Leak exposes how Israeli firm allows governments to track smartphone users

The leaked internal documents show that NSO Group charges customers $1.15 million to access 10 iPhones.

A girl holds a smartphone (photo credit: ILLUSTRATIVE: REUTERS)
A girl holds a smartphone
Documents from the Israeli digital surveillance company have been leaked to the "New York Times." Israeli company NSO Group Technologies Ltd., which develops sophisticated mobile phone hacking software, capable of extracting information from any mobile device, anywhere, now finds itself the victim of a 'hack' of a different kind. Internal company documents, including employee email correspondence, contracts and business proposals have been leaked to the "New York Times".
On Saturday, the newspaper reported confidential details gleaned from these documents, including the price of NSO services and its vetting of potential customers. The "New York Times" also reported on the intention of a US company which is one of NSO's controlling stakeholders to sell its stake for ten times the price it paid to acquire it.
The NSO Group hit the headlines last week, after a United Arab Emirates human rights activist, assisted by an information security researcher from Canada, had discovered a tracking system known as Pegasus on his mobile phone. Pegasus is known to be an NSO product. They also discovered another target: a Mexican journalist who wrote about corruption in the Mexican government.
According to an August 2013 "Defense News" article, "Pegasus" is aimed at countering a breach often used by terrorists and criminals in the past few years: frequently changing SIM cards and using encryption applications and protocols in order to avoid potential monitoring. NSO overcomes these defense mechanisms by remotely-monitored interception.
In order to target a certain mobile phone, its owner is sent an ostensibly innocent SMS message. When he opens the message, the software is installed on the device, enabling system operators to extract any device data from messages and emails to the stored search history and lists of contacts and address, without the awareness or approval of the phone's service provider, and of course without the knowledge of the device owner. And, this is only one of the methods employed.
"We are practically a ghost", NSO co-founder Omri Lavie told "Defense News." "For the target, we are completely invisible and leave no traces whatsoever." According to the "New York Times", the documents had been provided by two of NSO Group's business contacts, whose names were not specified for fear of reprisals, and shed light on the modus operandi of the secretive digital surveillance industry.
These internal documents detail pitches to countries throughout Europe and multi-million-dollar contracts with Mexico for three projects over three years. The contacts with Mexico were exposed in emails dated in 2013. In response to reports indicating that a Mexican journalist had been monitored using his mobile phone, a spokesman for the Mexican embassy in Washington said that intelligence systems are not used against journalists or activists and that "All foreign company-R.D.] contracts with the federal government are done in accordance with the law.”
And how much will it cost a certain country's security service, or any other entity, to spy on any mobile phone owner and learn his location and communications at any given time, without him being aware? According to the documents acquired by the "New York Times", the NSO Group prices its surveillance tools much like traditional software companies. First of all, the client will have to pay a flat $500,000 installation fee. Then, according to an NSO commercial proposal, the client has to pay $650,000 to spy on 10 iPhone or Android users; $500,000 for five BlackBerry users; or only $300,000 for five Symbian users.
Further surveillance targets will require the client to pay an additional fee: $800,000 for 100 extra targets; $500,000 for 50 extra targets; or $150,000 for 20 extra targets. NSO also charges a further annual system maintenance fee of 17% of the total price every year after the initial order.
In its commercial proposal, NSO says that its tracking software can be installed in a number ways, including “over the air stealth installation,” a text message tailored to the customer, aimed at avoiding raising his suspicion, an approach that had failed in Abu Dhabi; or through Wi-Fi hot spots rigged to install NSO Group software on specific devices. The company also offers another alternative: installing the software on a specific device in person, using a human spy.
And what does the client get in exchange for such a substantial investment? According to NSO documents, he receives “unlimited access to a target’s mobile devices.” The ordering party can “remotely and covertly collect information about the target’s relationships, location, phone calls, plans and activities - whenever and wherever they are…[and]It leaves no traces whatsoever."
Ten people familiar with the company’s sales, who refused to be identified, told the "New York Times" that the company carries out a strict internal vetting process to determine who it will sell to. An ethics committee made up of employees and external counsel vets potential customers based on human rights rankings set by the World Bank and other global bodies. And to date, these people all said, NSO has yet to be denied an export license.
The New York Times quotes sources who have criticized NSO's digital surveillance operations, saying that its software is also used to monitor journalists and human rights activists. “There’s no check on this,” said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “Once NSO’s systems are sold, governments can essentially use them however they want. NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place.”
The newspaper adds that NSO’s capabilities are in higher demand now that companies like Apple, Facebook and Google are using stronger encryption means to protect data in their systems. As a result, government agencies have found it harder to track suspects.
NSO is one of a dozen digital surveillance companies using mobile phones for monitoring. According to the "New York Times", they market their services "aggressively" to governments and law enforcement agencies around the globe. They argue that their spying services are essential to track terrorists, kidnappers and drug traffickers.
The "New York Times" says that the digital surveillance industry, typified by the NSO Group operates in a "legal gray area". The companies often decide on their own how far they are willing to go to expose the target’s personal life and what governments they will do business with. Israel has strict export controls for digital weaponry, but the country has never barred an NSO Group deal with a foreign country.
One indication of the high demand for NSO Group services may be the fact that San Francisco-based private equity firm Francisco Partners, which acquired a controlling stake in NSO in 2014 for $120 million, now considers selling its stake for ten times this price, according to two people approached by the firm.