MIT TECH REVIEW: Modern "Death Merchant", mysterious Israeli Company NSO Group

Marty Monjib speaks slowly.She is as if she knows that she's being heard.

That day was Monjibu's 58th birthday, but I didn't feel much of his voice."The monitoring is hell."Monjib says."It's really painful. Everything you do and what you do in your life is managed."

Monjib, a professor of the history of UNIVERSITY OF MOHAMMED V in Rabat, Morocco, clearly remembers that day in 2017 when his life has changed.Until then, Professor Monjib, who had severely criticized the government in public, was accused by the government for risking national security.When he was sitting outside the court, he suddenly sent a short message from an unknown number on the iPhone.It included an obscene news, a petition, and a link to a black Friday sale ad.

A month later, an article was published on a national news site for the general public, which is closely connected to the Moroccan royal family, to accuse Professor Monjib's rebellion.Despite being used to being attacked, the harassment seemed to know anything about him, despite being used to being attacked.Another article contained information about the democratization movement that Professor Monjib was planning to participate.But he had not talked to anyone.There was an article that even wrote, "There is nothing to keep secret (Professor Monjib)."

Professor Monjib was hacked.The short messages sent to the iPhone in a row were all connected to a website.According to security researchers, the site plays a role like a lure that infects the world's most infamous spyware "Pegasus" to the accessible terminal.

Pegasus is a blockbuster product of the NSO Group (NSO Group), a 1 billion dollar surveillance company in Israel wrapped in secret veil, and is sold to judicial authorities and information agencies around the world.These organizations choose the target person, use the person's mobile phone to spyware, and use it to take over the device.Once you get infected with Pegasus, the mobile phone will no longer be your own.

NSO sells Pegasus as indispensable for searching for terrorists and criminals, just as weapons merchants sell conventional weapons.In the era of mobile devices and powerful encryption, these "legal hacking" appeared as a powerful tool for public safety, which is used if the judicial authorities have to access data.The NSO claims that the majority of customers are European democracy, but have not been disclosed and have been silent, so they have not been verified.

But in the case of Professor Monjibu, Pegasus is one of the many examples used as a crackdown tool.Among the cases related to Pegasus, Saudi Arabian journalists, Jamal Kashogi's murder, scientists and activists who promote political reforms in Mexico, and government monitoring of governments in Catalan separation independent politicians in Spain.be.Mexico and Spanish authorities have been criticized for denying the monitoring of opponents using Pegasus, but have a technical basis for that.

One of the evidence that Pegasus was abused was that in October last year, Pegasus operated Wats -up infrastructure in California to infect more than 1400 mobile phones, and its parent company's facebook.This is the lawsuit.According to the trial documents, Facebook surveyors found more than 100 human rights, journalists, and celebrities in the target.Every time I got a call, I found that I sent malicious code via the watt -up infrastructure and downloaded spyware from the server owned by NSO to the recipient's mobile phone.As the watts -up claims, these are acts that violate US laws.

NSO has been silent for such criticism for many years.NSO claims that most of the business is a national secret of Israel, and has rarely disclosed important details, such as operations, customers, and abuse prevention clauses.

But now NSO has signs of change.In 2019, the NSO owned by an unpublished stock investment company was sold to the founder and another unpublished stock investment company Novalpina for $ 1 billion.The new owner has decided a novel strategy.I decided to go to the world of the table.He has signed a contract with a famous advertising company and created a new human power policy and a new owned governance document.In addition, products such as "FLEMING", a new colon virus infection (COVID-19) tracking system, and "Eclipse", which can hack a drone that is considered a safety threat, has been appealed.

I talked to the NSO executives for several months and tried to know what I was doing to prevent human rights violations by using my company tools.The critics who regard NSOs as a threat to democracy, those who wanted to strengthen the regulations on hacking business, and the Israeli regulation authorities, which are currently responsible for the NSO management.The NSO executives talked about the future, policy of NSO, and procedures for dealing with problems, and published documents in detail the relationship with institutions that sold tools such as Pegasus.What I found was the appearance of NSO, a weapon merchant who was struggling with new and precise surveys that threaten the foundation of the industry as a whole (in NSO companies, Pegasus is a genuine weapon.It has recognized).

"Difficult work"

Sumuel Sanley has faced international issues from the first day, when he started working in NSO as a legal director.Just a few days after the lawsuit was filed by Watts -up, another legal problem was piled up on the desk of Sanley.All of them blame the company.In other words, NSO's hacking tools, which may be abused, are sold to the rich dictatorship and are almost liable for abuse.

Sanley, who was the vice president of a major weapon manufacturer, has a wealth of experience in retention and controversy.After talking a few times, Director Sanley, who has been able to understand it, has been instructed by the owner to change the corporate culture and operation of NSO, and he has said that he has improved transparency and does not cause human rights violations.。But on the other hand, Sanley was obviously frustrated that he could not refute critics because of his secret maintenance.

"It's a difficult job."Director Sanley spoke on a phone call from the NSO headquarters in Heltreeya, northern Tel Aviv."We understand the power of the tools and understand the effects of the tools abused. We are trying to do the right thing. We need government, information agency, confidentiality, and operation.Countings on gender and operation restrictions is a realistic issue. We are a corporate violation of human rights ...