from the sleeping-with-dogs,-acting-surprised-about-the-fleas dept
It’s more difficult to choose your investors than your customers. Maybe this isn’t entirely NSO’s fault, but it certainly helped make it easier to sell powerful zero-click exploits to the governments most likely to abuse them. Here’s Kaye Wiggins and Mehul Srivastava for the Financial Times.
An Abu Dhabi state-owned investment company has been an investor in Israeli cyberweapon maker NSO Group since 2019, during which time NSO’s Pegasus spyware has been traced to the phones of journalists, human rights activists and the estranged wife of Dubai’s ruler.
Mubadala Capital, a unit of the $243bn fund chaired by Abu Dhabi’s crown prince Sheikh Mohammed bin Zayed al-Nahyan, is one of the largest investors in the €1bn private equity fund that bought NSO three years ago, according to three people with knowledge of the matter.
Dubai’s ruler Sheikh Mohammed bin Rashid al-Maktoum ordered the phones of his ex-wife and her lawyers to be hacked as part of a “sustained campaign of intimidation and threat” during the custody battle over their children…
Human rights are nearly nonexistent in the United Arab Emirates. But there’s plenty of money. And that money was used to keep NSO alive as it continued to build market share by selling spyware to multiple governments, including those which were obviously going to use them to engage in even more human rights violations.
This investment occurred before the equity fund actually acquired NSO, which may indicate the state-owned investment company wasn’t initially interested in obtaining some control of the Israeli malware maker.
But that innocence (or, at least, plausible deniability) vanished shortly thereafter. It appears the UAE sought more direct control of NSO, even as the exploit developer’s reputation was experiencing a steep decline.
In a sign of how much the UAE wanted unfettered access to the spyware, the government of Abu Dhabi held internal discussions about potentially buying the company outright in the autumn of 2021, according to a person familiar with the discussions. Those talks did not progress beyond preliminary conversations. Around that time, NSO said it had cancelled its contract with the UAE over the use of Pegasus to target the princess and her lawyer’s phone.
This news isn’t going to rehabilitate the image of any of the involved parties. The UAE’s reputation is well-deserved and the ruling class shows no desire to change it. NSO is pretty much the equivalent of a junk bond, as investors distance themselves from this toxic asset. And its most powerful spyware might be mothballed as the company explores pivoting to defensive tools in hopes of resuscitating its tarnished brand and undo sanctions imposed on it by the US government. But it may be far too late to perform any of these tasks. And if NSO somehow manages to remain in existence unaltered, its financial supporters should continue to be heavily scrutinized.