After Months Of Troubling News, Israel's Government Finally Limits Who NSO Group Can Sell To

(Mis)Uses of Technology

from the tough-to-stay-solvent-using-a-'scorch-your-own-earth'-policy dept

Well, it’s been yet another hilarious couple of days for Israel’s NSO Group. I mean, not so much for NSO, which is currently sitting at the center of a raging dumpster fire of its own creation. But just because NSO isn’t laughing doesn’t mean it’s not funny.

For years, it sold spyware to whoever wanted it. Those customers used the powerful phone exploits to target journalists, activists, dissidents, and high-ranking government officials.

Some of this had already been exposed by security researchers like Canada’s Citizen Lab before the bombshell dropped: a list of 50,000 alleged NSO malware targets. NSO denied having anything to do with the list, but report after report tied its spyware to abuse by government agencies and quasi-political leaders like kings and princes in the United Arab Emirates, one who used the malware to hack the phone of his ex-wife and her lawyer.

France’s President, Emmanuel Macron, was one of those on the target list obtained by journalists. This prompted the President (and other French government officials) to acquire new phones. Because of this, the French government has decided it won’t be requiring the services of NSO in the future.

At the exact same time, MIT Technology Review has learned, French government officials were in the final stages of contract negotiations to purchase Pegasus hacking tools from NSO. The French were on the verge of buying the tool—in the type of deal that is typically worth millions of dollars—despite years of allegations that it was regularly being used to surveil and harass dissidents, journalists, and human rights activists worldwide.

But sources familiar with the deal say that the process fell apart after the accusations that French politicians potentially were among those targeted, and negotiations were broken off just a few days before the sale was set to take place. After publication, France’s Ministry of Foreign Affairs denied it was in the process of purchasing NSO Group tools.

That takes one customer off the list for NSO. The Israeli government — after years of ignoring NSO’s sales to human rights violators — has further limited the company’s market base, removing nearly two-thirds of the countries on its approved purchasers list.

The Defense Ministry has dramatically scaled back the number of countries to which Israeli companies can sell cyber technologies amid global fallout over Israeli spyware firm NSO Group, according to a report Thursday.

The updated November list consists of 37 countries, down from 102, according to the Calcalist business news daily.

Countries with questionable human rights records, including Israel’s new allies Morocco and the UAE, have been removed, the report said.

Much like everything related to the fallout from the NSO target list obtained in July, this could have been prevented if NSO had decided not to sell to governments known to routinely violate human rights or — if it just couldn’t help itself — its government had forbidden sales of powerful malware to these countries.

Having fewer customers isn’t going to help NSO climb back out of the hole it dug for itself. This trimming of its potential user base follows blacklisting by the US Commerce Department — something that had an almost-immediate effect on the company’s credit rating.

According to Bloomberg, Moody’s dropped NSO’s credit rating by two levels, asserting that the company’s risk of defaulting on its debts had increased and noting that the company has been losing money since 2020.

Not that NSO was in great financial shape to begin with. This was the second downgrade by Moody’s, the first of which came a month before the July release of the alleged NSO spyware target list.

Moody’s said in June that it downgraded the company’s rating from B2 to B3, adding that its outlook remains negative. The report said most of the debt is supposed to be repaid in March 2025.

NSO has been offering up nonsensical and contradictory defenses of its actions for several months. Now, it’s just flailing. It now wants people to believe its current woes are the end result of an anti-Israel conspiracy.

In a letter, [NSO] argued that the U.S. blacklisting arose from “an orchestrated campaign by anti-Israel organizations” that would result in hundreds of employees losing their job, according to Israeli news site Walla.

That’s a ridiculous assertion. NSO would be toxic no matter where it was located. And it has had years to head off this sort of worldwide reckoning but chose to reap the profits, rather than control use of its powerful phone hacking tools. Investigations attributing phone hacks of journalists and human rights activists to NSO malware have been public knowledge for a few years now, and the company’s response (until now) has been to do nothing.

By waiting this long to finally start addressing these allegations, NSO has limited its options to making nonsensical defensive statements and, presumably, starting to figure out how much its office furniture might go for at auction.

The same can be said for the Israeli government, which has been aware of these troubling allegations about NSO for just as long, but instead chose to urge on sales to human rights abusers, rather than discourage NSO from pursuing business relationships with governments that were always going to end up abusing the powerful malware. Due to this close relationship, NSO’s problems are also Israel’s problems, which is likely why even the Israeli government is trying to distance itself from the country’s most toxic asset.

Filed Under: israel, malware, pegasus, spyware, surveillance
Companies: nso group