In late December 2020, several of Silicon Valley’s most prominent giants, including Microsoft, Google, GitHub, and LinkedIn, asked to join Facebook’s lawsuit at a U.S. federal court against the infamous Israeli spyware firm NSO Group Technologies (“NSO” stands for Niv, Shalev, and Omri, the company’s founders).
The lawsuit, filed in 2019, seeks unspecified damages and demands that NSO be denied access to Facebook’s services after NSO has used highly sophisticated spyware called “Pegasus” to hack into the phones of at least 1,400 individuals at the request of government officials. This includes politicians, diplomats, activists, journalists, and dissidents, some of whom have been arrested, tortured, or murdered as a consequence.
Such a lawsuit by a U.S. tech giant against an Israeli spyware firm with close ties to the Israeli government is unprecedented. Facebook has been notorious in terms of taking Israel’s side and cracking down on Palestinian content. Facebook has been blocking posts and accounts of Palestinian activists critical of Israel or supportive of the resistance to its occupation, while overlooking Israeli incitement against Palestinians – a 2019 study found that Israelis incite hatred of Arabs on social media once every 66 seconds.
Last May, Facebook even hired a former Israeli government official and censorship expert on its Oversight Board, which determines what content to permit or water down.
The reasons why the social media giant along with the world’s biggest tech companies would suddenly sue a prominent Israeli company is clear: NSO is out of control. Its malicious hacking services, which are virtually unconstrained, have become a major security threat in cyberspace.
Aiding Arab Dictatorships and Brutal Regimes
A few days before other tech giants joined Facebook’s lawsuit last December, the cybersecurity watchdog, Citizen Lab, reported that NSO had hacked into the personal phones of 36 journalists, producers, anchors, and executives at the leading Arab media network Al-Jazeera.
Described as the largest concentration of phone hacks targeting a single organization, this NSO spyware operation was conducted on behalf of the governments of Saudi Arabia and the United Arab Emirates. It was less than a year after NSO falsely claimed that it will respect human rights and take steps to prevent its tools being used to commit abuses in the future.
NSO’s hack of Al-Jazeera’s phones was merely the latest incident on an extensive list of spyware attacks carried out with impunity by the Israeli firm whose operations are heavily surrounded by secrecy and conducted in the dark. For instance, a 2017 report called “Gobierno Espía” found that NSO stood behind at least 80 hacks between 2015 and 2016 that targeted high-profile Mexican journalists, lawyers, and activists who reported on or campaigned against corruption.
Mansoor’s arrest was shortly after his phone was hacked by NSO on behalf of the UAE’s repressive government, using what’s known as a “zero-day exploit.”
In 2017, an eminent human rights activist in the UAE, Ahmed Mansoor, was arrested by Emirati authorities and sentenced in a sham trial to 10 years in prison on the charge of “using social media platforms to threaten public order.” Ever since, Mansoor has been subjected to brutal treatment, such as denial of medical attention and imprisonment in solitary confinement for inhumanely long periods.
Mansoor’s arrest was shortly after his phone was hacked by NSO on behalf of the UAE’s repressive government, using what’s known as a “zero-day exploit,” a vulnerability unknown to the software owners that hackers can exploit to gain a backdoor access to someone’s device without their knowledge or actions, such as clicking on a spam link.
According to Citizen Lab, the price of a single zero-day exploit can reach $1 million. It seems that the Emirati regime doesn’t mind recklessly squandering state resources to pursue their political rivals and assert their dominance. According to the New York Times, NSO helped the Emirati government spy on high-ranking officials in neighboring countries, including Saudi Minister of the National Guard, Prince Mutaib bin Abdullah, and attempted to intercept calls by the Emir of Qatar.
The Saudi government used NSO’s services to spy on and track the senior Saudi journalist and critic Jamal Khashoggi who was then mercilessly murdered at the Saudi consulate in Istanbul in 2018. In the same year, Amnesty International said that NSO was helping the Saudi regime to spy on a member of the organization’s staff.
Amnesty petitioned an Israeli court to revoke NSO’s export license given the damage it is causing; however, the court dismissed the case and argued that Israel’s Ministry of Defense maintains meticulous oversight procedures over defense exports. In October 2019, Facebook took preventative action and blocked the accounts of 100 NSO staff and their families. However, a Tel-Aviv court was quick to order Facebook to unblock some of those accounts.
Netanyahu’s Sacred Cow
So how does NSO wreak havoc freely, unconstrained, and with full impunity? Generally, Israel’s Ministry of Defense claims to maintain stringent criteria for issuing permits for the export of cyber intelligence technologies that come after a strenuous process of extreme vetting. Israel’s defense establishment claims that it then continues to oversee such projects even after a permit is issued. However, NSO is one of a number of cyber firms that get a free pass on their dangerous and destructive exports to repressive regimes.
Israel’s private spyware firms like NSO are the informal arm of Netanyahu’s government that are employed “off the record” to do the dirtiest work , such as espionage and interference in foreign countries. For instance, according to the 2020 report of the U.S. Senate Select Committee on Intelligence, an Israeli cyber intelligence firm, called Psy-Group, ran a $2 million voter suppression operation in support of Donald Trump’s 2016 campaign. The operation was paid by George Nader, an advisor to UAE de facto ruler Mohammed bin Zayed.
Similarly, NSO’s criminal and immoral operations have been an Israeli state-sanctioned bridge towards Israeli-Arab normalization with the UAE and Bahrain, two of the firm’s biggest clients. Recently, NSO helped the government of Morocco spy on a prominent Moroccan journalist a few months before official normalization between Israel and Morocco was announced.
Clearly, Israel’s cybersecurity industry is its competitive advantage to maintain relevance and significance in the international arena and gain the favor and support of client governments. However, with Israel unwilling to hold NSO to account, the company has become an unstoppable force of destruction; a tool that bolsters the power and hegemony of some of the world’s most repressive and brutal regimes; and a source of terror to activists who now fear that absolute cyber insecurity will become the region’s new normal.
Facebook’s lawsuit offers a glimmer of hope to stop NSO’s unconstrained assault on the right to privacy and security in cyberspace.
VIDEO: Facebook Sues Israeli Cyber Security Co. NSO Over WhatsApp Surveillance