US Military Contractor Aims to Bid for Israeli “Pegasus” Spyware After Commerce Dept Blacklists Firm
By: Fern Sidman
Now that the news is out about the incredibly resourceful spyware known as “Pegasus” that was created by Israel, it appears that an American military contractor is interested in scooping it up in a deal.
The contractor, known as L3Harris, sent a team to Israel numerous times over the recent months in their attempt to purchase NSO Group, the cyber hacking firm that is as notorious as it is technologically accomplished, as was reported by veteran investigative journalists, Ronen Bergman and Mark Mazzetti of the New York Times.
The problem however, is the fact that the United States government had directed the Department of Commerce to place NSO on a blacklist just months earlier because Pegasus had been used by other governments to penetrate the phones of political leaders, human rights activists and journalists, according to Bergman’s report in the NYT.
In January, The New York Times revealed that the F.B.I. had purchased Pegasus software in 2019, and that government lawyers at the F.B.I. and the Justice Department had debated whether to deploy the spyware for use in domestic law enforcement investigations. Bergman and Mazzetti also reported that the Times indicated that in 2018 the C.I.A. had purchased Pegasus for the government of Djibouti to conduct counterterrorism operations, despite that country’s record of torturing political opposition figures and imprisoning journalists.
The upshot of the spyware story is that the United States initially condemned its usage and sought to punish Israel for the way it was used and for who was using it, it now appears that the old adage of “if you can’t beat them, join them” is coming into play. Because of the surreal potency of the Pegasus spyware, the United States government, rather than condemning its usage is now chomping at the proverbial bit to be in possession of it for its own panoply of reasons.
In March of this year, the Jewish Voice reported that Israel found itself in an imbroglio of sorts due to the enigmatic spyware known as Pegasus.
Pegasus spyware can be covertly installed on mobile phones (and other devices) running most versions of iOS and Android. Pegasus is reportedly able to exploit all iOS versions up to 14.6, through a zero-click iMessage exploit, as was reported by Wikipedia. As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps. The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones, as was reported by Wikipedia.
Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. Wikipedia reported that sews of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever and was the first time that a malicious remote exploit used jailbreaking to gain unrestricted access to an iPhone.
In August 2020, Haaretz reported that NSO Group sold Pegasus for hundreds of millions of US dollars to the United Arab Emirates and the other Gulf States, for surveillance of anti-regime activists, journalists, and political leaders from rival nations, with encouragement and mediation by the Israeli government. Since July 2021, an international investigation known as the Pegasus Project, along with an in-depth analysis by human rights group Amnesty International, reported that Pegasus was still being widely used against high-profile targets, as was reported by Wikipedia.
NSO Group developed its first iteration of Pegasus spyware in 2011. Wikipedia reported that the company states that it provides “authorized governments with technology that helps them combat terror and crime.” NSO Group has published sections of contracts which require customers to use its products only for criminal and national security investigations and has stated that it has an industry-leading approach to human rights.
Pegasus’ iOS exploitation was identified in August 2016. Arab human rights defender Ahmed Mansoor received a text message promising “secrets” about torture happening in prisons in the United Arab Emirates by following a link. Wikipedia reported that Mansoor sent the link to Citizen Lab of the University of Toronto, which investigated, with the collaboration of Lookout, finding that if Mansoor had followed the link it would have jailbroken his phone and implanted the spyware into it, in a form of social engineering.
Wikipedia reported that Pegasus had previously come to light in a leak of records from Hacking Team, which indicated the software had been supplied to the government of Panama in 2015.
Regarding how widespread the issue was, Lookout explained in a blog post: “We believe that this spyware has been in the wild for a significant amount of time based on some of the indicators within the code” and pointed out that the code shows signs of a “kernel mapping table that has values all the way back to iOS 7” (released 2013). Wikipedia reported that the New York Times and The Times of Israel both reported that it appeared that the United Arab Emirates was using this spyware as early as 2013. It was used in Panama by former president Ricardo Martinelli from 2012 to 2014, who established the Consejo Nacional de Seguridad (National Security Council) for its use.
Last month, a senior White House official said in response to reports that L3Harris was conducting negotiations with Israel in order to purchase Pegasus that “such a transaction, if it were to take place, raises serious counterintelligence and security concerns for the US government.”
Asked to comment on the talks, an L3Harris spokesperson said, “We are aware of the capability and we are constantly evaluating our customers’ national security needs. At this point, anything beyond that is speculation.”
Israel National News also reported that the White House said that it had not been involved in “any way in this reported potential transaction”.
The senior White House official also said the US government “opposes efforts by foreign companies to circumvent US export control measures or sanctions, including placement on the US Department of Commerce’s Entity List for malicious cyber activity, “ according to the INN report.
One person familiar with the talks said that if a deal were agreed, it would probably involve selling NSO’s capabilities to a drastically curtailed customer base that would include the US government, the UK, Australia, New Zealand and Canada – which comprise the “five eyes” intelligence alliance – as well as some NATO allies.
Any deal would also face hurdles in Israel. One assumption in the Israeli cyber industry is that it would have to keep oversight of the Israeli-made technology in Israel and keep all development of Pegasus and personnel in Israel, as was reported by INN.
NSO is regulated by the Israeli Ministry of Defense, noted The Guardian, which has had ultimate say over the company’s government clients.
In February, the Finnish foreign ministry said it had detected Pegasus in several phones used by its diplomats abroad.
INN also reported that the Finnish announcement followed a report in The New York Times which said that former Prime Minister Benjamin Netanyahu worked to ensure that Saudi Arabia would be able to use the Pegasus software, around the time that the Abraham Accords were signed with the United Arab Emirates (UAE).
More recently, Canada’s Citizen Lab group said that at least 65 people linked to the Catalan separatist movement had been targets of the Pegasus spyware after a failed independence bid in 2017.
Citizen Lab and Lookout discovered that the link downloaded software to exploit three previously unknown and unpatched zero-day vulnerabilities in iOS. According to their analysis, the software can jailbreak an iPhone when a malicious URL is opened, a form of attack known as spear phishing. The software installs itself and collects all communications and locations of targeted iPhones. The software can also collect Wi-Fi passwords.
Citizen Lab and Lookout notified Apple’s security team, which patched the flaws within ten days and released an update for iOS. A patch for macOS was released six days later. Apple sued the Israeli firm in late November, seeking a permanent injunction to ban NSO Group from using Apple software, services, or devices.
Bergman and Mazzetti reported in the New York Times that was is currently left in place are questions in Washington, other allied capitals and Jerusalem about whether parts of the U.S. government — with or without the knowledge of the White House — had seized an opportunity to try to bring control of NSO’s powerful spyware under U.S. authority, despite the administration’s very public stance against the Israeli firm.
