Revelations: NSO Group has 22 customers in the European Union, and it is not the only spyware supplier

 

A European Parliament committee of inquiry into Pegasus and similar spyware visited Israel and was surprised to discover the number of contracts linking the publishing company NSO to the EU, reports the Israeli daily Haaretz. NSO alone has 22 and it is far from the only player in this “game”.

The shock wave of the Pegasus affair continues to widen, but this time it is the European Union that it affects.

Representatives of the European Parliament’s Committee of Inquiry into Pegasus and Similar Spyware recently visited Israel and learned from NSO staff that the company has active contracts with 12 of the 27 members of the European Union. “The Israeli firm’s responses to questions from the European Commission reveal that the company works with many security agencies in the EU,” reports the israeli daily Haaretz.

This clearly responds to the assertions of the Forbidden Stories consortium (grouping 17 Western media) and Amnesty International through which the scandal happened, and which claimed that the only European state to use the Pegasus software is Hungary led by Viktor Orban, a veritable pet peeve of European globalists. These media hastened to wrongly and selectively target countries like Morocco. But blithely failed to look at their own countries.

In detail, “representatives of the commission visited Israel in recent weeks to further their investigation of the local computer warfare industry and spoke with NSO employees, representatives of the Israeli Ministry of Defense and local experts. Among the members of the said commission, a Catalan MP, whose mobile phone was hacked by an NSO client”, according to Haaretz.

The commission was created after the publication of Project Pegasus last year, and its aim is to create pan-European regulations for the acquisition, import and use of computer warfare software such as than Pegasus. But while the commission members were in Israel, and especially since their return to Brussels, it was revealed that in Europe there is also a well-developed industry in computer warfare, many of whose customers are European.

Recall that the Pegasus spyware from the Israeli company and competing products make it possible to infect the mobile phone of the victim of surveillance, then to allow the operator, among other things, to listen to his conversations and read the content of applications that must contain encrypted messages. Pegasus also allows you to listen in real time to what is happening around the mobile phone, by activating the camera and the microphone.

During their visit to Israel, European lawmakers wanted to know the identities of NSO’s current customers in Europe and were surprised to discover that most EU countries had signed contracts with the company: 14 countries did deal with NSO in the past and at least 12 still use Pegasus for lawful interception of mobile calls, according to NSO’s response to committee questions, Haaretz said.

In response to questions from European lawmakers, the company explained that NSO currently works with 22 “end users” — security and intelligence apparatuses and law enforcement agencies — in 12 European countries. In some of these countries, there is more than one customer, the contract being concluded not with the country, but with the operating organization.

In the past, as NSO wrote to the commission, the company has worked with two other countries – but ties have meanwhile been severed. NSO did not disclose which of these countries were still active customers, or which two countries had their contracts frozen. But according to sources in the computer warfare field, those countries are Poland and Hungary, which last year were removed from the list of countries to which Israel allows the sale of offensive computer technology.

Some members of the committee believed that the contract with Spain could have been frozen after the surveillance of leaders of the Catalan separatists was revealed, but sources on the ground explained that this country, which is considered to be law-abiding, is still on the list of countries approved by the Israeli Defense Ministry. The same sources added that after the case broke, Israel, NSO and another Israeli company working in Spain demanded an explanation from Madrid – and were promised that the use of the Israeli devices was legal.

Sources interviewed by the Israeli daily claim that the contract between the Israeli companies and the Spanish government has not been interrupted. Meanwhile, in Spain, it has been revealed that the hacking operations – problematic as they are in political terms – have been carried out legally.

The extent of NSO’s activity in Europe sheds light on the generally common aspect of recourse to the offensive computer industry by Western countries, which operate eavesdropping on civilians, according to the terms of the law and the judicial control, as opposed to dictatorships that use these services covertly against dissidents. NSO, other Israeli companies and new European suppliers are competing for a market of legitimate customers – a job that usually does not involve bad behavior.

This domain, called lawful interception, has in recent years drawn the ire of technology companies such as Apple (maker of the iPhone) and Meta (Facebook, which owns WhatsApp, through which the spyware is installed). These two companies have filed a lawsuit against NSO for hacking phones through their platforms, and are currently waging a battle against this industry. This computer war is also causing great unease in Europe, as the EU has passed comprehensive legislation on the issue of internet privacy.

However, this does not mean that there is no interest in these technologies or their use in the Old Continent.

Two weeks earlier, in fact, revelations made it possible to learn that Greece was using Predator, a spyware similar to Pegasus, against an investigative journalist and against the leader of the socialist party. Prime Minister Kyriakos Mitsotakis said the tapping was legal and based on an injunction. It is worth pointing out in this regard that Predator is manufactured by the computer company Cytrox, which is registered in North Macedonia and operates from Greece.

Cytrox belongs to the Intellexa group, owned by Tal Dilian, a former high-ranking member of the Israeli intelligence services. Intellexa was previously located in Cyprus, but after a series of compromising incidents, the company transferred its activities to Greece. While the export of Pegasus, NSO’s software, is supervised by the Israeli Ministry of Defense, the activity of Intellexa and Cytrox is not.

Also in the Netherlands, a public debate has recently taken place after further shocking revelations that the Dutch secret service used Pegasus to catch Ridouan Taghi, a drug lord arrested in Dubai and charged with ten murders in sordid circumstances. Although the use of Pegasus was legal and activated against a criminal element, in the Netherlands people wanted to know why the secret services were involved in an internal investigation by the Dutch police. So there have been requests for a self-examination regarding how the spyware has been used in the Netherlands.

In addition to Israeli companies active on the continent, Europe turns out to have a number of spyware manufacturers. Microsoft recently revealed the existence of a new spyware, Subzero, designed by an Austrian company located in Lichtenstein, called DSIRF. This spyware exploits a sophisticated zero-day weakness to hack into computers.

Unlike NSO, which waited several years before admitting to working with customers in Europe, the Austrians defended themselves. Two days after Microsoft’s revelation, they reacted harshly and explained that their spyware “has been developed only for official use in EU countries, the software has never been misused wisely”.

In Europe, companies that design spyware are more experienced: a few weeks ago, Google security investigators revealed a new spyware, Hermit, made by an Italian company called RSC Labs, successor to Hacking Team, an old and well-known competitor, whose internal correspondence was the source of a huge leak, Wikileaks, in 2015. Hermit also exploited a little-known security flaw to allow the hacking of iPhones and Android devices, and its presence has been found on devices in Italy, but also in countries as far away as Kazakhstan and Syria.

Again, there is an indication that the customers of RSC Labs, whose offices are in Milan, with branches in France and Spain, include official European law enforcement organisations. On its website, the company proudly reports more than “10,000 successful and legal hacking actions in Europe”.

Other spyware for cell phones and computers have been revealed in the past under the names of FinFisher and FinSpy. In 2012, the New York Times revealed how the Egyptian government used this device, originally designed to fight crime, against political activists. In 2014, the spyware was found on the device of an Ethiopian-American, raising suspicions that authorities in Addis Ababa are also customers of British-German manufacturer Lench IT Solutions.

Quoted by Haaretz, EU lawmaker Sophie In’t Veld, who is a member of the Pegasus Inquiry, said that “if a single company serves 14 member states as customers, you can imagine the scale of the industry as a whole. There seems to be a huge market for commercial spyware, and EU governments are very keen buyers. But they’re very tight-lipped about it, keeping it out of the public eye”.

Companies like NSO therefore face a dilemma: Revealing the identities of client governments that legally use its tools will help deal with public criticism from organizations such as Citizen Lab, the media and lawmakers, but will put deals at risk.

“We know that spyware is being developed in several EU countries. Italy, Germany and France are not the least,” said Ms. In’t Veld. “Even if they use them for legitimate purposes, they have no appetite for more transparency, oversight and safeguards. The Secret Service has its own universe, where normal laws don’t apply. To some extent that has always been the case, but in the digital age they have become all-powerful, and virtually invisible and totally elusive,” she told Haaretz.

Questioned by the newspaper, NSO did not wish to comment. But one thing is certain: in Europe, and elsewhere, almost everyone uses Pegasus or similar. And aiming for Morocco is ultimately only the tree that hides the forest.

Morocco insisted that it has never acquired the Pegasus software, some media, including the French, are firing on all cylinders and absolutely want to put the cover back. This is evidenced by the pretext taken from the telephone tapping scandal targeting Pedro Sanchez, whose authors, like the motivations, are however elsewhere.

Indeed, on last May 2, when the Minister for the Spanish Presidency, Félix Bolano, revealed that the phones of the President of the Spanish Government, Pedro Sanchez, and his Minister of Defense, Margarita Robles, had been infected in May and June 2021 by Pegasus.

A number of Spanish media have wondered about the significant events of this time, and who could explain such an attack. They retained, on the one hand, the preparation of the pardons for the leaders of the independence process in Catalonia, which had taken place a few weeks later, in June 2021, and, on the other hand, the diplomatic crisis between Spain and Morocco, which had been triggered following the admission of polisario leader Brahim Ghali to a hospital in Logroño.

However, the most virulent reaction surprisingly emanated from certain French media, in particular France Info and Le Monde, despite their reputation for the purely factual treatment they reserve for information.

These two daily newspapers were part of the consortium of 17 international media which had processed a list of 50,000 telephone numbers, all targeted by Pegasus, and which had been revealed by the organization Forbidden Stories in July 2021.

In their treatment of the information that had been delivered to them, these media had been particularly selective on the countries denounced, only 11 of them, including Morocco, had been cited, whereas it turned out that NSO holds in its portfolio at least 45 clients, mostly European, as indicated by the israeli daily Haaretz.