An infamous Israeli NSO Group looks to bolster its image by scoring customers
WASHINGTON — When Shmuel Sunray accepted the job in the fall of 2019 as chief legal counsel for NSO Group, an Israeli spyware company accused of selling malware used against journalists and dissidents, he knew it would be a challenge.
Founded in 2009 by ex-military and intelligence officers,
the company created a hacking tool called Pegasus that promised cops and spies
access to criminals’ and terrorists’ private text messages, photos, cameras and
microphones.
But NSO’s customers don’t always just go after child
pornographers and drug traffickers. In 2018, human rights group Amnesty
International accused NSO in court of helping the Saudi government spy on a
close associate of Washington Post columnist Jamal Khashoggi, who was murdered
at the Saudi Consulate in Istanbul. Then Facebook sued NSO just a day after
Sunray started work, alleging the company had helped hack over 1,400 of its
customers.
Novalpina Capital, the London-based private equity firm that
acquired NSO in February 2019, was already under fire from activists demanding
answers about how the firm would address the company’s alleged abuses and
advocating for stricter regulation of the spyware industry.
NSO co-founder Shalev Hulio has publicly denied helping the
Saudis monitor Khashoggi, and several other attacks linked back to its spyware,
but the company recognized it had a potential problem and turned to Sunray. “We
need more structure, we need more experience,” Sunray recalled NSO’s executives
telling him when they brought him on.
The company’s future might depend on it. NSO is reportedly
considering going public with an estimated valuation of up to $2 billion
(Sunray declined to comment on those plans). Novalpina, which knows that bad
publicity could affect NSO Group’s ability to raise capital, has promised to
strengthen oversight of the firm’s activities and increase transparency.
In a series of interviews with Yahoo News over the last
several months, Sunray explained some of the details of NSO’s internal
processes, which include an elaborate system for scoring countries that wish to
buy the company’s products. NSO says it permanently cut ties with four clients
so far, giving up $200 million in sales opportunities, though it won’t say
which ones. Sunray wouldn’t speak about the details of any sales or customers.
For experts who have followed NSO’s work, like Eva Galperin,
the director of cybersecurity at the Electronic Frontier Foundation, these
promises ring hollow.
“A human-rights-respecting framework that is entirely
opaque, cannot be checked by anyone, and that security researcher reports
indicate concludes selling to Saudi Arabia is just fine is a framework that
might as well not exist at all,” Galperin said.
But NSO argues it’s a leader in the shadowy spyware industry,
taking on both risk and reward by opening up to the world — at least a little.
“We’re not naive,” Sunray said, acknowledging the impact the
company’s software can have on those people targeted by it. “We understand that
these tools are very intrusive.”
NSO announced its new human rights policy in September 2019,
and Sunray said this policy is always evolving, taking lessons from
international bodies and other industries’ compliance regimes. The program is,
according to NSO, the “first in the sector” of similar surveillance companies.
Comments
Post a Comment