from the handing-more-power-to-the-unassailably-powerful dept
NSO Group can’t get a break. Too bad. It really doesn’t deserve one. The inability of the Israeli exploit purveyor to escape this endlessly negative news cycle is entirely its own fault. And each passing day seems to uncover something new and nasty about the tech company, which has built its business by seemingly selling to whoever wants to buy, no matter how morally repugnant.
The company’s malware has been deployed by a variety of repeat human rights offenders to target journalists, critics, dissidents, religious leaders, opposition parties, and the occasional heads of state of their allies. To its own critics, NSO has issued contradictions: it is not responsible for how its customers use its products and that it does everything it can to prevent misuse of its products. The contradiction is baked in: NSO says it pulls access for misuse while claiming it has no “visibility” into its customers’ activities.
It also says it does not sell its powerful malware to private entities. But the fine line between public and private entities is never finer than in the United Arab Emirates, where the allied rulers of the area are also private citizens — kings and princes with access to a whole lot of wealth and a whole lot of power.
A prince can claim to be a government official and still behave like a private citizen. Take Sheikh Mohammed bin Rashid al-Maktoum of Dubai. He’s the king of Dubai. He’s also in the middle of an extremely messy, somewhat public divorce from Princess Haya bint al-Hussein. His access to NSO’s most popular phone exploit (Pegasus) allowed him to hack phones belonging to his ex, along with phones belonging to her legal reps.
But he’s not the only UAE figurehead with NSO contracts. Israeli news agency Haaretz reports NSO has sold to other kings and princes who control parts of UAE: men who have plenty of private business that could benefit from a bit of phone hackery using tools obtained under the auspices of Official Government Business.
The Israeli cyber firm NSO sold its Pegasus mobile-phone hacking software to two different leaders of the United Arab Emirates – Abu Dhabi ruler Mohammed Bin Zayed and Dubai ruler Sheikh Mohammed Bin Rashid al-Makhtoum.
TheMarker has learned that the price each of these clients paid in dollars is a seven- to eight-figure number.
It’s not that UAE doesn’t have national security and law enforcement agencies that would make better homes for phone hacking tools. (I mean comparatively…) The UAE has a federal police force and a joint national security agency that’s supposed to handle the sorts of things (serious crime, terrorist activity) NSO swears up and down its customers are using its exploits to combat.
So, why sell the princes and kings, who have few obligations to the people they rule over… you know, since they’re rulers rather than elected officials? Apparently, the answer is because they have millions to spend on phone hacking tools and a company willing to exchange goods and services for money while pretending to hold its nose, cover its eyes and ears, and act all defensive when people ask the why in the almighty fuck are they selling exploits to the United Arab Emirates, much less its literal ruling class?
NSO says publicly (and a lot more frequently in recent months) that it takes a hard line on the abuse of its products to violate human rights. But it says that after years of selling to rulers with long histories of extremely severe human rights violations. Both things can’t be true. And a cursory Google search would give NSO all the due diligence it needs to refuse to sell to rulers (and government agencies) located in places like Dubai and Abu Dhabi. (Not to mention others with the same cavalier attitude towards life and liberty.)
Recent revelations are forcing NSO to put its money where its mouth is. With every new report of violations and use by human rights violators, the company is now obligated to yank access and cancel contracts. I cannot imagine how uncomfortable it will be for the company to approach rulers who preside over areas where executions and disappearances of critics are commonplace. But suck it up, NSO. The best way to avoid having to tell brutal rulers their business is no longer welcome is to never welcome it in the first place.
Worse, the country NSO calls home may be partly to blame.
In some cases, including the sale of two systems to two separate rulers in the UAE, the Pegasus system was only sold following heavy pressure from the Israeli government, as part of the diplomatic warming between Israel and the UAE. Yet the system’s irregular use embarrassed NSO and caused the third bout of bad publicity the company has sustained since being blacklisted by the U.S. last week.
So, if the Israeli government feels any complicity in the current state of NSO affairs, it probably should send a couple of diplomats along to ensure the revocation of hacking power by NSO not only actually happens, but happens without part of the NSO sales force being disappeared for having the audacity to tell these half-patriarchy/half-oligarchy rulers to take their business elsewhere.