New NSO CEO steps aside

Former Partner CEO Isaac Benbenisti on Thursday dropped out of becoming NSO Group's CEO, a position in which he would have replaced founding CEO Shalev Hulio.

A source close to NSO said that Hulio would remain CEO to help stabilize the company during this uncertain time; there has been no announcement yet that Benbenisti, who already is a senior official in NSO's business division, was resigning.

The decision regarding Benbenisti and Hulio comes after last week's announcement by the US Commerce Department to blacklist NSO; a major report this week that NSO technology was used by the Shin Bet (Israel Security Agency) to spy on Palestinian rights activists who are alleged to double as terror financiers; a conviction of a Spanish-Palestinian activist for terror financing Wednesday night; and an escalating fight between Israel and the US over issues surrounding NSO and Palestinian NGOs.

The US Commerce Department announced last week that it had added the cyber offense firms NSO Group and Candiru to its blacklist for engaging in "activities that are contrary to the national security or foreign policy interests of the United States."

At the same time, France and Israel had seemed to move on from tensions over the alleged targeting of French President Emmanuel Macron’s phone using NSO’s Pegasus software, with a planned ministerial-level bilateral meeting this week.

FOUR COMPANIES were added to the list: NSO Group and Candiru of Israel, Positive Technologies of Russia, and Computer Security Initiative Consultancy PTE Ltd. from Singapore, the department said in a statement.

The US State Department said the companies trafficked in cyber tools used to gain unauthorized access to computer networks, though it later added that it will not sanction NSO in any way, despite it being on the blacklist, and will not take any actions against any of the companies’ host-governments.

The addition of the companies to the list for engaging in activities contrary to US national security or foreign policy interests means that exports to them from US counterparts are restricted. For instance, it makes it far harder for US security researchers to sell them information about computer vulnerabilities.

However, from a bare economic perspective, it is more of a public relations problem since NSO does not do any business in the US.

News outlets across the world reported on a leaked list of about 50,000 phone numbers in July, which they claimed were targets of NSO’s Pegasus software, used to hack into phones.

"NSO regrets the decision, since its technologies do indeed support the US's national interests and policies by preventing terror and crime, and accordingly we will act in order to reverse the decision," the company said in response.

The company said that it was looking forward to presenting information that "makes clear that we have the most strict guidelines in the world [as well as] plans to advance human rights which are based on American values that we deeply relate to – which have already caused us to end our engagements with governmental agencies that used our products inappropriately."

Candiru has a lower public profile than NSO and had not issued a response at press time.

AMNESTY INTERNATIONAL responded to the decision, saying, “With this move, the US government has acknowledged what Amnesty and other activists have been saying for years: NSO Group’s spyware is a tool of repression, which has been used around the world to violate human rights. This decision sends a strong message to NSO Group that it can no longer profit from human rights abuses without repercussions.”

“This is also a day of reckoning for NSO Group’s investors – will they continue to bankroll a company whose technology has been used to systematically violate human rights?” the human rights NGO asked.

Broadening its comments beyond NSO, Amnesty said that “the threats posed by surveillance technology are bigger than one company. This dangerous industry is out of control, and this must spell the end of the impunity spyware companies have so far enjoyed. We need an immediate global moratorium on the export, sale, transfer and use of surveillance technology until there is a human rights-compliant regulatory framework in place.”

"This decision shows the complete and utter failure of Israeli systems of oversight and accountability," according to Gil Naveh, spokesperson for Amnesty International Israel. "Both the Israeli Defense Ministry and Israeli courts did not properly do their job of preventing human rights violations with the use of Israeli security exports.

“We call for the Israeli Defense Ministry to immediately halt all of NSO's activity, and for the Israeli systems to hold accountable all of those who were responsible for this outrageous negligence,” he said.

MK Moshe "Mossi" Raz (Meretz) responded, stating that “the US's decision regarding NSO was a matter of time. This company not only embarrasses us around the world and not only entangles Israel in political turmoil, but its actions are also dangerous and harmful – and Israel should not sponsor them.”

“I intend to turn to the defense minister and prime minister and demand that they act against NSO as soon as possible," he said.

AFTER THE July condemnations of NSO and some lost clients and investor momentum, Prime Minister Naftali Bennett established an inquiry of the cyber firm run by a mix of the Defense and Foreign ministries, the Mossad, the National Security Council, and others.

Macron demanded explanations from Israel at the time, and Defense Minister Benny Gantz traveled to Paris to clarify that the French president was not being spied on. In the meantime, Macron prohibited his cabinet members from meeting with Israeli ministers.

Bennett and Macron met recently at the UN Climate Change Conference in Glasgow, and Bennett promised to be more transparent on the matter. The leaders said they would move forward with close cooperation between their countries.

Last week, NSO had seemed intent on a rebranding campaign with Hulio making a lateral move to being vice chairman of the company’s board and global president.

Though details were somewhat hazy, the idea seemed to be to make Benbenisti the new face of the company, while Hulio would focus on drumming up business in new cell phone and cyber areas and likely remain in control of significant aspects of the company behind the scenes.

The change in strategy just a week later seemed to reflect a high degree of flux and fluidity in NSO's stability and vision for its future.

THE JULY reports – which came from the Pegasus project, a group of 17 media organizations that have been provided information from a mix of Amnesty, the University of Toronto Citizen Lab and Forbidden Stories – broke open to the public the most damaging information yet to come to light regarding the cell phone hacker.

According to the July reports, NSO’s Pegasus hacking malware was found on 37 cell phones out of a list of 65 numbers which were checked on a list of more than 50,000 cell phones which were targets.

They discovered that among 1,000 numbers from the list were at least 65 business executives, 85 human rights activists, 189 journalists, several Arab royal family members and more than 600 politicians and government officials — including cabinet ministers, diplomats and security officers.

Top officials whose cell phones appear on the list included Macron, Iraqi President Barham Salih, South African President Cyril Ramaphosa and leaders from Pakistan, Egypt and Morocco.

Countries accused of abusing NSO technologies by reports included Hungary, India, Mexico, Saudi Arabia, the UAE, Bahrain, Morocco and others.

NSO itself had admitted it had cut off at least five governmental clients who abused its technology to go after exactly the kinds of people on the above list – even if it is not those same people.

An NSO source reportedly leaked to NPR that as a result of the current crisis, the company specifically ended its contracts with the Saudis and the UAE.

However, a deeper investigation by The Jerusalem Post found that there was very little concrete information in these reports to grab on to. Most of what was reported in July did not break new ground as much as it added color to prior reports for years that some of NSO's clients have abused Pegasus.

Some outlets directly involved with breaking the NSO story have admitted that they do not know who provided the 50,000 number list and cannot vouch for its credibility, aside from the 37 cell phones where malware was found.

As questions grew about the list, Amnesty gave two messages: not all of the numbers are from NSO and the numbers are from NSO clients showing the character of who NSO clients might go after.

The list of 50,000 cell phones was itself always problematic to close observers, given that each NSO client is usually limited to a dozen or a few dozen targets and the company only has around 60 clients.