NSO Group Closes Cyprus Office of Spy Firm
Controversial phone hacking company NSO Group has closed the Cyprus office of Circles, a surveillance firm that previously merged with NSO, and fired a number of staff, according to two former NSO employees.
Cyprus is a hotbed for surveillance companies that sometimes
set up shop in the country and then sell their technology from the region.
"They fired all the Cyprus office," one of the
former NSO employees told Motherboard.
"All Cyprus site was closed recently; all of the people
fired," the second former employee added. Motherboard granted the sources
anonymity as they weren't authorized to speak to the press about internal
company issues, and to avoid retaliation from NSO.
Circles focuses on geolocating devices and intercepting
communications via access to SS7, a network and related protocol that is
particularly used by phones when roaming. Circles created its own phone company
to gain this access for surveillance purposes.
Other surveillance companies have bought their way into the
SS7 network for as little as $22 an hour. The main underlying issue with SS7 is
that the network does not authenticate who sent a request, so if someone gains
access, SS7 will treat their requests to reroute communications as legitimate,
letting spies listen in on texts, calls, or locate the device too.
An NSO spokesperson told Motherboard in an emailed statement
that “In order to ensure that we are operating as efficiently as possible, we
have recently restructured the development of one of our tactical search and
rescue products, and shifted resources to other existing group locations. These
changes will further our mission to prevent terrorism and serious crime.”
Circles has another base in Bulgaria, the two former employees said.
NSO merged with Circles in 2014 after American private
equity firm Francisco Partners bought Circles for $130 million. While Circles
focuses on network exploitation, NSO develops malware for targeting cellphones
themselves. Its main product, dubbed Pegasus, is capable of infecting Android
and iPhone phones, and can siphon photos, messages from encrypted messaging
programs, turn on a device's microphone, and much more. Together, the two
suites of tools could form a powerful surveillance capability; SS7 attacks can
also be used to deliver malware to target devices.
But months before the Cyprus office closure, one of the
former employees described to Motherboard how Circles' product didn't
necessarily match well with NSO's.
"The idea was that the sum will be greater than its
parts. That they will increase the attack vector, but in reality there were few
successes in integration. They exaggerated their system's abilities," the
former NSO employee said of Circles.
The source said NSO had "awful integration with
Circles." The second former employee said the integration "wasn't
great."
But one of the sources added that the SS7 geolocation system
itself worked "very well" in Mexico. Mexico is one of NSO's largest
clients, with journalists and researchers uncovering extensive use of NSO
products in the country. NSO malware was used to target lawyers, journalists,
and politicians in Mexico.
According to a lawsuit filed in 2014 in Israel and Cyprus
and mentioned by Haaretz, an official from the United Arab Emirates’ Supreme
Council for National Security emailed Eric Banoun, a Circles executive, and
asked them to intercept the communications of the editor of the Al Arab
newspaper even though this was not included in the client’s license. Shortly
after, Ahmad Ali al-Habsi, the official, received an email with the recordings.
Motherboard previously reported how NSO pitched a product
codenamed Landmark to the Los Angeles Police Department. A former NSO employee
previously said that Landmark is an SS7-based geolocation capability.
Cyprus has attracted multiple surveillance firms in recent
years.
"While Cyprus is working to shake its reputation as a
haven for Russian criminal cash, I can't imagine that the country is thrilled
to see that a growing number of shady surveillance vendors are setting up
shop," John Scott-Railton, senior researcher from Citizen Lab, based in
the Munk School of Global Affairs at the University of Toronto, which has
extensively followed NSO's work, told Motherboard.
"There is historic jurisdictional affinity between arms
dealers and money launderers. Both prefer to disguise who they do business
with, and how they move their money. I read the preference for places like
Cyprus as yet another indication that spyware vendors have more in common with
arms traders than software startups," he added.
Last year, Cyprus authorities arrested employees of
surveillance firm WiSpear after the company demonstrated its so-called spy van
to Forbes in the country. The CEO of WiSpear Tal Dilian is an original co-owner
of Circles.
In a March 2019 letter addressed to various human rights
groups including Amnesty International, Stephen Peel, founding partner at
European private equity firm Novalpina Capital wrote that some of NSO's
products are exported from Cyprus. Novalpina bought a majority stake in NSO in
February 2019.
In May 2019, activist group Access Now wrote to authorities
in Bulgaria and Cyprus, asking them to further scrutinize NSO exports due to
abuses of NSO's technology.
Comments
Post a Comment