Meet The Israeli Phone Hackers That Governments Have On Speed Dial
When the news broke last month that a virtually anonymous Israeli company hacked the iPhone of a high-profile civil rights activist, the media were bursting with speculations and theories as to who was behind the breach. When the price of the hacking was revealed – $650,000, plus a $500,000 setup fee for 10 devices – all eyes were on Israeli startup NSO Group.
But the clandestine company – which is said to help governments spy on people through their mobile devices – has kept mostly quiet. In fact, this closely held enterprise has largely flown under the radar since its inception in 2010, even when it was bought for $120 million by American private equity firm Francisco Partners in 2014.
Founded by Niv Carmi, Shalev Hulio and Omri Lavie , NSO – which stands for the first letters of the founders’ first names – has developed a mobile device surveillance software called Pegasus, with which it can reportedly accesses phone records and conversations as well as photos, text messages and web surfing history. The spyware leaves no traces on the phone, according to media reports.
This software was used to hack the iPhone of a United Arab Emirates citizen, after which Apple issued a security patch to its operating system, in order to tighten users’ security and privacy.
“The most sophisticated mobile attack we’ve seen”
Cyber-security firm Lookout, which along with research group Citizen Lab discovered the Pegasus attack last month, says Pegasus is a “highly sophisticated piece of spyware” that can turn on a phone’s camera and microphone, intercept text messages, and alter the existing apps on the device “to spy on any encrypted or unencrypted data.” According to Lookout, “this is the most sophisticated mobile attack we’ve seen yet and marks a new era of mobile hacking.”
How does it work? According to the University of Toronto’s Citizen Lab, Ahmed Mansoor, a human rights activist based in the UAE, received a text message on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. Sensing a ruse, Mansoor didn’t click on the link and instead sent the message to Citizen Lab researchers. “We recognized the links as belonging to an exploit infrastructure connected to NSO Group, an Israel-based ‘cyber war’ company that sells Pegasus, a government-exclusive ‘lawful intercept spyware product,” the research group said in a statement.
In response, NSO told the media it only works with legitimate law enforcement agencies and governments.
Significant abuse potential
According to Citizen Lab, once a user clicks on such a link, their mobile device becomes infected, and in fact becomes “a digital spy,” capable of snooping on camera and microphone activities, record WhatsApp and Viber calls, log messages sent in mobile chat apps, and track the user’s movements.
This set of vulnerabilities, dubbed “Trident,” used on Mansoor’s phone “is further evidence that ‘lawful intercept’ spyware has significant abuse potential, and that some governments cannot resist the temptation to use such tools against political opponents, journalists, and human rights defenders,” Citizen Lab said in a statement.
However, many claim the company is legitimate and that all powerful technologies could potentially fall into the wrong hands. NSO recently told Forbes that its mission is to make the world a safer place “by providing authorized governments with technology that helps them combat terror and crime.”
Furthermore, NSO stresses that it sells its software solely to authorized governmental agencies, and that it “fully complies with strict export control laws and regulations.” The company has said that its contracts with clients include a condition to use its software only in a lawful manner.
The serial entrepreneurs behind NSO
The 200-employee NSO Group is not the first company Lavie and Hulio founded (Carmi left NSO a couple of years ago); the serial entrepreneurs already have several startups under their belt.
In 2007, they founded MediAND, which identified products in videos and then sold them to the viewers. The company raised $2 million but shut down in 2010 after a legal battle with one of its other founders.
CommuniTake, which Lavie and Hulio founded in 2008, enables cellular network providers to remotely access smartphones; Kaymera, which was founded in 2013, develops mobile security services and solutions; and finally, in 2014, the two founded investment fund Founders Group which controls more than a dozen startups.
With so much expertise and experience, it’s no wonder that Francisco Partners recently valued the duo’s NSO Group at $1 billion. But as high as the company’s valuation may be, very little is known about it or its founders, which is sure to raise some questions.
NSO Group and Francisco Partners declined NoCamels’ requests for interviews.