Whistleblower claims NSO offered 'bags of cash' for access to US phone networks
Snoopware maker suggests remarks made 'in jest' as congressman refers allegations to prosecutors
Updated A whistleblower's allegations about spyware maker NSO Group should be investigated by American prosecutors, US House Rep Ted Lieu (D-CA) has said.
The informant claimed senior NSO executives offered "bags of cash" to California-based telecoms security and monitoring outfit Mobileum to assist in its surveillance work, according to the Washington Post on Tuesday.
Specifically, it's alleged NSO wanted to gain, with Mobileum's help, Signaling System 7-level access to US cellular networks, a position that can be abused to determine a cellphone's location, redirect and read its incoming text messages, snoop on calls, and more. SS7 is the glue between telecommunications providers, and subverting it opens up a wealth of opportunities for spies and miscreants.
Gerry Miller, who spent over six years at Mobileum and rose to veep of network security and client solutions, claimed that in August 2017, when asked how Mobileum would get paid, NSO co-founder Omri Lavie said: “We drop bags of cash at your office.”
“No business was undertaken with Mobileum,” NSO said in a statement. “Mr Lavie has no recollection of using the phrase ‘bags of cash’, and believes he did not do so. However if those words were used, they will have been entirely in jest.”
Also apparently on the call was Eran Gorev of private-equity biz Francisco Partners, which had a majority stake in NSO, before reportedly selling the biz back to the founders in 2019. Gorev offered a very similar statement.
“If such a meeting actually took place, I would absolutely never make a comment like this," he said. "If someone else made that comment, it would clearly have been made in jest and a colloquial expression or cultural misunderstanding.”
Both Mobileum and NSO Group denied they had any kind of business relationship.
- US lawmakers want to put NSO Group, 3 other spyware makers out of business with fresh severe sanctions
- Facebook locks out 1,500 fake accounts used by cyber-spy firms to snoop on people, alerts 50k potential targets
- American diplomats' iPhones reportedly compromised by NSO Group intrusion software
- Apple sues 'amoral 21st century mercenaries' NSO for infecting iPhones with Pegasus spyware
Miller complained about NSO's intentions to the FBI's whistleblower tip line in 2017 and, after receiving no response, he filed a more detailed report to the Dept of Justice, copying in the FCC and SEC. He also shared his report with Congressman Lieu, a Democratic member of the US House of Representatives who has a computer science degree.
"The NSO Group, which sells phone hacking software, tried to gain access to cellular networks by offering 'bags of cash', according to a whistleblower," Lieu tweeted Tuesday, adding that he has asked US prosecutors to look into the claims.
"I made a criminal referral to the Justice Dept," he noted. Lieu also said "no one's phone is safe," due to the insecurities of the SS7 protocol.
It's certainly not a good time for NSO. In November, the US Department of Commerce put the Israeli software maker on Uncle Sam's Entity List, making it all but impossible for the outfit to legally do business with American companies, following revelations that its Pegasus spyware was being used to snoop on people. Legislators are calling for further sanctions against the surveillance company as well.
Meanwhile, weeks after the Dept of Commerce took action, Apple sued what it called the "amoral 21st century mercenaries" at NSO for infecting iPhones and breaking Cupertino's terms and conditions. A similar lawsuit from Meta over WhatsApp hacking is also going through the courts. ®
Updated to add
"Mobileum does not have - and has never had - any business relationship with NSO Group," a Mobileum spokesperson told The Register.
"Mobileum does not have any direct access to the customer’s network and is unable to provide any kind of access, including SS7 access, to any third party. Mobileum’s products work towards the benefit of the operator, and not to their or their subscriber’s detriment."