NSO Made Millions Selling Phone Hacking Tools To The Princes And Kings Of The United Arab Emirates

from the handing-more-power-to-the-unassailably-powerful dept

NSO Group can't get a break. Too bad. It really doesn't deserve one. The inability of the Israeli exploit purveyor to escape this endlessly negative news cycle is entirely its own fault. And each passing day seems to uncover something new and nasty about the tech company, which has built its business by seemingly selling to whoever wants to buy, no matter how morally repugnant.

The company's malware has been deployed by a variety of repeat human rights offenders to target journalists, critics, dissidents, religious leaders, opposition parties, and the occasional heads of state of their allies. To its own critics, NSO has issued contradictions: it is not responsible for how its customers use its products and that it does everything it can to prevent misuse of its products. The contradiction is baked in: NSO says it pulls access for misuse while claiming it has no "visibility" into its customers' activities.

It also says it does not sell its powerful malware to private entities. But the fine line between public and private entities is never finer than in the United Arab Emirates, where the allied rulers of the area are also private citizens -- kings and princes with access to a whole lot of wealth and a whole lot of power.

A prince can claim to be a government official and still behave like a private citizen. Take Sheikh Mohammed bin Rashid al-Maktoum of Dubai. He's the king of Dubai. He's also in the middle of an extremely messy, somewhat public divorce from Princess Haya bint al-Hussein. His access to NSO's most popular phone exploit (Pegasus) allowed him to hack phones belonging to his ex, along with phones belonging to her legal reps.

But he's not the only UAE figurehead with NSO contracts. Israeli news agency Haaretz reports NSO has sold to other kings and princes who control parts of UAE: men who have plenty of private business that could benefit from a bit of phone hackery using tools obtained under the auspices of Official Government Business.

The Israeli cyber firm NSO sold its Pegasus mobile-phone hacking software to two different leaders of the United Arab Emirates – Abu Dhabi ruler Mohammed Bin Zayed and Dubai ruler Sheikh Mohammed Bin Rashid al-Makhtoum.

TheMarker has learned that the price each of these clients paid in dollars is a seven- to eight-figure number.

It's not that UAE doesn't have national security and law enforcement agencies that would make better homes for phone hacking tools. (I mean comparatively…) The UAE has a federal police force and a joint national security agency that's supposed to handle the sorts of things (serious crime, terrorist activity) NSO swears up and down its customers are using its exploits to combat.

So, why sell the princes and kings, who have few obligations to the people they rule over… you know, since they're rulers rather than elected officials? Apparently, the answer is because they have millions to spend on phone hacking tools and a company willing to exchange goods and services for money while pretending to hold its nose, cover its eyes and ears, and act all defensive when people ask the why in the almighty fuck are they selling exploits to the United Arab Emirates, much less its literal ruling class?

NSO says publicly (and a lot more frequently in recent months) that it takes a hard line on the abuse of its products to violate human rights. But it says that after years of selling to rulers with long histories of extremely severe human rights violations. Both things can't be true. And a cursory Google search would give NSO all the due diligence it needs to refuse to sell to rulers (and government agencies) located in places like Dubai and Abu Dhabi. (Not to mention others with the same cavalier attitude towards life and liberty.)

Recent revelations are forcing NSO to put its money where its mouth is. With every new report of violations and use by human rights violators, the company is now obligated to yank access and cancel contracts. I cannot imagine how uncomfortable it will be for the company to approach rulers who preside over areas where executions and disappearances of critics are commonplace. But suck it up, NSO. The best way to avoid having to tell brutal rulers their business is no longer welcome is to never welcome it in the first place.

Worse, the country NSO calls home may be partly to blame.

In some cases, including the sale of two systems to two separate rulers in the UAE, the Pegasus system was only sold following heavy pressure from the Israeli government, as part of the diplomatic warming between Israel and the UAE. Yet the system’s irregular use embarrassed NSO and caused the third bout of bad publicity the company has sustained since being blacklisted by the U.S. last week.

So, if the Israeli government feels any complicity in the current state of NSO affairs, it probably should send a couple of diplomats along to ensure the revocation of hacking power by NSO not only actually happens, but happens without part of the NSO sales force being disappeared for having the audacity to tell these half-patriarchy/half-oligarchy rulers to take their business elsewhere.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dubai, israel, malware, pegasus, spyware, surveillance, uae
Companies: nso group

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 23 Nov 2021 @ 7:43pm

    the third bout of bad publicity the company has sustained since being blacklisted by the U.S. last week.

    I am so glad I re-invested in popcorn futures when the NSO story first broke. And hey, after the Prenda show and the Liebowitz matinee, when the NSO story finishes, I should be able to afford my own Pegasus license.

    ... wait, they'll be gone by then. Anyone have other investment suggestions for a popcorn millionaire?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.