NSO offered 'bags of cash' for access to global cell networks

Israel-based surveillance company NSO Group offered to give representatives of American mobile-security firm Mobileum "bags of cash" in exchange for access to global cellular networks, the Washington Post reported on Tuesday.

According to the report, whistleblower Gary Miller, a mobile-phone security expert, alleged in confidential disclosures to the US Justice Department that the offer came during a conference call in August 2017 between NSO Group officials and representatives of his employer at the time, Mobileum, a California-based company that provides security services to cellular companies worldwide.

The NSO officials, the Washington Post report cited Miller as telling US officials, specifically were seeking access to what is called the SS7 network, which helps cellular companies route calls and services as their users roam the world.

In a statement, NSO said that it had "never done any business with" Mobileum and that it "does not do business using cash as a form of payment" and is not "aware of any DOJ investigation."

NSO is best known for its Pegasus spyware, which it leases to intelligence and law enforcement agencies in dozens of countries. Pegasus can turn a targeted smartphone into a potent surveillance tool, allowing operators to track the user's locations, listen to calls, retrieve pictures and monitor social media activity.

The company has long maintained that Pegasus is intended for investigating terrorists, pedophiles and other serious criminals and that other decisions regarding the system's deployment are made by clients, not NSO. It has vowed to investigate misuses.

A group of US lawmakers has already asked the Treasury Department and State Department to sanction NSO and three other foreign surveillance companies they say have helped authoritarian governments commit human rights abuses

Miller is a former Mobileum vice president who left the company in 2020 and now works as a mobile-security researcher for Citizen Lab, a global journalism consortium that has been investigating the use of NSO software and a leading critic of NSO and its surveillance operations.

"The NSO Group was specifically interested in the mobile networks," Miller reportedly said. "They stated explicitly that their product was designed for surveillance and it was designed to surveil not the good guys but the bad guys."

In Miller's account to the Justice Department, the Washington Post reported, when one of Mobileum's representatives pointed out that security companies do not ordinarily offer services to surveillance companies and asked how such an arrangement would work, NSO co-founder Omri Lavie allegedly said, "We drop bags of cash at your office."

In a statement to the Washington Post through a spokesperson, Lavie said he did not believe he had made the remark. "No business was undertaken with Mobileum," the statement said. "Mr. Lavie has no recollection of using the phrase 'bags of cash,' and believes he did not do so. However, if those words were used they will have been entirely in jest."

Mobileum chief executive Bobby Srinivasan issued a statement saying, "Mobileum does not have – and has never had – any business relationship with NSO Group."

US Rep. Ted Lieu (D-Calif.), to whom Miller also relayed his allegation against NSO Group last year, shared redacted copies of Miller's disclosures with Paris-based journalism nonprofit organization Forbidden Stories, which shared them with the Washington Post and other members of the Pegasus Project, a global journalism consortium investigating NSO.

"Having such access," Lieu said in his referral to the US Justice Department, "would allow the NSO to spy on vast numbers of cellphones in the United States and foreign countries."

Speaking to the Washington Post, Lieu said the alleged manner of payment – "bags of cash" – convinced him that a criminal act might have been considered, "even if the account shared by Miller included no direct evidence of illegality," the report noted.

Legal experts who spoke with the Washington Post said they were unaware of any law that would make it illegal merely to gain access to SS7 in the United States or pay for a service in cash. But some types of surveillance are illegal in the US if not explicitly authorized by a legal process, such as a court order, as happens when police receive permission to conduct wiretaps. Unauthorized hacking also violates US law, the legal experts told the US newspaper.

Also on Tuesday, meanwhile, after denying all allegations of wrongdoing for weeks, the Israel Police conceded that it may have misused NSO Group spyware to monitor Israeli citizens. It said that "additional findings" emerged from an internal investigation that may "change things, in certain aspects."

In January, the news site Calcalist published a report accusing the Israel Police of using the Pegasus software on Israelis without court authorization since 2013.

In an interview with Israel Hayom in July 2021, NSO Group co-founder and then-CEO Shalev Hulio alleged that "the Israeli cyber sector is under attack, in general. There are so many cyber intelligence companies in the world, but everyone just focuses on the Israeli ones…

"I don't want to sound cynical, but there are people who don't want ice cream to be imported here [to Israel] or for technology to be exported," said Hulio.