According to one of the participants, the leaders of the “VAT group” (NSO Group) made a bold statement: a banal missed call “Wotsap” app “Pegasus” (Pegasus) can penetrate into the core of any “iPhone” and extract its secrets.
Just a few minutes after a missed call, the phone itself reveals the encrypted data, which then do the same on the computer screen at the other end of the globe. Then he reports the most intimate details — for example, personal messages or the location of the user and even includes a camera and microphone for live broadcasts.
The program in itself is not new, is merely the latest update technology of a decade ago. But it was so powerful that it controls the Ministry of defense of Israel. However, according to our interlocutor, the hacking “Wotsap” was tempting “vector”. “For the sales market this attractive” — he said.
It was a publicity stunt for FNL based on the government, and it has allowed tiny and unobtrusive company with a staff of several hundred people to market volume of about $ 1 billion. Engineers NSO boast that they will be able to get around any obstacle — whatever that invented Apple, the most valuable company in the world. In “Apple” to comment for this article refused.
At the April presentation to investors in London, the company boasted that despite regular security patches from Apple, and holes through which seeps the Pegasus remain unsolved, complained one investor, the remaining is clearly not happy. In spite of yearly software updates from companies of the caliber of “the Apple”, the NSO has a documented experience of finding vulnerabilities, boasted a company representative.
Publicity stunt NSO has brought the company incredible success, and the government had the opportunity directly from the warehouse to order software, about which earlier it was believed that that only the most sophisticated intelligence agencies — like the British GCHQ or the American NSA.
Selling such a powerful and controversial technology has become a kind of hallmark of Israel in the diplomatic arena. The Pegasus opened the access Israel, both officially and not — so- top secret command centers in countries with which a partnership he could not Shine. Among them, as scientists assure, such Gulf countries as Saudi Arabia and the United Arab Emirates. Although to recognize the Jewish state, both countries are Prime Minister Benjamin Netanyahu has used all his charm and know-how exploration, playing on a common hostility to Iran.
Their relationship with the NSO, the government of Israel never mentioned publicly. After retiring from the post of defense Minister in November last year, Avigdor Lieberman, and it was he who regulated the sale of NSO, said: “I think now is not the time to discuss this topic. I believe I have a responsibility for the safety of our country, for its future relationship”. And added: “But today already for anybody not a secret that we have contacts with all the moderate part of the Arab world. Sure this is a good news”.
According to the statement “VAT group”, dozens of countries use “Pegasus” to prevent terrorist attacks, to gain access to the depths of drug cartels and rescue abducted children.
However, against the company was filed two lawsuits — in Israel and Cyprus. Both are based on investigations of human rights defenders, and they claim that the software used for the surveillance of the phones of journalists, dissidents and critics of governments around the world from Mexico to Saudi Arabia. Among the victims was the investigator “Amnesty international” (Amnesty International), the wife of slain Mexican journalist and a number of corruption fighters.
The company’s influence grew, and it drew the attention of researchers from the University of Toronto, specifically the “Pegasus”. They believe that the program is used in 45 countries, including Bahrain, Morocco, Saudi Arabia and the UAE. According to the April investor presentations, half of the group’s revenues from the Middle East, although the company said that the contracts signed with 21 countries of the EU.
The middle East erodes competition, and technology NSO it began with captured weapons. The Israeli lawsuit States that the UAE, one of the clients of NSO, asked the representative of the company to hack mobile phones the Emir of Qatar, one of the Saudi princes — contenders for power — and the editor of an opposition newspaper in London.
Omar Abdulaziz, who settled in Canada, an outspoken critic of the Saudi government and friend of Khashoggi, one of the lawsuits claims that his phone was hacked Pegas to listen to conversations with Khashoggi shortly before his death in October.
NSO limited evasive answer that none of her clients to infect a phone Khashoggi its malware, simply could not — because it is sold only “responsible” countries, and that after a thorough inspection and especially with the approval of the Israeli government.
To comment on this issue, the company refused. Regarding the surveillance of dissidents or journalists instead of legitimate targets like terrorists, an informed source said that the company generally cannot know that the data collected by its customers. According to him, she developed a firewall between its own software which is updated regularly, and data collected with it. They are stored on different servers located in the client country, the source said.
Over the past three years, the FNL has refused to deals worth $ 150 million and rejected the proposal by another 250 million after the work carried out by the ethics Committee, which checks the governments of client countries and their intelligence agencies for risks of human rights, the source said.
However, all these assurances, critics of the company seem unconvincing. “All the talk about careful screening of customers like a joke, because the company has lots of contracts with the States, whose situation with human rights raises a number of complaints, for example, Saudi Arabia”, — said the lawyer of human rights of Jerusalem of Mahagna Alaa (Alaa Mahajna). It represents the interests of Abdulaziz and the group of Mexican journalists and activists in both the lawsuits against the FNL.
As it became known only recently, tools for hacking mobile phones which sells FNL, but last time this happened was through the “Votsap”, — work in any part of the world, and the geographical scope sets itself the government of Israel, according to informed source. This means that the intelligence agencies of a single country can theoretically hack the phone far beyond its jurisdiction.
In early may, the engineers “Wotsap” found in your code loophole, which is used by NSO, and last week started to fix it, the company said. On Monday, the company released its half a billion users, the update to fully close.
“By all indications, with the break-in is a private company, which, as is known, collaborates with governments for the supply of spy programs — as stated, they are embedded in operating systems of mobile phones, says a person familiar with the details of the internal investigation “Wotsap”. — Abuse of such capabilities we are very scared.”
For a company with such unprecedented coverage of the NSO operates under the veil of secrecy — until recently she didn’t even have a website. Its founders, Julio Shalev (Shalev Hulio) and OMRI Lavi (Omri Lavie), with the press rarely communicate — in an interview with the financial times in 2013 Lavi said that due to the fact that the company remained in private hands, “the mystery remains a mystery”.
However, interviews with a dozen Israeli officials (including people directly involved in the activities of the NSO), documents from the Israeli and Cypriot courts, the police complaint and the caution of the investors — all this suggests that the company is trying to emerge from the shadows of offensive technologies and turn into a extremely profitable enterprise, which readily reveals its secrets to the interested investors. Recently a controlling stake in the company was purchased with the support of the British Fund “Novalena capital” (Novalpina Capital), and thus the cost of VAT was estimated at $ 1 billion.
However, the company’s reputation has fallen so much that customers were not even for a loan of 510 million dollars to support foreclosure — although the shares were sold for 90 cents on the dollar with interest rate of 9.5%. After that, the firm has launched a campaign to rehabilitate.
Contracts with governments around the world, on the contrary, bring sustained benefits. According to the company, its revenues in 2018 amounted to 251 million US dollars and profit before interest, tax, depreciation and amortization is 128 million dollars higher than in 2014, when it amounted to $ 109 million. Free cash flow in 2018 amounted to $ 80 million.
About 10% of the revenues brought sales of cargo vans with equipment for data collection. Still the same account for a product called landmark (Landmark, “Milestone”), which tracks the physical location of their phones. But the best seller was and still is “Pegasus,” he brings three-quarters of income.
The latest version of “Pegasus” is among the extremely popular governments. In the middle of 2017, as is evident from complaints to the Israeli police and the European businessman, NSO representatives flew to Cyprus to meet with two senior Saudis, one of whom was a senior representative of the intelligence. His name businessman asked not to be named.
In the conference hall of the hotel “four seasons” in Limassol, representatives of the company took out a new iPhone on the spot showed the Saudis how quickly they can get access to his camera and microphone. The version they sell is called “Pegasus 3”, and to fit into the software of the phone she doesn’t even have to fool the user with false links. The company sells this technology under the motto “without a single click”.
“They are still discussing prices, when the Saudis said they wanted it immediately,” — says the businessman. According to his estimates, the ability to track 150 targets and time again, the Saudi government paid $ 55 million. The Commission, he had not paid, and now he is seeking the criminal prosecution of two other intermediaries — participants of the transaction. The company said it does not discuss any clients in General, nor the specific transaction.
According to the businessman, the government of Saudi Arabia also received a makeweight few “horses,” so the company calls “Trojan horses”, malware for phones where you have already installed the “Pegasus 2”. By the way, the same version of the program, the researchers from the Civil laboratory of the University of Toronto discovered the “iPhone” friend Khashoggi.
About hacking “Wotsap”, — this is a loophole that Facebook is trying to patch the latest update, — senior researcher, Civil lab John Scott-Railton (John Scott-Railton), said: “If this is true, then it’s very serious, because the folly of the customers, which alerts our laboratory and others, can easily spread to the whole world. And so it turns out that at their disposal — the latest mechanism”.
In 2014 for the “Pegasus 2” the government of Mexico paid $ 32 million, is evident from the contract with the office of the attorney General of Mexico, referred to by Israeli action. According to the report, the deal includes the product of the NSO entitled “Advanced social engineering”, — representatives of the NSO helped create a “suggestive” text messages to attract the attention of the victim.
Around these communications has already launched two legal proceedings against the FNL. A few days after unknown gunmen killed opposition of Mexican journalist Javier Valdez (Javier Valdez), his widow came asking to learn details of his death. Civil laboratory came to the conclusion that the messages most likely contain malicious software. Being in Canada, Abdulaziz received a link to track a certain package and, according to the Civil lab, most likely it also leads to malicious software. These messages, tailored for each case, received and others.
Consider the claim the company refused, but noted, citing its own internal investigation, that the software mentioned by Civilian lab — not the Pegasus, but something else.
The creation of such messages requires the client to have direct contact with NSO, explains the businessman. According to him, Cyprus for these purposes there is a referral service.
This is contrary to the assurances of the NSO, if the company is unable to track how it is used, where and against whom. According to “Novaline”, a thorough investigation revealed only a few abuses. The company suggested that the use of “Pegasus,” and yet traces of it, according to the researchers, discovered in the phones of journalists, dissidents and critics, is the responsibility of the company or the government. Israeli claims are still at pre-trial hearings, so the official protection is not provided.
In Israel, the vulnerability of smartphones has become a problem of national security, and Israeli military developed for the officers own phone with a high degree of protection. Many high-ranking officials generally are not smartphones, the same Lieberman, a former defense Minister, once boasted to journalists beaten and scratched “Nokia”. In it he speaks with family and friends, and the phone at least ten years.
“These companies tell you their product makes the world a safer place, but people who know how it works actually, the use of mobile phones throw. Great, it looks like a safety,” said Scott-Railton.
Messrs Lavi and Julio, founders of the NSO, there is another company, and in the same field. And what niche is it?— Secure phones that cannot be hacked.
Read more •••