Type Private Headquarters Herzliya, Israel Products Pegasus | Industry Computer security Key people Shalev Hulio (CEO) Founded 2010 | |
 | ||
Owner Francisco Partners (70%)
Omri Lavie
Shalev Hulio Founders Shalev Hulio, Niv Carmi, Omri Lavie | ||
NSO Group Technologies is an Israeli cyberarms dealer founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. It is reported to employ around 200 people and is based in Herzliya near Tel Aviv. Annual revenues were said to be around $40 million in 2013 and $150 million in 2015. According to the company, it provides "authorized governments with technology that helps them combat terror and crime". Malware created by NSO Group has been used in targeted attacks against human rights activists and journalists in several countries.
Contents
Background
Its former chairman of the board of directors was retired general Avigdor Ben-Gal, previously head of Israel Aircraft Industries in the 1990s. The founders are said to be ex-members of Unit 8200, the Israeli Intelligence Corps unit responsible for collecting signals intelligence; The company's start-up funding came from a group of investors headed by Eddy Shalev, a partner in the venture capital fund Genesis Partners. The group invested in total 1.8 million dollar for 30% of the company's shares.
In 2012, the government of Mexico said that it had signed a $20 million contract with NSO Group. The company was reported in 2015 to be a supplier of surveillance technology to the government of Panama. The contract became the subject of a Panamanian anti-corruption investigation following its disclosure in a leak of confidential information from the Italian firm Hacking Team. In 2014, the American private equity firm Francisco Partners bought the company for $130 million. It was reported in 2015 to be seeking to sell the company for up to $1 billion.
Pegasus malware
On August 25, 2016, Citizen Lab and Lookout revealed that malware known as Pegasus, created by the company, was being used to target human rights activist Ahmed Mansoor in the United Arab Emirates. Mansoor is an internationally recognized human rights activist and 2015 Martin Ennals Award Laureate. He informed Citizen Lab researchers Bill Marczak and John Scott-Railton that his iPhone 6 had been targeted on August 10, 2016, by means of a clickable link in an SMS text message.
An analysis by Citizen Lab and Lookout discovered that the link downloaded malware that exploited three previously unknown and unpatched zero-day vulnerabilities in the iPhone's operating system iOS. According to Lookout's analysis, the malware can silently jailbreak an iPhone when a victim, through spear phishing, is sent and opens a malicious URL. After a user opens this link, the malware installs on the phone, hoovering up all communications and locations of the targeted iPhones including iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram and Skype communications and it can collect Wi-Fi passwords. The researchers noticed that the malware's code referenced an NSO Group product called 'Pegasus' in leaked marketing materials. Pegasus had previously come to light in a leak of records from the Italian company Hacking Team, when it was said to have been supplied to the government of Panama. The researchers found that a Mexican journalist, Rafael Cabrera, had also been targeted and there was evidence that the malware could have been used in Israel, Turkey, Thailand, Qatar, Kenya, Uzbekistan, Mozambique, Morocco, Yemen, Hungary, Saudi Arabia, Nigeria, and Bahrain.
Citizen Lab and Lookout notified Apple's security team. Apple patched the flaws within ten days and released an update for iOS. A patch for macOS was released six days later.