A few months after the initial approach, NSO’s chief executive, Shalev Hulio, landed in Uganda to seal the deal, according to two people familiar with NSO’s East Africa business. Hulio, who flew the world with the permission of the Israeli government to sell Pegasus, liked to demonstrate in real time how it could hack a brand-new, boxed iPhone.
The eventual business was small for NSO. A person familiar with the transaction said it brought in between $10 million and $20 million, a fraction of the $243 million that Moody’s estimated the privately owned NSO made in revenues in 2020.
But about two years after the sales pitch, someone deployed Pegasus to try to hack the phones of 11 American diplomats and employees of the US embassy in Uganda, according to two US officials, who spoke after notifications were sent out by Apple when the iPhone maker discovered and closed a flaw in its operating system in November.
It is not clear who tried to hack the US citizens. Uganda’s neighbor, Rwanda, had also been using Pegasus to hack phones inside Uganda, but the revelation shocked the US. NSO has always told its customers that US phone numbers are off-limits. In this case, all 11 targets were using Ugandan numbers but had Apple logins using their State Department emails, according to the two US officials.
Mehul Srivastava
A story about smartphone security at first glance, to me it blatantly exposes the ingrained hypocrisy of US foreign policy. Earlier this summer, an investigative report revealed how NSO’s Pegasus spyware was used to target tens of thousands of prominent personalities from all over the world (with the exception of the United States). The US response at the time: crickets… The same software was apparently used by the Polish government to hack an opposition senator, and the list of examples certainly wouldn’t stop here.
Israeli and US officials declined to confirm that the Ugandan hack directly triggered a decision to blacklist NSO. But one US official who discussed the issue with Israel’s defense ministry said:
Look at the entire sequence of events here—this is careful, not by chance.He added that putting NSO, one of the jewels of Israel’s tech community, on a US blacklist was designed to “punish and isolate” the company.The blacklisting, which came in November, means that NSO cannot buy any equipment, service, or intellectual property from US-based companies without approval, crippling a company whose terminals ran on servers from Dell and Intel, routers from Cisco, and whose desktop computers run on Windows operating systems, according to a spec sheet from a sale to Ghana, in West Africa.
Last Wednesday, that window also narrowed—18 US senators wrote to Secretary of State Antony Blinken and Treasury Secretary Janet Yellen to sanction NSO under the Magnitsky Act, alongside a handful of other cyber surveillance firms.
If the US acts upon that request, NSO would be cut off from the US banking system, and its employees would be barred from traveling to the US.
Now that the same spyware was deployed against a mere dozen of US citizens, the flurry of measures against NSO are reaching apocalyptic proportions, to the point that the company would barely be able to operate. Is this a proportionate response based on a consistent set of rules? Evidently not; if the US would genuinely care about reducing hacking against activists and other democratic leaders it would have introduced sanctions against NSO years ago. Instead, they condoned these practices, as long as it didn’t directly impact US citizens… How are other leaders supposed to take the US seriously when they discuss cybersecurity or promoting democracy, if their actions clearly reveal that the US is only interested in protecting its own turf?!
Post a Comment