Revelations: NSO Group, designers of Pegasus, has 22 customers in EU, spyware vendors are legion
The shockwave of the Pegasus affair continues to spread, but this time it is the European Union that is affected. Representatives of the European Parliament’s committee of inquiry into Pegasus and similar spyware recently visited Israel and learned from NSO officials that the company has active contracts with 12 of the 27 members of the European Union. “The Israeli company’s responses to questions from the European Commission show that the company works with many security agencies in the EU,” says the widely circulated Israeli daily. hairnet.
This is a clear response to the claims made by the Forbidden Stories consortium (association of 17 western media outlets) and Amnesty International, through which the scandal happened, who claimed that the only European state using the Pegasus software is Hungary by Viktor Orban, a real pet peeve of European globalists. These media rushed to falsely and selectively target countries like Morocco. But blithely failed to look to their own countries.
Specifically, “Commission officials have been visiting Israel in recent weeks to advance their investigation into the local computer warfare industry and have spoken with NSO officials, Israeli Defense Ministry officials and local experts. Among the members of said commission is a Catalan MP whose mobile phone was hacked by an NSO client.
The commission was formed following the release of Project Pegasus last year and aims to create Europe-wide rules for the purchase, import and use of computer warfare software such as Pegasus. But while the commissioners were in Israel, and especially since their return to Brussels, it has become apparent that there is also a well-developed computer warfare industry in Europe, with many European customers.
Keep in mind that the Israeli company’s Pegasus spyware and competing products make it possible to infect the surveillance victim’s cell phone, then allow the operator to eavesdrop on their conversations, read the content of applications that should contain encrypted messages, and have full access on it grant device contacts and files. Pegasus also allows you to hear what’s happening around the cellphone in real time by activating the camera and microphone.
22 customers and 12 European countries affected
During their visit to Israel, European lawmakers wanted to know the identities of NSO’s current customers in Europe and were surprised to find that most EU countries had signed contracts with the company: 14 countries had past dealings with NSO and at least 12 still use Pegasus for lawful cell phone tapping, NSO responded to committee questions hairnet.
In response to questions from European lawmakers, the company explained that NSO is currently working with 22 “end users” – security and intelligence apparatuses and law enforcement agencies – in 12 European countries. In some of these countries there is more than one customer, whereby the contract is not concluded with the country but with the operating organization.
In the past, as NSO wrote to the Commission, the company worked with two other countries – but the ties have since been severed. NSO did not disclose which of those countries were still active customers or which two countries had frozen their contracts. But according to computer warfare sources, those countries are Poland and Hungary, which last year were removed from the list of countries Israel allows to sell offensive computer technology.
Some members of the committee believed that deals with Spain may have been frozen after surveillance of Catalan separatist leaders was revealed, but local sources said this country, considered law-abiding, is still on the list of officials dated Israeli Ministry of Defense approved countries. The same sources added that after the case broke, Israel, NSO and another Israeli company operating in Spain demanded an explanation from Madrid – and were promised that the Israeli devices were legal to use.
Sources interviewed by the Israeli daily confirm that the contract between the Israeli companies and the Spanish government has not been broken. In Spain, meanwhile, it became known that the politically problematic hacking operations were carried out legally.
The extent of NSO activities in Europe sheds light on the common aspect of resorting to the offensive computer industry by Western countries, which engage in wiretapping of civilians under the terms of the law and judicial control, as opposed to dictatorships who use them Services covert against dissidents. NSO, other Israeli companies and new European suppliers are competing for a market with legitimate customers – a job that usually doesn’t involve bad behavior.
This domain, dubbed lawful interception, has drawn the ire of tech companies like Apple (maker of the iPhone) and Meta (Facebook, which owns WhatsApp, which installs the spyware) in recent years. These two companies have filed a lawsuit against NSO for hacking phones through their platforms and are currently waging a battle against this industry. This computer war is also causing a lot of unrest in Europe, as the EU has passed comprehensive laws on the subject of data protection on the Internet. However, this does not mean that there is no interest in these technologies or their use in the old continent.
Just last week, revelations emerged that Greece was using Predator, a Pegasus-like spyware, against an investigative journalist and the leader of the Socialist Party. Prime Minister Kyriakos Mitsotakis said the siphoning was legal and based on an injunction. In this regard, it is worth noting that Predator is manufactured by the computer company Cytrox, which is registered in North Macedonia and operates from Greece.
Spyware made in the EU
Cytrox is part of the Intellexa group, which is owned by Tal Dilian, a former senior member of the Israeli intelligence service. Intellexa was previously based in Cyprus, but after a series of compromising incidents, the company moved its operations to Greece. While the export of Pegasus, NSO’s software, is monitored by the Israeli Defense Ministry, the activities of Intellexa and Cytrox are not.
A public debate has also recently taken place in the Netherlands, following further shocking revelations that the Dutch secret service used Pegasus to capture Ridouan Taghi, a drug lord arrested in Dubai and charged with 10 murders in sordid circumstances. Although the use of Pegasus was legal and activated against a criminal element, people in the Netherlands wanted to know why the secret services were involved in an internal investigation by the Dutch police. As a result, there were requests for a self-assessment of how the spyware was being used in the Netherlands.
In addition to Israeli companies operating on the continent, there are a number of spyware manufacturers in Europe. Last week Microsoft revealed the existence of a new spyware called Subzero, which is made by an Austrian company called DSIRF based in Lichtenstein. This spyware uses a sophisticated zero-day weakness to hack into computers.
Unlike NSO, which waited several years before admitting to working with clients in Europe, the Austrians fought back. Two days after Microsoft’s disclosure, they reacted sharply, stating that their spyware “was only developed for official use in EU countries (…) the software has never been cleverly misused”.
In Europe, companies that design spyware are more experienced: a few weeks ago, security investigators from Google unveiled a new spyware, Hermit, manufactured by an Italian company called RSC Labs, successor to Hacking Team, an old and well-known competitor whose internal correspondence was the source of a major leak, Wikileaks, in 2015. Hermit also exploited a little-known vulnerability to allow hacking of iPhones and Android devices, and their presence was found removed on devices in Italy but also in other countries such as Kazakhstan and Syria.
Here, too, there are indications that official European law enforcement agencies are also among the customers of RSC Labs, which is based in Milan and has branches in France and Spain. On its website, the company proudly reports more than “10,000 successful and legal hacking actions in Europe”.
Other cell phone and computer spyware has been uncovered in the past under the names FinFisher and FinSpy. In 2012 the New York Times revealed how the Egyptian government used this device, originally designed to fight crime, against political activists. In 2014, the spyware was found on the device of an Ethiopian American, raising suspicions that authorities in Addis Ababa are also customers of the British-German manufacturer Lench IT Solutions.
Quoted by hairnet, EU lawmaker Sophie In’t Veld, who is a member of the Pegasus Inquiry, said: “When a single company serves 14 member states as customers, one can imagine the size of the industry as a whole. There appears to be a huge market for commercial spyware, and EU governments are very eager buyers. But they are very secretive and keep it out of the public eye.”
Companies like NSO therefore face a dilemma: disclosing the identities of client governments using their tools legally will help deal with public criticism from organizations like Citizen Lab, the media and legislators, but considering future business-threatening confidentiality clauses, concluded in its contracts with its customers.
“We know that spyware is being developed in several EU countries. Not least Italy, Germany and France,” said Ms. In’t Veld. “Even if they use them for legitimate purposes, they have no appetite for more transparency, oversight and safeguards. The Secret Service has its own universe where normal laws do not apply. To a certain extent they have always been, but in the digital age they have become omnipotent and practically invisible and completely elusive,” she says hairnet.
When asked by the newspaper, NSO declined to comment. But one thing is certain: in Europe and elsewhere almost everyone uses Pegasus or something similar. And the destination Morocco is ultimately just the tree that hides the forest, very European this one.