NSO Group

Surveillance Companies in the MENA Region

(NSO Group)

NSO Group is an Israeli company incorporated in 2010. It’s also known by the name Q Cyber Technologies. It develops and sells spy and surveillance software to state governments and intelligence agencies. One of its most famous software is Pegasus that works on hacking into smartphones.In 2014 the Francisco Partners American stock fund acquired majority share in NSO for around 120 million USDs, before the group re-acquired its share once again supported by the European private stock fund Novalpina Capital, in a deal that amounted to one billion USDs.According to the transparency and accountability report issued by NSO Group in June 2021, the company has 60 clients in 40 countries, 51% of these clients are intelligence agencies, 38% are law enforcement agencies, and 11% are military units.Many Arab governments and regimes used software developed by NSO, particularly Pegasus, to target journalists, activists, human rights defenders, and politicians. The governments that purchased the software haven’t stopped at spying on their citizens but in many cases the software was used for spying on citizens and residents abroad. Saudi government has attempted to target the Egyptian Foreign Affairs Minister Sameh Shoukry, and the Ministry Speaker Ahmed Hafiz using the software.The name of NSO started circulating in 2016, after a Citizen Lab report revealed the use of Pegasus for targeting the Emirati human rights defender Ahmed Mansour by sending text messages to his iOS mobile phone. Since then, the name of Pegasus was linked to many attempts of hacking into phones of human rights defenders, activists and journalists.In July 2021, Amnesty in cooperation with Forbidden Stories have published, through more than 80 journalists from 17 media institutions in 10 countries, several reports including data leaks that exposed 10 countries use of NSO software for targeting 50,000 phone of politicians, activists, opposition figures, journalists, businessmen, rights defenders, and diplomats. The leak has revealed that the Saudi security used Pegasus to tap into phones of people close to the Saudi journalist Jamal Khashoggi, who was assassinated in the Saudi consulate in Istanbul, Turkey, this included the phone of his fiancé and was before he was murdered in 2018. Morocco has also used the software to blackmail journalists and activists over their private lives. The Emirati security used Pegasus to track Sheikha Latifa, daughter of Sheikh Mohammed Bin Rashid Al-Maktum, ruler of Dubai, after she tried to flee Emirates.NSO’s violations didn’t stop at that, each month another report reveals the use of its software against activists and journalists in different Arab countries. In November 2021 a report by Front-Line Defenders revealed the use of the software for targeting 6 human rights defenders from Palestine. In December 2021, Citizen Lab published a report about using Pegasus with Predator to target two Egyptians; the politician Ayman Nour, living in Turkey, and a TV anchor, by sending text messages to their WhatsApp. In April 2022, a joint report by both Citizen Lab and Front-Line Defenders revealed that Pegasus was on the mobile phones of four Jordanian human rights defenders.There are many lawsuits in front of several countries’ judiciary against NSO Group and its clients. Both WhatsApp and Facebook filed a complaint against the group in the northern district of California in 2019 because it used WhatsApp servers located in the United States to send malware to almost 1400 phones and mobile devices. Additionally, the attorney general in Paris opened an investigation in 2021 about Pegasus after receiving a complaint from Mediapart, an independent electronic newspaper in France, stating that Morocco has spied on two of its correspondents using Pegasus. Furthermore, Apple has filed a lawsuit against NSO attempting to prevent it from hacking into more Apple products and services. In April 2022 both the International Federation for Human Rights and the French Association for Human Rights, along with Salah Hamouri, filed a joint lawsuit against NSO in France because of its hack into the phone of the French-Palestinian human rights defender.

Country of Origin

Herzliya, Israel, 2010.

Company’s Branches

None

Partner Companies in Region

Works with governments

Software and Equipment

Pegasus, also known as Q Suite

Type of Attack

Zero-day attack, zero-click, One-Click Links

Targeted Software

WhatsApp, iMessage, FaceTime, Safari

Functions

Targeting specific users

Targeted OS

Android – iPhone

Countries

Bahrain, Morocco, Kingdom of Saudi Arabia, Arab United Emirates, Egypt, Palestine, Jordan, Algeria, Iraq, Kuwait, Lebanon, Libya, Oman, Qatar, Tunis, Yemen

Technical Specifications of Software and Equipment

Pegasus is one of the most advanced spyware. It works on hacking into both iOS and Android devices through the Zero-Day attack method, which depends on the breach points in the operating system before installing the spyware without the knowledge or approval of the user. This is accomplished by deceiving the targeted person into clicking a link using social engineering.

Once Pegasus is installed on the device it communicates with the C&C servers to get the operators’ commands and implement them. The targeted person’s personal data are also sent including passwords, contacts list, text messages, and calendar events, in addition to the audio calls made through the common messaging applications. The operator can also operate both the camera and microphone of the smartphone to intercept and record the happenings in the vicinity of the device. Also, GPS can be used to track the geographic location of the targeted person and her/his moves. In 2019, WhatsApp has also revealed a breach in its application that led to the infection of targeted persons with the Pegasus spyware once the targeted person’s private number was dialed.