collaboratively and through developing binding standards for the industry”.

The new database by the human rights groups, “Digital Violence: How the NSO Group Enables state Terror”, is based on an analysis of legal files, interviews with alleged victims, export licences, news reports and procurement records.

The rights groups allege that government use of NSO spyware is “consistently entangled with a spectrum of physical violations”, including arrests, assaults, and even murder, in the case of the Saudi journalist Jamal Khashoggi, whose associates were allegedly targeted by the Saudi’s use of Pegasus before his assassination at the hands of Saudi government operatives in October 2018.

Indian lawyers

NSO has denied that its technology was used to target Khashoggi.

The database also chronicles a diverse range of alleged victims, including Indian lawyers, Rwandan opposition activists, Spanish politicians, and a Catholic bishop from Togo.

It highlights the case of Moroccan journalist and government critic Maati Monjib, who was allegedly targeted with NSO spyware in 2017 after he received death threats.

It also draws attention to Mexico, where journalist Carmen Aristegui was allegedly targeted with NSO’s spyware in 2015, one month after she revealed alleged corruption involving the then-Mexican president. Aristegui’s alleged targeting coincided with break-ins at her offices, intimidation and lawsuits, according to the rights groups.

Shourideh C Molavi, Forensic Architecture’s researcher-in-charge, said the project has revealed “the extent to which the digital domain we inhabit has become the new frontier of human rights violations, a site of state surveillance and intimidation that enables physical violations in real space”.

A spokesperson for NSO said that the company will continue to engage in discussion about public safety, security and human rights.

“This is a serious issue that requires a commitment to problem solving, not a focus on scoring public relations points,” he said.

Bloomberg News. More stories like this are available on bloomberg.com