NSO Lawyer Tells Lawmakers Company Can Count To Five, Will Need More Time To Count Higher Than That

from the barely-informing-people-about-things-they-already-know dept

Israeli phone malware manufacturer NSO Group has plenty of customers. Or at least it did until the Israeli government edited the company’s list of approved customers and the US government slapped sanctions on it.

NSO has sold its malware to plenty of abusive governments with long histories of human rights violations. It has also sold its products to countries far less notorious for human rights abuse, but who still misused the company’s powerful Pegasus malware to target dissidents, political opponents, and government critics.

Facing pressure and criticism from pretty much every country that doesn’t openly engage in human rights abuses, NSO Group is trying to survive several months of bad press, sanctions, and dwindling funding. When not courting potential purchasers who may not care about the company’s sordid past, NSO Group reps are answering questions posed to them by lawmakers who appear to be poised to engage in more direct regulation of malicious code.

According to this report by Antoaneta Roussi for Politico, the spyware developer has publicly admitted it has a handful of European customers.

The Israeli spyware firm NSO Group on Tuesday told European lawmakers at least five EU countries have used its software and the firm has terminated at least one contract with an EU member country following abuse of its Pegasus surveillance software.

Speaking to the European Parliament’s committee looking into the use of spyware in Europe, NSO Group’s General Counsel Chaim Gelfand said the company had “made mistakes,” but that it had also passed up a huge amount of revenue, canceling contracts since misuse had come to light.

“At least five” leaves a whole lot open to interpretation. And counting any number accurately seems like something a tech company that has developed some of the most fiendishly clever malware ever created should be able to do easily. Providing an accurate total should be well within its technological grasp.

But, much like the FBI and its billions in funding can’t seem to count the number of encrypted devices in its evidence lockers, NSO Group appears to be unable to count the number of European customers it has in total during testimony it was informed ahead of time it would need to attend.

That’s all NSO could provide, apparently. And it’s not much. We already know Poland is an NSO customer. (And it’s still part of Europe, no matter what the Russian government would prefer at the moment.) And it seems pretty clear the Spanish government has deployed the malware. Phones owned by Catalan members of the EU Parliament were hit with Pegasus malware and the Spanish government has made no secret of its desire to crush the Catalan independence movement.

That’s two out of the “at least five.” Every other country in the European Union has “national security interests” and a desire to fight crime — two justifications used by NSO to move its product — so it stands to reason the number of European customers is much greater than the “at least five” NSO claims to have.

More ridiculous than this open-ended (but still seemingly small!) number the NSO handed to EU lawmakers is the follow-up statement by its general counsel.

At least five EU countries had used NSO’s tool, Gelfand said, adding he would come back to MEPs with a “more concrete number.” 

“Come back?” Are you kidding? How does NSO’s lawyer not have the actual number readily available? How was it not possible to have the actual number sent to him during this inquiry, moments after asking for it from NSO’s executives or account managers?

The only answer for this lack of accurate information is someone doesn’t want it revealed. NSO may not want to let the rest of the world know how many customers it has in Europe, especially given the propensity of its customers to abuse its products. And plenty of EU members may not want the public to know they’ve been buying powerful tech tools from a shady digital arms dealer.

Claiming you’ll come back with an answer when you already have instant access to one is pure bullshit. Granted, it’s the kind of bullshit you pay your general counsel handsomely to deliver when facing government inquiries but it’s not the sort of thing that endears you to regulators or the public they serve. This inability to count past five is going to do more reputational damage to a company that literally cannot afford it.

Filed Under: , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSO Lawyer Tells Lawmakers Company Can Count To Five, Will Need More Time To Count Higher Than That”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Relevant movie quote:

(Lightly edited for “clarity”)

Yuri Orlov, [VP of Global Sales, NSO Group]: The reason I’ll be released is the same reason you think I’ll be convicted. I do rub shoulders with some of the most vile, sadistic men calling themselves leaders today. But some of these men are the enemies of your enemies. And while the biggest cyberarms dealer in the world is your boss – the President of the United States, who surveils more devices in a day than I do in a year – sometimes it’s embarrassing to have his fingerprints on the hacks. Sometimes he needs a freelancer like me to supply intel he can’t be seen supplying. So. You call me evil, but unfortunately for you, I’m a necessary evil.

ECA (profile) says:


So what could happen?
They give the program to everyone and we all live happily ever after?
Doubt it.
They could just Disappear, rename themselves and work under the table/black market. Its been done before.
They could ship copies into the net to hide it, and Off load it to new customers with no record of doing any business as everything in anon.

But Who wants privacy and WHO dont. For some reasons our gov. based most of our personal issues as private. But then we have ID, CC, SS#, and such, that get shared across many agencies and corps, With NO fall back to get them NOT to use our private numbers.
Nothing that SHOULD be enforced has been enforced.

What would happen if all our data was released? What else would they want? Pictures/DNA/Finger prints/ some sort of Proof positive that YOU are the person they are looking for.(star card anyone?)(I had to show a 40+ year old year book).
If privacy is such a big thing, why has the gov. NEVER taken certain groups to court?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...