In recent days, the Israeli cyber company NSO has been facing a targeted media attack. Examination of all the claims shows that no one relies on any proof. The question is who wants to harm the Israeli cyber company?
In recent days, the Israeli cyber company NSO has been facing a targeted media attack. The attack deals with two main arguments.
Phone number search and verification server from Cyprus under the name "CPR Lookup Service" was leaked. About 50,000 phone numbers were leaked. When the international press linked the server to the company, claiming that it was a list of targets for the company's collection tools under the public brand "Pegasus". The claim is that Pegasus customers are looking for their goals in CPR Lookup before sticking to their mobile devices.
Well, the company has officially stated that the leaked CPR Lookup server is not owned by it, is not used for Pegasus activity, and in any case does not have a number of simultaneous targets. The Pegasus sales model is by licenses, with each license defining several goals that can be implemented simultaneously. Hence, the company knows by its contracts how many goals can be applied simultaneously all over the world.
Does this mean that every number he searched for necessarily became a target in Pegasus? No. The link made by some journalists stems from technical ignorance of how to work with Pegasus or another deliberate motive.
Amnesty International, a longtime rival of NSO, published a technical article claiming that about 80 journalists had been infected by Pegasus, which was used by the company's customers. In the article, they analyze the software code they found on a number of journalists 'and lawyers' telephones, claiming that they were remnants of a Pegasus software code. The report also claims that the company operates infrastructure at Amazon and other companies in the United States.
First, no one at Amnesty has, as far as Amnesty is concerned, the source code of Pegasus. Hence, even if a particular code is found in a particular telephone device, without comparison to the Pegasus source code, it is not possible to prove that it is a Pegasus code. Therefore, all the technical analysis done in the report is based on hypotheses. What if, say, Amnesty found a code of another attack tool? How did the researchers know to differentiate between one attack tool and another, if they did not have the source code of the tools? Hence, the claim that this is an NSO tool does not rely on a professional forensic procedure.
Claims of Logical Failure in NSO Response
Along with the allegations outlined above that followed the publications, another allegation was made against the logic of the NSO spokeswoman. Such an argument: If you say you do not know what the goals of your customers are, how do you know who is not a goal? Well, the answer to that lies in the company's agreement with the customer.
When the customer purchases Pegasus licenses, he signs with NSO and with the State of Israel. Since the product is monitored, factors such as the Ministry of Defense, the Ministry of Foreign Affairs, the institution and a number of other factors must approve each sale. As with any sale of a supervised product. The supervision is the responsibility of the API Division in the Ministry of Defense.
Under the agreement, the customer signs, among other things, a clause stating that if there is a complaint from a person in the context of the use of the product, the customer is obliged to allow NSO access to his particular system. Includes access to logs. Since NSO is the manufacturer, it gets full access to the customer's system, and can even know if the customer has tried to disrupt procedures - that is, delete logs. Log means which phone number is tracked and when.
Since the company's customers are only government, these are bodies parallel to the Mossad, the GSS, the police, the IDF in Israel. These are entities that operate in secret, and therefore the agreement stipulates that if NSO is not given full access for the purpose of an investigation during a complaint, the company reserves the right to shut down the system for the customer. This means in the eyes of the customer that all operations conducted at the time, based on the NSO system - are doomed to failure. And these are operations against terrorism, crime of various kinds, corruption and more.
The publications of recent days against NSO are not surprising. They are part of a collection of publications that have been published in recent months, for the most part, the sources for publications remain constant. Amnesty, Citizen Labs, some journalists around the world. In publications now a new body called Forbidden Stories has entered. Who funds these organizations? Who sets their agenda? It is not clear. NSO is not the only cyber-attack company in the world, and yet, it receives an almost absolute share of the publications in this market from these sources.
Some of the publications against the company began to gain momentum even after the filing of Facebook's lawsuit against NSO in the United States. Facebook, the owner of WhatsApp, has filed a lawsuit against the company for allegedly using WhatsApp software to infect about 1,400 users' phones. The US debate is currently focused on whether to sue the NSO in the US. Awaiting the decision of the Ninth Circuit, the United States Court of Appeals.
Of course, if Facebook wanted to take NSO out of the equation, it would buy it and close it permanently. But that's not Facebook's goal. The software giant wants to use the NSO trial as a purposeful display for all cyber-attack and collection companies. If it were possible to sue such companies in the United States, the financial risk of running such companies would rise miraculously. Maybe Facebook wants to atone for the Cambridge Analytics affair through the lawsuit against NSO. time will tell.
Another point that came up today (Wednesday) in the Washington Post is the accusation of "American factors" that NSO is cooperating with Israeli intelligence. "It's crazy to think that the NSO will not share information on sensitive national security with the Israeli government," said a former senior U.S. national security official who worked
In conclusion, Amnesty, Citizen Labs, Forbidden Stories, the Washington Post or any other newspaper or website that has published in recent days about "revelations" about NSO - has not presented any evidence to support his claims. Everything, as of this writing is Fake News.
Surprisingly, perhaps the French government's announcement of an inquiry into the matter will bring salvation to NSO's public relations. A government investigation by the French intelligence services into the allegations could reveal, if its findings are published, that none of the allegations are true. Ultimately, as the company claims, the Pegasus system is used by governments to investigate terrorist cases, crime, corruption and more. And if someone was infected by Pegasus - there's probably a good reason for that. Intelligence material may not always be published, on the other hand, anyone can sue the NSO. If he has proof.
As of this writing, no court, in any country in the world, has yet ruled that NSO has done injustice to anyone.
Picture: CEO of Israel's NSO Group Shalev Hulio listens during an interview with Reuters about the company's product, Eclipse, a system that commandeers and force-lands intruding drones, at Bloomfield Stadium, in Tel Aviv, Israel