Whistleblower Alleges NSO Offered To 'Drop Off Bags Of Cash' In Exchange To Access To US Cellular Networks

from the pay-to-play dept

The endless parade of bad news for Israeli malware merchant NSO Group continues. While it appears someone might be willing to bail out the beleaguered company, it still has to do business as the poster boy for the furtherance of human rights violations around the world. That the Israeli government may have played a significant part in NSO’s sales to known human rights violators may ultimately be mitigating, but for now, NSO is stuck playing defense with each passing news cycle.

Late last month, the New York Times revealed some very interesting things about NSO Group. First, it revealed the company was able to undo its built-in ban on searching US phone numbers… provided it was asked to by a US government agency. The FBI took NSO’s powerful Pegasus malware for a spin in 2019, but under an assumed name: Phantom. With the permission of NSO and the Israeli government, the malware was able to target US numbers, albeit ones linked to dummy phones purchased by the FBI.

The report noted the FBI liked what it saw, but found the zero-click exploit provided by NSO’s bespoke “Phantom” (Pegasus, but able to target US numbers) might pose constitutional problems the agency couldn’t surmount. So, it walked away from NSO. But not before running some attack attempts through US servers — something that was inadvertently exposed by Facebook and WhatsApp in their lawsuit against NSO over the targeting of WhatsApp users. An exhibit declared NSO was using US servers to deliver malware, something that suggested NSO didn’t care about its self-imposed restrictions on US targeting. In reality, it was the FBI and NSO running some tests on local applications of zero-click malware that happened to be caught by Facebook techies.

But there’s more. Recent reports building on the NYT article contain statements that claim NSO approached service providers with (well, let’s just say it) bribes to allow access to targets at a higher level that might mitigate some of the defensive efforts deployed by Facebook, Google, and Apple.

Here’s what’s been alleged in newer reports, like this one by Craig Timberg of the Washington Post:

The surveillance company NSO Group offered to give representatives of an American mobile-security firm “bags of cash” in exchange for access to global cellular networks, according to a whistleblower who has described the encounter in confidential disclosures to the Justice Department that have been reviewed by The Washington Post.

The mobile-phone security expert Gary Miller alleges that the offer came during a conference call in August 2017 between NSO Group officials and representatives of his employer at the time, Mobileum, a California-based company that provides security services to cellular companies worldwide. The NSO officials specifically were seeking access to what is called the SS7 network, which helps cellular companies route calls and services as their users roam the world, according to Miller.

Mobileum execs were (understandably) unsure how any of this was supposed to work in the unlikely event they were amenable to a foreign entity’s requests for elevated access to US cellular networks. Fortunately, the NSO rep made it extremely clear how this was going to work, according to the whistleblower:

In Miller’s account to the Justice Department, when one of Mobileum’s representatives pointed out that security companies do not ordinarily offer services to surveillance companies and asked how such an arrangement would work, NSO co-founder Omri Lavie allegedly said, “We drop bags of cash at your office.”

Simple enough. Except — to quote C. Montgomery Burns — at the end of the proposed transaction “the money and the very stupid man were still there.” Mobileum execs say no such bribery took place — not because NSO didn’t offer it but because the company refused to accept the generous offer of extremely shady “bags of cash” from the Israeli malware maker.

NSO has its own explanation for these events, which is, basically: “It was a joke, probably.”

In a statement through a spokesperson, Lavie said he did not believe he had made the remark. “No business was undertaken with Mobileum,” the statement said. “Mr Lavie has no recollection of using the phrase ‘bags of cash’, and believes he did not do so. However if those words were used they will have been entirely in jest.”

Hahahahahaaaa… here at the home of the zero-click exploit marketed to human rights violators we often joke about bribing tech companies to allow us more access to networks. Oh, our sides ache from the fun we have jesting about subverting networks to compromise targets of evil empires. Ell oh fucking ell.

Mobileum, on the other hand, says it has never done business with NSO and reported this proposed cash drop to the FBI in 2017 but never heard anything back from the agency. Two years later, the FBI was experimenting with NSO malware and trying to gauge the political and constitutional fallout of deploying unregulated malware against US citizens.

Even if NSO is to be believed, there’s nothing good awaiting it on the US side of things. The Commerce Department has already blacklisted the company, destroying its ability to purchase US tech for the purpose of compromising it. And the Department of Justice has opened its own investigation into NSO, adding to its list of US-related woes.

NSO could have avoided all of this international attention by being more selective about who it sold to, and stripping customers of their licenses at the first hint of malfeasance. It didn’t. And the fact that it may have been pressed into service as a malware-laden extension of the Israeli government’s Middle East charm offensive isn’t going to save it. NSO has to save itself but it lacks the tools to do so. Whatever it claims in defense of every reported allegation is presumed to be suspect, if not completely false. The reputation it has now is mostly earned. It made millions helping sketchy governments inflict further misery on citizens, dissidents, journalists, and political opponents. The company’s honor is no longer presumed if, indeed, it ever was.

Filed Under: , , , , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Whistleblower Alleges NSO Offered To 'Drop Off Bags Of Cash' In Exchange To Access To US Cellular Networks”

Subscribe: RSS Leave a comment
Anonymous Coward says:

destroying its ability to purchase US tech for the purpose of compromising it

Are there no Apple stores in Israel? Are there no Amazon deliveries? No private addresses? Nobody that can supply a "new business" a router or two?

Sorry, not buying the "can’t purchase US tech" line, except "directly, under their own name".

Gary McBerry says:

Re: Re:

It’s in the same realm as a no-contact order. Suppose you’ve assaulted someone, and the judge orders you to have no contact with the victim. Sure, you can ignore that and contact the victim anyways. But if you do, you’re most definitely getting a jail sentence. Legally enforceable orders should not be mistaken for polite suggestions.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...