It was the worst month in the history of NSO, an Israeli company whose exploits could economize an entire series on Netflix: the rise and fall of a cyber company that has gone too far.
The huge lawsuit that Apple is now filing against it in the U.S. is just the latest domino in a long series of lawsuits, legal decisions and embarrassing revelations that have created an identification between NSO and human rights violations, press persecution and invasion of privacy by civilians and social activists. Use or contact with Apple software, products and infrastructure.
Behind almost every article we read are hidden interests
We’re here to expose them. Join us in the fight
Support the seventh eye
A few weeks earlier, the U.S. government had announced the inclusion of NSO on a blacklist of companies not to be contacted without special approval, and a U.S. court gave the green light to a Facebook lawsuit accusing NSO of hacking WhatsApp accounts of “targets” around the world. A huge NSO with the French government has been canceled following the revelation that its products were used to label President Macron and senior ministers.Credit rating companies were quick to announce a negative outlook for the company.
In short, at the moment it seems that NSO’s biggest problem will be to prevent the flight of workers from a company that is considered disgusting in the eyes of international high-tech giants and in the eyes of foreign governments.
But our problem, in Israel, is elsewhere. NSO is yesterday’s news. The lesson of the company’s failure and its public and business downfall is now being learned by the other offensive cyber companies operating in Israel. Some are already well known, and have appeared in reports and investigations by cyber institutes and human rights organizations around the world. On others we probably will not hear. They will make great efforts to stay completely under the radar, maybe even sign up outside Israel.
Cyber has become an asset and a burden
The NSO affair taught the heads of cyber companies that initiatives of “social responsibility” (assistance to needy families, sponsorship of military cyber units for young people with disabilities, inauguration of technological fathers in the periphery), are unable to save the image of a company doing business with the bad guys. When the US boycotts you and Apple sues you, it’s hard to recruit talented and complicated programmers to do business.
The trouble is that as long as the Israeli government does not restrain such companies on its own initiative, they will continue to serve anyone who is willing to pay – we just will not know about it.
Just a week ago, another ESET investigation revealed that malware from the Israeli Kandiro was used to plant spyware on dozens of new sites in England and the Middle East (a method known as a “water cistern” attack). One of the sites is the English Middle East Eye which covers the Middle East and also Israel and criticizes the undemocratic governments in the Gulf states. Candiro has previously stated that it is known to governments only.
Brigadier General Yair Koles, Head of the Defense Export Division (SIBT) at the Ministry of Defense (Photo: US Department of Defense, CC)
Another lesser-known company that has recently been exposed is Squadrons, which develops hacking and spyware for cell phones that are very similar to those of NSO (for example, gluing in “Zero Click”, without any action on the part of the user). The Marker reported that Squadrons are doing business with the Saudi government through a Cypriot company that is not subject to Ministry of Defense oversight. The ruler of Saudi Arabia has become famous in recent years for oppressing rivals and family members, as well as for the horrific assassination of journalist Jamal Khushkji. These companies are just the tip of the iceberg below the sinking NSO.
Make no mistake – you do not have to be a left-wing human rights activist and tribunal in The Hague to object to offensive cyber. Offensive cyber damage does not only concern human rights activists, opposition figures and journalists in distant places. The exploits of industry, which in the past benefited Israel’s diplomatic interest in undemocratic countries, now create peripheral and direct damage to the Israeli public, economic and governmental interest on many levels. The acute diplomatic crises with the US and France are already hard to hide. Bennett and his envoys may have managed to get the French out of the tree, but the Americans did not cooperate, and insisted on marking the NSO and Kandiro as “hostile” companies.
But beyond the diplomatic damage there is the commercial harm. The shock waves of the international exposures on NSO – the Pegasus project, the lawsuits of Facebook and Apple – endanger the entire Israeli high-tech, and certainly the defense industries. Large companies like Amazon and other cloud service providers will think twice before collaborating with Israeli technology. We have not yet talked about the occupation, and the constant pressure that pro-Palestinian elements are exerting on the technology giants to stop providing services and products to the defense establishment and the Israeli government.
In the Knesset: Fall on the transparency debate
One important lesson from the NSO affair is that our public pressure, in Israel, should focus on the Ministry of Defense, the government and Knesset members. The problem does not lie in a particular technology company, but in a system that allows such companies to turn in corrupt and immoral directions, which are detrimental to the Israeli interest.
A host of tools can curb NSO’s secret successors. It is already clear that the Israeli offensive cyber industry, despite its contribution to oppressive regimes and human rights abuses, is attracting interest and investment from around the world. According to Calcalist, it is one of the world leaders in cyber investments. This does not mean that the whole industry should be closed down, but that clear and unambiguous rules should be set for it that will prevent it from harming. Experts are already there, recommendations have already been written.
Some of these steps appear, for example, in a detailed position paper written by experts from the Israel Democracy Institute – Dr. Tehila Schwartz Altshuler, Adv. Amir Kahana and Dr. Rachel Aridor Hershkovitz. The Knesset, although it is not clear when the debate will take place and who will participate in it.
MK Ram Ben-Barak (Photo: Yonatan Zindel)
This position paper recommends, among other things, targeting the control of security exports of offensive cyber with requirements that will minimize the chance of human rights violations and the service of oppressive regimes. For example: consider human rights protection considerations in decision-making processes; Increase the transparency of the licensing process; Simplify complex regulation; Transfer responsibility for dual-use technologies (both civilian and military) from the Ministry of Defense to the Ministry of Economy; Take into account broader considerations, such as possible harm to the entire high-tech industry; And impose a cooling-off obligation on senior retirees from the defense establishment before crossing the road to offensive cyber companies – as happened with senior NSO officials.
In a Washington Post article quoted in the paper, jurists David Kay and Mariette Shack – the UN Commissioner for Freedom of Expression, and a senior researcher at Stanford University – warn of an “international disaster of surveillance technologies, in which surveillance tools will flood the world following failure” “Although this is a global problem, the two say the size of the Israeli offensive cyber industry and the fact that it has become a rental intelligence arm for foreign governments, place a special responsibility on Israel.
Kay and Shaq call on Israel to restrict the export of technologies to countries that do not meet human rights standards, and to increase the transparency of the registration and documentation of recognized companies and the approval and supervision process. At the same time, restrictions must be imposed and transparency must also be demanded from the foreign governments that purchase the technologies. They further call for allowing victims of espionage technologies to sue in international courts both the governments that persecuted them and the companies that produced the technology.
Israel is still very far from implementing these recommendations. The Knesset even refuses to say when they will be debated in the legislature. If the Israeli authorities want to prove that the civic interest and the principles of democracy and freedom are at the forefront of their minds, it is time to burden this toxic industry instead of cultivating it.