The Daily - The Sunday Read: 'The Battle for the World’s Most Powerful Cyberweapon'
Episode Date: February 27, 2022Ronen Bergman and Mark Mazzetti investigate Pegasus, an Israeli spying tool that was acquired for use by the F.B.I., and which the United States government is now trying to ban.Pegasus is used globall...y. For nearly a decade, NSO, an Israeli firm, had been selling this surveillance software on a subscription basis to law-enforcement and intelligence agencies around the world, promising to consistently and reliably crack the encrypted communications of any iPhone or Android smartphone.The software has helped the authorities capture drug lords, thwart terrorist plots, fight organized crime, and, in one case, take down a global child-abuse ring, identifying suspects in more than 40 countries. But it has been prone to abuses of power: The Mexican government deployed Pegasus against journalists and political dissidents; and it was used to intercept communications with Jamal Khashoggi, a columnist for The Washington Post, whom Saudi operatives killed and dismembered in Istanbul in 2018.Cyberweapons are here to stay — but their legacy is still to be determined.This story was written by Ronen Bergman and Mark Mazzetti and recorded by Audm. To hear more audio stories from publications like The New York Times, download Audm for iPhone or Android.
Transcript
Discussion (0)
Hi, my name is Roland Bergman.
I am an investigative reporter for the New York Times Magazine.
I wrote a story with my colleague Mark Mazzetti
about one of the most powerful
and some would say notorious weapons on Earth.
This weapon can intercept the means of communication
used by a vast amount of mankind, Android and iOS
on smartphones, and it does it better than any other intelligence agency in the world.
The weapon's name is Pegasus, and it was made by an Israeli company, it's called NSO, probably
the most successful cyber company in the world.
probably the most successful cyber company in the world.
So traditionally, law enforcement and intelligence agencies could look at the communication between two individuals.
What they needed to do was to look at the physical channel of communication between them,
like copper wires or telephone or fiber optics or satellites.
But with the introduction of smartphones,
along with instant messaging apps like Signal or WhatsApp or Telegram,
using military-grade encryption,
suddenly looking at the pipeline was just not enough.
Because you could look at the communications,
but it would take a supercomputer years to figure out
what was actually said or exchanged. could look at the communications, but it would take a supercomputer years to figure out what
was actually said or exchanged.
NSO was the first to understand the business potential here.
With Pegasus, they developed a way to hack a phone, get control over it, and grab the
data before it was encrypted.
And that has become the key to intelligence and law enforcement agencies that wanted to catch pedophiles and drug traffickers or terrorists
because there was no other way to look at their communication.
Pegasus also became popular with tyrants and dictators
who wanted to exploit it against civil society,
human rights activists, political dissidents, journalists.
And as a part of our research for this New York Times Magazine story,
we witnessed a demonstration of Pegasus.
It takes only 45 minutes to capture the complete content of the phone.
You had the ability to order the phone, to open the microphone,
or to take photographs of what was happening in the room.
This is not an Israeli story, however.
It's about an Israeli company
and product, but much of it
happens in the U.S.
Mark Mazzeri and I discovered
that while many U.S. military
and intelligence agencies had
negotiated buying a Pegasus from
NSO, the FBI and CIA
ended up actually buying one
each,
something that the agency had never before disclosed.
In June of 2019, the FBI had installed Pegasus
in a site in New Jersey,
while also discussing buying another
to be used against American numbers.
The FBI claims that they never used Pegasus operationally
and they only had it for testing and evaluation.
But testing and evaluation could mean anything.
And to this day, the system remains at the FBI site
in New Jersey, it's waiting to be reactivated.
So here's our article from the New York Times Magazine, The Battle for the World's Most Powerful Cyberweapon, read by Malcolm Hillgartner.
This was recorded by Autumn.
To listen to more stories from The New York Times, The New Yorker, Vanity Fair, The Atlantic,
and other publications on your smartphone, download AUDM on the App Store
or the Play Store.
Visit AUDM, that's A-U-D-M, dot com, for more details. In June 2019, three Israeli computer engineers arrived at a New Jersey building used by the FBI.
They unpacked dozens of computer servers, arranging them on tall racks in an isolated room.
As they set up the equipment, the engineers made a series of calls to their bosses in Herzliya, a Tel Aviv suburb, at the headquarters for NSO Group, the world's most notorious maker of spyware.
Then, with their equipment in place, they began testing.
The FBI had bought a version of Pegasus, NSO's premier spying tool.
of Pegasus, NSO's premier spying tool. For nearly a decade, the Israeli firm had been selling its surveillance software on
a subscription basis to law enforcement and intelligence agencies around the world, promising
that it could do what no one else, not a private company, not even a state intelligence service,
could do, consistently and reliably crack the encrypted communications of any
iPhone or Android smartphone.
Since NSO had introduced Pegasus to the global market in 2011, it had helped Mexican authorities
capture Joaquin Guzman Loera, the drug lord known as El Chapo.
European investigators have quietly used Pegasus to thwart
terrorist plots, fight organized crime, and, in one case, take down a global child abuse ring,
identifying dozens of suspects in more than 40 countries. In a broader sense, NSO's products
seem to solve one of the biggest problems facing law enforcement and intelligence agencies in the 21st century.
That criminals and terrorists had better technology for encrypting their communications than investigators had to decrypt them.
The criminal world had gone dark, even as it was increasingly going global.
even as it was increasingly going global.
But by the time the company's engineers walked through the door of the New Jersey facility in 2019,
the many abuses of Pegasus had also been well documented.
Mexico deployed the software not just against gangsters,
but also against journalists and political dissidents.
The United Arab Emirates used the software to hack the phone of a civil rights activist whom the government threw in jail. Saudi Arabia used it against
women's rights activists and, according to a lawsuit filed by a Saudi dissident,
to spy on communications with Jamal Khashoggi, a columnist for the Washington Post,
whom Saudi operatives killed and dismembered in Istanbul in 2018.
None of this prevented new customers from approaching NSO, including the United States.
The details of the FBI's purchase and testing of Pegasus have never before been made public.
Additionally, the same year that Khashoggi was killed,
the Central Intelligence Agency arranged and paid for the government of Djibouti
to acquire Pegasus to assist the American ally in combating terrorism,
despite long-standing concerns about human rights abuses there,
including the persecution of journalists and the torture of government opponents.
including the persecution of journalists and the torture of government opponents.
The DEA, the Secret Service, and the U.S. military's Africa Command had all held discussions with NSO.
The FBI was now taking the next step.
As part of their training, FBI employees bought new smartphones at local stores
and set them up with dummy accounts, using SIM cards from other countries.
Pegasus was designed to be unable to hack into American numbers.
Then the Pegasus engineers, as they had in previous demonstrations around the world, opened their interface, entered the number of the phone, and began an attack.
entered the number of the phone, and began an attack.
This version of Pegasus was zero-click.
Unlike more common hacking software,
it did not require users to click on a malicious attachment or link.
So the Americans monitoring the phones could see no evidence of an ongoing breach.
They couldn't see the Pegasus computers connecting to a network of servers around the world,
hacking the phone, then connecting back to the equipment at the New Jersey facility.
What they could see, minutes later, was every piece of data stored on the phone as it unspooled onto the large monitors of the Pegasus computers.
Every email, every photo, every text thread, every personal contact.
They could also see the phone's location and even take control of its camera and microphone.
FBI agents using Pegasus could, in theory, almost instantly transform phones around the world
into powerful surveillance tools, everywhere except in the United States.
Ever since the 2013 revelations by Edward Snowden,
a former national security agency contractor,
about US government surveillance of American citizens,
few debates in this country have been more fraught
than those over the proper scope of domestic spying.
fraught than those over the proper scope of domestic spying. Questions about the balance between privacy and security took on new urgency with the
parallel development of smartphones and spyware that could be used to scoop up the terabytes
of information those phones generate every day.
Israel, wary of angering Americans by abetting the efforts of other countries to spy on
the United States, had required NSO to program Pegasus so it was incapable of targeting U.S.
numbers. This prevented its foreign clients from spying on Americans, but it also prevented
Americans from spying on Americans. NSO had recently offered the FBI a workaround.
During a presentation to officials in Washington, the company demonstrated a new system called
Phantom that could hack any number in the United States that the FBI decided to target.
Israel had granted a special license to NSO, one that permitted its Phantom system to attack
U.S. numbers.
The license allowed for only one type of client, U.S. government agencies.
A slick brochure put together for potential customers by NSO's U.S. subsidiary,
obtained by the Times, says that Phantom allows American law enforcement and spy agencies
to get intelligence by extracting and
monitoring crucial data from mobile devices it is an independent solution that requires
no cooperation from at t verizon apple or google the system it says will turn your target's smartphone into an intelligence goldmine.
The Phantom presentation triggered a discussion among government lawyers at the Justice Department and the FBI that lasted two years across two presidential administrations, centering on a basic question.
Could deploying Phantom inside the United States run afoul of
long-established wiretapping laws? As the lawyers debated, the FBI renewed the contract for the
Pegasus system and ran up fees to NSO of approximately $5 million. During this time,
NSO engineers were in frequent contact with FBI employees,
asking about the various technological details that could change the legal implications of an attack.
The discussions at the Justice Department and the FBI continued until last summer,
when the FBI finally decided not to deploy the NSO weapons. It was around this time that a consortium of news organizations called Forbidden Stories brought forward new revelations about NSO cyberweapons and their use against journalists and political dissidents.
The Pegasus system currently lies dormant at the facility in New Jersey.
An FBI spokeswoman said that the Bureau examines new technologies,
not just to explore a potential legal use, but also to combat crime and to protect both the American people and our civil liberties.
That means we routinely identify, evaluate, and test technical solutions and services
for a variety of reasons, including possible operational and security concerns
they might pose in the wrong hands.
The CIA, the DEA, the Secret Service, and Africa Command declined to comment.
A spokesman for the government of Djibouti said the country had never acquired or used Pegasus.
In November, the United States announced what appeared,
at least to those who knew about its previous dealings,
to be a complete about-face on NSO.
The Commerce Department was adding the Israeli firm
to its entity list for activities
contrary to the national security or foreign policy interests
of the United States.
The list, originally designed to prevent U.S. companies from selling to nations or other entities
that might be in the business of manufacturing weapons of mass destruction,
had in recent years come to include several cyberweapons companies.
NSO could no longer buy critical supplies from American firms
It was a very public rebuke of a company
that had in many ways become the crown jewel of the Israeli defense industry
Now, without access to the American technology it needed to run its operations
including Dell computers and Amazon cloud servers
it risked being unable to function.
The United States delivered the news to Israel's Ministry of Defense less than an hour before
it was made public.
Israeli officials were furious.
Many of the headlines focused on the specter of an out-of-control private company, one
based in Israel but largely funded offshore. But authorities in Israel reacted
as if the ban were an attack on the state itself. The people aiming their arrows against NSO,
said Eagle Una, director general of the Israel National Cyber Directorate until January 5th,
are actually aiming at the blue and white flag hanging behind it.
5th, are actually aiming at the blue and white flag hanging behind it.
The Israelis' anger was, in part, about U.S. hypocrisy. The American ban came after years of secretly testing NSO's products at home and putting them in the hands of at least one country,
Djibouti, with a record of human rights abuses. But Israel also had its own interests to protect.
To an extent not previously understood,
Israel, through its internal export licensing process,
has ultimate say over who NSO can sell its spyware to.
This has allowed Israel to make NSO
a central component of its national security strategy for years,
using it and similar firms to advance the country's interests around the world.
A year-long Times investigation, including dozens of interviews with government officials,
leaders of intelligence and law enforcement agencies, cyber weapons experts,
business executives and privacy activists in a dozen countries,
shows how Israel's ability to approve or deny access to NSO's cyber weapons
has become entangled with its diplomacy.
Countries like Mexico and Panama have shifted their positions toward Israel
in key votes at the United Nations after winning access to Pegasus.
Israel in key votes at the United Nations after winning access to Pegasus.
Times reporting also reveals how sales of Pegasus played an unseen but critical role in securing the support of Arab nations in Israel's campaign against Iran,
and even in negotiating the Abraham Accords, the 2020 diplomatic agreements that normalized
relations between Israel and some of its longtime Arab adversaries.
The combination of Israel's search for influence and
NSO's drive for profits has also led to the powerful spying tools ending up in the hands of a new generation of
nationalist leaders worldwide.
Though the Israeli government's oversight was meant to prevent the powerful spyware from being used in repressive ways,
Pegasus has been sold to Poland, Hungary, and India, despite those countries' questionable records on human rights.
The United States has made a series of calculations in response to these developments,
secretly acquiring, testing, and deploying the company's technology,
even as it has denounced the company in public
and sought to limit its access to vital American suppliers.
The current showdown between the United States and Israel
over NSO demonstrates how governments increasingly view
powerful cyber weapons the same way they have long viewed
military hardware like fighter jets and centrifuges,
not only as pivotal to national defense, but also as a currency with which to buy influence around the world.
Selling weapons for diplomatic ends has long been a tool of statecraft.
Foreign service officers posted in American embassies abroad have served for years
as pitchmen for defense firms hoping to sell arms to their client states, as the thousands
of diplomatic cables released by WikiLeaks in 2010 showed. When American defense secretaries
meet with their counterparts in allied capitals, the end result is often the announcement of an arms deal that pads the
profits of Lockheed Martin or Raytheon. Cyberweapons have changed international
relations more profoundly than any advance since the advent of the atomic bomb. In some ways,
they are even more profoundly destabilizing. They are comparatively cheap, easily distributed, and can be deployed without
consequences to the attacker. Dealing with their proliferation is radically changing the nature of
state relations, as Israel long ago discovered, and the rest of the world is now also beginning
to understand. For Israel, the weapons trade has always been central to the country's sense of national survival.
It was a major driver of economic growth, which in turn funded further military research and development.
But it also played an important role in forging new alliances in a dangerous world.
In the 1950s, when the nation was still young and essentially powerless,
In the 1950s, when the nation was still young and essentially powerless,
its first prime minister, David Ben-Gurion,
established covert links with countries and organizations that lay just outside the ring of hostile Arab states that surround Israel.
He called this approach the Periphery Doctrine,
and his foreign intelligence agency, the Mossad,
began weaving a network of secret contacts inside countries
throughout the Middle East, Asia, and Africa, including many that publicly sided with Arabs.
Offering advanced weapons was a key to making those connections.
By the mid-1980s, Israel had firmly established itself as one of the world's top arms exporters,
with an estimated one in ten of the nation's workers employed by the industry in some way.
All of this bought goodwill for Israel from select foreign leaders,
who saw the military aid as essential to preserving their own power.
In turn, those countries often voted in Israel's favor at the United Nations General Assembly,
the Security Council, and other international forums.
They also allowed the Mossad and the Israel Defense Forces
to use their countries as bases to launch operations against Arab nations.
As cyber weapons began to eclipse fighter jets in the schemes of military planners,
a different kind of weapons industry emerged in Israel.
Veterans of Unit 8200,
Israel's equivalent of the National Security Agency,
poured into secretive startups in the private sector,
giving rise to a multi-billion dollar cybersecurity industry.
As with purveyors of conventional weapons,
cyber weapons makers are required
to obtain export licenses from Israel's Ministry of Defense to sell their tools abroad, providing
a crucial lever for the government to influence the firms and, in some cases, the countries that
buy from them. None of these firms have been as wildly successful or as strategically useful to the Israeli government as NSO.
The firm has its roots in a former chicken coop in Benet Zion, an agricultural cooperative just outside Tel Aviv.
In the mid-2000s, the building's owner, realizing that coders might deliver a better profit than chickens,
gave the space a light makeover and began renting it to technology startups looking for cheap office space.
Among the startup founders there, Shalev Julio stood out from the veteran programmers around him.
He was charismatic and easy to spend time with, but he also gave the impression, at least initially,
of being somewhat naive.
He and his partner, Henri Lévy, an old friend from school,
had each done their mandatory military service in combat units,
rather than intelligence or technology,
and for years they struggled to find a product that would connect.
They developed a video marketing product, which briefly took off but then crashed with the 2008 global recession.
They then started another company called Communitake that offered cell phone tech
support workers the ability to take control of their customers' devices with permission.
That idea met with little enthusiasm, so the two friends pivoted to a very different kind of customer. A European
intelligence agency found out about our innovation and contacted me, Julio recalled in an interview.
What quickly emerged was that their product could solve a much bigger problem than customer service.
For years, law enforcement and intelligence agencies had been able to intercept and understand communications in transit.
But as powerful encryption became widely available, that was no longer the case.
They could intercept a communication, but they could no longer understand what it said.
If they could control the device itself, though, they could collect the data before it was encrypted.
Communitech had already figured out how to control the devices. All the partners needed was a way to do so,
without permission. And so NSO was born. Julio and Lévy, lacking the contacts they would need
to scale their product, brought in a third partner, Niv Karmi, who had served both in military
intelligence and in the Mossad. They took the company name from their first initials, Niv,
Shalev, and Omri, that it sounded a little like NSA was a happy coincidence, and began hiring.
Recruitment was the essential ingredient of their business plan. The company would eventually employ more than 700 people in offices around the world
and a sprawling headquarters in Herzliya,
where individual labs for Apple and Android operating systems are filled with racks of smartphones
undergoing constant testing by the firm's hackers as they seek and exploit new vulnerabilities.
Nearly every member of NSO's research team is a veteran of the intelligence services.
Most of them served with Amman, the Israeli Military Intelligence Directorate, the largest
agency in the Israeli espionage community, and many of them in Amman's Unit 8200.
The company's most valuable employees are all graduates of elite training courses,
including a secretive and prestigious Unit 8200 program called ARAM that accepts only a handful
of the most brilliant recruits and trains them in the most advanced methods of cyber weapons
programming. There are very few people with this kind of training anywhere in the world,
and soon enough, few places would have a higher concentration of them
than NSO's headquarters in Herzliya,
where there were not just a few top specialists, but hundreds.
This would provide NSO with an incredible competitive advantage.
All of those engineers would work daily to find zero days,
i.e. new vulnerabilities in phone software
that could be exploited to install Pegasus. Unlike rival firms, which generally struggle
to find even a single zero day, and therefore could be shut down if it were made public,
NSO would be able to discover and bank multitudes of them. If someone locked one back door,
a company could quickly open another.
In 2011, NSO engineers finished coding
the first iteration of Pegasus.
With its powerful new tool, NSO hoped to quickly build a stable of clients in the West.
But many countries, especially those in Europe, were initially wary of buying foreign intelligence products.
There was a particular concern about Israeli companies that were staffed by former top intelligence officials.
Potential customers feared that their spyware might be contaminated with even deeper spyware,
allowing the Mossad access to their internal systems.
Reputation mattered, both for sales and for holding on to the well-trained coders who
had made Pegasus a reality.
Julio appointed Major General Avigdor
Bengal, a Holocaust survivor and a highly respected combat officer, as NSO's chairman,
and established what he said would be the company's four main pillars.
NSO would not operate the system itself. It would sell only to governments, not to individuals or
companies. It would be selective about which governments it allowed to use the software.
And it would cooperate with Israel's Defense Export Controls Agency, or DECA, to license
every sale.
The decisions NSO made early on about its relationship with regulators ensured that
it would function as a close ally, if not an
arm, of Israeli foreign policy. Bengal saw that this oversight was crucial to NSO's growth.
It might restrict which countries the company could sell to, but it would also protect the
company from public blowback about what its clients did. When he informed the defense ministry that
NSO would voluntarily be subject to oversight,
the authorities also seemed happy with this plan.
One former military aide to Benjamin Netanyahu, at the time Israel's prime minister,
explained the advantages quite clearly.
With our Defense Ministry sitting at the controls of how these systems move around, he said,
we will be able to exploit them and reap diplomatic profits.
The company quickly got its first major break.
Mexico, in its ongoing battle against drug cartels,
was looking for ways to hack the encrypted BlackBerry messaging service
favored by cartel operatives.
The NSA had found a way in,
but the American agency offered Mexico only sporadic access.
Julio and Bengal arranged a meeting with Mexico's president, Felipe Calderon, and arrived with an aggressive sales pitch.
Pegasus could do what the NSA could do, and it could do so entirely at the command of Mexican authorities.
Calderon was interested.
at the command of Mexican authorities. Calderon was interested. Israel's Ministry of Defense informed NSO that there was no issue with selling Pegasus to Mexico, and a deal was finalized.
Soon after, investigators at an office of the Center for Investigation and National Security,
or CISEN, now called the Center for National Investigation, went to work with one of the Pegasus machines.
They fed the mobile phone number of a person connected to Joaquin Guzman's Sinaloa cartel into the system,
and the BlackBerry was successfully attacked.
Investigators could see the content of the messages,
as well as the locations of different BlackBerry devices.
Suddenly we started to see and hear anew, says a former CSUN leader.
It was like magic. In his view, the new system had revitalized their entire operation.
Everyone felt like maybe for the first time we could win. It was also a win for Israel.
Mexico is a dominant power in Latin America, a region where Israel for years has
waged a kind of diplomatic trench warfare against anti-Israeli groups supported by the country's
adversaries in the Middle East. There is no direct evidence that Mexico's contracts with NSO
brought about a change in the country's foreign policy toward Israel, but there is at least a
recognizable pattern of correlation.
After a long tradition of voting against Israel at United Nations conferences,
Mexico slowly began to shift no votes to abstentions. Then in 2016, Enrique Peña Nieto,
who succeeded Calderón in 2012, went to Israel, which had not seen an official visit from a Mexican president since 2000.
Netanyahu visited Mexico City the following year,
the first visit ever by an Israeli prime minister.
Shortly after, Mexico announced that it would abstain from voting
on several pro-Palestinian resolutions that were being considered by the United Nations. In a statement, Netanyahu's spokesman said that the former Prime Minister never sought
a quid pro quo when other countries wanted to buy Pegasus. The claim that Prime Minister
Netanyahu spoke to foreign leaders and offered them such systems in exchange for political or other measures is a complete
and utter lie. All sales of this system or similar products of Israeli companies to foreign countries
are conducted with the approval and supervision of the Ministry of Defense, as outlined in Israeli
law. The Mexico example revealed both the promise and the perils of working within SO.
example revealed both the promise and the perils of working within SO. In 2017, researchers at Citizen Lab, a watchdog group based at the University of Toronto, reported that authorities
in Mexico had used Pegasus to hack the accounts of advocates for a soda tax as part of a broader
campaign aimed at human rights activists, political opposition movements, and journalists.
More disturbing, it appeared that someone in the government had used Pegasus to spy on lawyers
working to untangle the massacre of 43 students in Iguala in 2014. Tomás Cerón de Lucio,
the chief of the Mexican equivalent of the FBI, was a main author of the federal government's
version of the event, which concluded that author of the federal government's version of the
event, which concluded that the students were killed by a local gang. But in 2016, he became
the subject of an investigation himself, on suspicion that he had covered up federal involvement
in the events there. Now it appeared that he might have used Pegasus in that effort.
One of his official duties was to sign
off on the procurement of cyber weapons and other equipment. In March 2019, soon after Andres Manuel
Lopez Obrador replaced Peña Nieto after a landslide election, investigators charged that
Zerón had engaged in torture, abduction, and tampering with evidence in relation to the Iguala massacre.
Ceron fled to Canada and then to Israel, where he entered the country as a tourist and where,
despite an extradition request from Mexico, which is now seeking him on additional charges
of embezzlement, he remains today. The American reluctance to share intelligence was creating other opportunities
for NSO and for Israel. In August 2009, Panama's new president, Ricardo Martinelli, fresh off a
presidential campaign grounded on promises of eliminating political corruption, tried to
persuade U.S. diplomats in the country to give him surveillance equipment to
spy on security threats as well as political opponents, according to a State Department
cable published by WikiLeaks. The United States will not be party to any effort to expand wire
taps to domestic political targets, the deputy chief of mission replied.
the deputy chief of mission replied.
Martinelli tried a different approach.
In early 2010, Panama was one of only six countries at the UN General Assembly to back Israel against a resolution to keep the Goldstone Commission report on war crimes
committed during the 2008-2009 Israeli assault on Gaza on the international agenda.
2009 Israeli assault on Gaza on the international agenda. A week after the vote,
Martinelli landed in Tel Aviv on one of his first trips outside Latin America.
Panama will always stand with Israel, he told the Israeli president, Shimon Peres, in appreciation of its guardianship of the capital of the world, Jerusalem. He said he and his entourage of ministers, business people,
and Jewish community leaders had come to Israel to learn.
We came a great distance, but we are very close
because of the Jewish heart of Panama, he said.
Behind closed doors, Martinelli used his trip to go on a surveillance shopping spree.
In a private meeting with Netanyahu,
the two men discussed the military and intelligence equipment
that Martinelli wanted to buy from Israeli vendors.
According to one person who attended the meeting,
Martinelli was particularly interested in the ability to hack into BlackBerry's BBM text service,
which was very popular in Panama at that time.
Within two years, Israel was able to offer him one of the most sophisticated tools yet made.
After the installation of NSO systems in Panama City in 2012, Martinelli's government voted in
Israel's favor on numerous occasions, including to oppose the United Nations decision to upgrade the status of the Palestinian delegation.
138 countries voted in favor of the resolution, with just Israel, Panama, and seven other countries opposing it.
According to a later legal affidavit from Ismail Piti, an analyst for Panama's National Security Council. The equipment was used in a
widespread campaign to violate the privacy of Panamanians and non-Panamanians, political
opponents, magistrates, union leaders, business competitors, all without following the legal
procedure. Prosecutors later said Martinelli even ordered the team operating Pegasus to hack the phone of his mistress.
It all came to an end in 2014,
when Martinelli was replaced by his vice president, Juan Carlos Varela,
who himself claims to have been a target of Martinelli's spying.
Martinelli's subordinates dismantled the espionage system,
and the former president fled the country.
In November, he was acquitted by Panamanian courts of wiretapping charges.
NSO was doubling its sales every year.
$15 million, $30 million, $60 million.
That growth attracted the attention of investors.
In 2014, Francisco Partners, a U.S.-based global investment firm,
paid $130 million for 70% of NSO's shares,
then merged another Israeli cyberweapons firm called Circles into their new acquisition.
Founded by a former senior Amman officer,
Circles offered clients access to a vulnerability that allowed them to detect the location of any mobile phone in the world, a vulnerability discovered by Israeli intelligence ten years earlier.
The combined company could offer more services to more clients than ever.
Through a series of new deals, Pegasus was helping to knit together a rising generation of right-wing leaders worldwide.
On November 21, 2016, Sarah and Benjamin Netanyahu welcomed Prime Minister Beata Szydło of Poland
and her foreign minister, Witold Waszczykowski, for dinner at their home.
Shortly after, Poland signed an agreement with NSO
to purchase a Pegasus system for its Central Anti-Corruption Bureau.
Citizen Lab reported in December 2021
that the phones of at least three members of the Polish opposition
were attacked by this spy machine.
Netanyahu did not order the Pegasus system to be cut off,
even when the Polish government enacted laws that many in the Jewish world and in Israel saw as Holocaust denial.
And even when Prime Minister Mateusz Morawiecki, at a conference attended by Netanyahu himself,
listed Jewish perpetrators among those responsible for the Holocaust.
In July 2017, Narendra Modi, who won office on a platform of
Hindu nationalism, became the first Indian Prime Minister to visit Israel. For decades, India had
maintained a policy of what it called commitment to the Palestinian cause, and relations with Israel
were frosty. The Modi visit, however, was notably cordial,
complete with a carefully staged moment of him and Prime Minister Netanyahu walking together
barefoot on a local beach. They had reason for the warm feelings. Their countries had agreed
on the sale of a package of sophisticated weapons and intelligence gear worth roughly $2 billion,
with Pegasus and a missile system as the centerpieces.
Months later, Netanyahu made a rare state visit to India.
And in June 2019, India voted in support of Israel at the UN's Economic and Social Council to deny observer status to a Palestinian human rights organization, a first for the nation.
The Israeli Defense Ministry also licensed the sale of Pegasus to Hungary,
despite Prime Minister Viktor Orban's campaign of persecution against his political opponents.
Orban deployed the hacking tools on opposition figures, social activists, journalists who conducted investigations
against him, and families of former business partners who had become bitter enemies.
But Orban has been Israel's devoted supporter in the European Union. In 2020, Hungary was one of
the few countries that did not publicly speak out against Israel's plan at the time to unilaterally annex swaths of the
West Bank. In May of that year, European Union foreign ministers tried to reach unanimity when
calling for a ceasefire between Israel and the Palestinian Islamic group Hamas, as well as for
increased humanitarian aid for Gaza. Hungary declined to join the other 26 countries.
for Gaza. Hungary declined to join the other 26 countries.
Arguably the most fruitful alliances made with Pegasus' help have been those between Israel and its Arab neighbors. Israel first authorized the sale of the system to the UAE as something of
an olive branch, after Mossad agents poisoned a senior Hamas operative in a Dubai hotel room in 2010.
It was not the assassination itself that infuriated Crown Prince Mohammed bin Zayed,
the de facto Emirati leader, so much as it was that the Israelis had carried it out on Emirati soil.
The prince, widely known as MBZ, ordered that security ties between Israel and the UAE be severed.
In 2013, by way of a truce,
MBZ was offered the opportunity to buy Pegasus.
He readily agreed.
The Emirates did not hesitate to deploy Pegasus against its domestic enemies.
Ahmed Mansour, an outspoken critic of the government,
went public after Citizen Lab
determined that Pegasus had been used to hack his phone. When the vulnerability was made public,
Apple immediately pushed out an update to block the vulnerability. But for Mansour, the damage
had already been done. His car was stolen, his email account was hacked, his location was monitored, his passport was taken from him, $140,000 was stolen from his bank account, he was fired from his job, and strangers beat him on the street several times.
You start to believe your every move is watched, he said at the time. Your family starts to panic. I have to live with that.
Your family starts to panic. I have to live with that.
In 2018, Mansour was sentenced to 10 years in prison for posts he made on Facebook and Twitter.
The messy outcome of the Dubai assassination aside,
Israel and the UAE had in fact been growing closer together for years.
The calcified animosities between Israel and the Arab world that for years drove Middle East politics had given way to a new, uneasy alliance in the region. Israel and the Sunni
states and the Persian Gulf lining up against their archenemy, Iran, a Shia nation. Such an
alliance would have been unheard of decades ago, when Arab kings proclaimed themselves to be the protectors of the Palestinians and their struggle for independence from Israel.
The Palestinian cause has less of a hold on some of the next generation of Arab leaders, who have shaped much of their foreign policy to address the sectarian battle between Sunni and Shia, and they have found common cause with Israel as an
important ally against Iran. No leader represents this dynamic more than Saudi Arabia's crowned
prince Mohammed bin Salman, the son of the alien king and the kingdom's de facto ruler.
In 2017, Israeli authorities decided to approve the sale of Pegasus to the kingdom,
and in particular to a Saudi security agency under the supervision of Prince Mohammed.
From this point on, a small group of senior members of the Israeli defense establishment,
reporting directly to Netanyahu, took a lead role in the exchanges with the Saudis,
all while taking extreme measures of secrecy, according to one
of the Israelis involved in the affair. One Israeli official said that the hope was to gain
Prince Mohammed's commitment and gratitude. The contract for an initial installation fee of $55
million was signed in 2017. Years prior, NSO had formed an ethics committee made up of a bipartisan cast of
former U.S. foreign policy officials who would advise on potential customers. After the Khashoggi
killing in 2018, its members requested an urgent meeting to address the stories circulating about
NSO involvement. Julio flatly denied that Pegasus had been used to spy on the
Washington Post columnist. Pegasus systems log every attack in case there is a complaint and,
with the client's permission, NSO can perform an after-the-fact forensic analysis. Julio said his
staff had done just that with the Saudi logs and found no use of any NSO product or technology
against Khashoggi.
The committee nonetheless urged NSO to shut off the Pegasus system in Saudi Arabia, and
it did.
The committee also advised NSO to reject a subsequent request by the Israeli government
to reconnect the hacking system in Saudi Arabia, and it stayed off.
Then the following year, the company reversed course. Novolpina, a British private equity firm acting in cooperation
with Julio, purchased Francisco Partners' shares of NSO with a valuation of $1 billion,
more than five times more than it was when the American Fund acquired it in 2014.
In early 2019, NSO agreed to turn the Pegasus system in Saudi Arabia back on.
Keeping the Saudis happy was important for Netanyahu,
who was in the middle of a secret diplomatic initiative he believed would cement his legacy as a statesman,
an official rapprochement between Israel and several Arab states.
In September 2020, Netanyahu, Donald Trump,
and the foreign ministers of the United Arab Emirates and Bahrain
signed the Abraham Accords,
and all the signatories heralded it as a new era of peace for the region.
But behind the scenes of the peace deal was a Middle East weapons bazaar.
The Trump administration had quietly agreed to overturn past American policy
and sell F-35 joint strike fighters and armed Reaper drones to the UAE,
and had spent weeks assuaging Israel's concerns
that it would no longer be the only country in the region with the sophisticated F-35.
Pompeo would later describe the aircraft deals in an interview as critical to obtaining MBZ's consent to the historic move.
And by the time the Abraham Accords were announced, Israel had provided licenses to sell Pegasus to nearly all the
signatories. Things hit a snag a month later when the Saudi export license expired. Now it was up
to the Israeli Defense Ministry to decide whether or not to renew it. Citing Saudi Arabia's abuse
of Pegasus, it declined to do so. Without the license, NSO could not provide routine maintenance on the
software, and the systems were crashing. Numerous calls among Prince Mohammed's aides, NSO executives,
the Mossad, and the Israeli Defense Ministry had failed to resolve the issue. So the Crown Prince
placed an urgent telephone call to Netanyahu, according to people familiar with the call.
placed an urgent telephone call to Netanyahu,
according to people familiar with the call.
He wanted the Saudi license for Pegasus renewed.
Prince Mohammed had a significant amount of leverage.
His ailing father, King Salman,
had not officially signed on to the Abraham Accords,
but he offered the other signatories his tacit blessing.
He also allowed for a crucial part of the agreement to move forward,
the use of Saudi airspace for the first time ever by Israeli planes flying eastward on their way to the Persian Gulf. If the Saudis were to change their mind about the use of their airspace,
an important public component of the accords might collapse.
Netanyahu apparently had not been updated on the brewing crisis, but after the
conversation with Prince Mohammed, his office immediately ordered the defense ministry to have
the problem fixed. That night, a ministry official called NSO's operations room to have the Saudi
systems switched back on, but the NSO compliance officer on duty rebuffed the request without a signed license.
Told that the orders came directly from Netanyahu,
the NSO employee agreed to accept an email from the Defense Ministry.
Shortly afterward, Pegasus in Saudi Arabia was once again up and running.
The next morning, a courier from the Defense Ministry arrived at NSO headquarters,
delivering a stamped and sealed permit.
In December 2021, just weeks after NSO landed on the American blacklist,
the White House National Security Advisor, Jake Sullivan, arrived in Israel for meetings with Israeli officials about one of the Biden administration's top foreign policy priorities, getting a new nuclear pact with Iran three years after President Trump scuttled the original deal. The visit carried historical weight. In 2012, Sullivan was one of
the first American officials to talk with Iranian officials about a possible nuclear deal, meetings that President Obama
chose to keep secret from the Israelis out of fear they might try to blow up the negotiations,
and Israeli officials were furious when they found out. Now, years later, Sullivan arrived
in Jerusalem to make his case for a united front in the next round of Iran diplomacy.
But there was another matter that Israeli officials, including the Prime Minister, the
Minister of Defense, and the Foreign Minister, wanted to discuss.
The future of NSO.
The Israelis pressed Sullivan about the reasons behind the blacklist decision.
They also warned that if NSO went bankrupt, Russia and China might fill the
vacuum and expand their own influence by selling their own hacking tools to nations that could no
longer buy from Israel. Una, the former head of the Israel National Cyber Directorate, says he
believes the move against the Israeli firms, which was followed by Facebook's blacklisting of more Israeli cyberweapons and intelligence companies, is part of something bigger, a plan to neuter
Israel's advantage in cyberweapons. We have to prepare for a battle to defend the good name
that we earned, honestly, he says. Biden administration officials dismissed this talk
of a deep conspiracy, saying the decision about NSO has everything to do with reigning in a dangerous company
and nothing to do with America's relationship with Israel.
There is far more at stake in the decades-old alliance, they say, than the fate of a hacking firm.
Martin Indyk, a former American ambassador to Israel, agrees.
NSO was providing the means for states to spy on their own people, he says.
From my point of view, it's straightforward.
This issue is not about Israel's security.
It's about something that got out of control.
Under the ban, NSO's future is in doubt,
not just because of its reliance on American technology,
but also because its presence on an American blacklist
will probably scare away prospective clients and employees.
One Israeli industry veteran says that the sharks in the water smell blood.
And Israeli officials and industry executives say
there are currently a handful of American companies,
some with close ties to intelligence and law enforcement agencies, interested in buying the company.
Were that to happen, the new owner could potentially bring the company in line with U.S. regulations
and start selling its products to the CIA, the FBI, and other American agencies eager to pay for the power its weapons offer.
Israeli officials now fear a strategic takeover of NSO, in which some other company or country
would take command over how and where the weapon is used.
The State of Israel cannot allow itself to lose control of these types of companies,
a senior Israeli official
said, explaining why such a deal was unlikely. Their manpower, the knowledge they've gathered.
Foreign ownership was fine, but Israel had to maintain control. A sale was possible only under
conditions that preserve Israel's interests and freedom of action. But the days of Israel's near
monopoly are over, or soon will be. The intense desire inside the United States government for
offensive hacking tools has not gone unnoticed by the company's potential American competitors.
In January 2021, a cyber weapons firm called Bold End made a pitch to Raytheon, the defense industry giant.
According to a presentation obtained by the Times, the company had developed for various American government agencies
its own arsenal of weapons for attacking cell phones and other devices.
One slide in particular underscored the convoluted nature of the cyberweapons business.
One slide in particular underscored the convoluted nature of the cyber weapons business.
The slide claimed that Bolden had found a way to hack WhatsApp,
a popular messaging service owned by Facebook,
but then lost the capability after a WhatsApp update.
This claim is especially remarkable because, according to one of the slides,
a major Bolden investor is Founders Fund,
a company run by Peter Thiel,
the billionaire who was one of Facebook's first investors and remains on its board.
The capability to hack WhatsApp, according to the presentation, doesn't currently exist in the United States government, and the intelligence community was interested in acquiring that capability.
In October 2019, WhatsApp sued NSO,
arguing that NSO tools had exploited a vulnerability in its service to attack approximately 1,400 phones around the world.
Beyond the question of who controls the weapons,
at stake in that lawsuit is who is responsible for the damage they do.
NSO's defense has always been that the company only sells the technology to foreign governments.
It has no role in, or responsibility for, targeting specific individuals. This has long
been the standard PR line of weapons manufacturers, whether Raytheon or Remington.
Facebook is out to prove that this defense, at least in NSO's case, is a lie. In its lawsuit,
the tech giant argues that the NSO was an active participant in some of the hacks,
pointing to evidence that it leased some of the computer servers used to attack WhatsApp accounts.
Facebook's argument is essentially that without NSO's constant involvement, many of its clients
would not be able to aim the gun.
When they first presented their case against NSO, Facebook's lawyers thought they had evidence
to disprove one of the Israeli company's longtime claims, that the Israeli government
strictly prohibits the firm
from hacking any phone numbers in the United States.
In court documents, Facebook asserted it had evidence
that at least one number with a Washington area code
had been attacked.
Clearly, someone was using NSO spyware
to monitor an American phone number.
But the tech giant didn't have the entire picture.
What Facebook didn't appear to know
was that the attack on a U.S. phone number,
far from being an assault by a foreign power,
was part of the NSO demonstrations to the FBI of Phantom,
the system NSO designed for American law enforcement agencies
to turn the nation's smartphones into an intelligence goldmine.