Pegasus-pusher NSO gets new owner keen on the commercial spyware biz
Investors roll the dice against government sanctions and lawsuits
Spyware maker NSO Group has a new ringleader, as the notorious biz seeks to revamp its image amid new reports that the company's Pegasus malware is targeting yet more human rights advocates and journalists.
Once installed on a victim's device, Pegasus can, among other things, secretly snoop on that person's calls, messages, and other activities, and access their phone's camera without permission. This has led to government sanctions against NSO and a massive lawsuit from Meta, which the Supreme Court allowed to proceed in January.
The Israeli company's creditors, Credit Suisse and Senate Investment Group, foreclosed on NSO earlier this year, according to the Wall Street Journal, which broke that story the other day.
Essentially, we're told, NSO's lenders forced the biz into a restructure and change of ownership after it ran into various government ban lists and ensuing financial difficulties.
The new owner is a Luxembourg-based holding firm called Dufresne Holdings controlled by NSO co-founder Omri Lavie, according to the newspaper report. Corporate filings now list Dufresne Holdings as the sole shareholder of NSO parent company NorthPole.
Dufresne Holdings has removed "a number of directors and officers" across NSO and is involved in the company's day-to-day management, the Wall Street Journal added.
An NSO spokesperson meanwhile told The Register "the company is managed directly by our CEO, Yaron Shohat. The lenders are currently in a process of restructuring the shareholders."
The company has not only faced criticism over its Pegasus spyware implant, US and European officials over the past couple of years have cracked down on NSO in particular, and commercial spyware in general.
In November 2021, the Biden administration put NSO on the Commerce Department's blacklist and a year ago issued an executive order banning the US government from using commercial spy tools in certain situations, such as if they pose a counterintelligence or security threat or could be improperly used by foreign governments.
Some big tech companies and internet rights groups, however, say America still isn't doing enough to limit this prolific market sector's growth, and have called on Congress to weigh in on spyware, asking for sanctions and increased enforcement against so-called legit surveillanceware makers.
European lawmakers last year opened an inquiry into spyware in general, and Pegasus more specifically, after the code was found on cellphones associated with the British and Spanish prime ministers, Spain's defense minister, and dozens of Catalan politicians and members of civil society groups.
After more than a year of clamor about the dangers of spyware — being used to intimidate political opposition, silence critical media, and manipulate elections — the EU's PEGA committee earlier this month proposed … a Tech Lab.
This new organization will be tasked with device screening and performing forensic research – probably including testing vulnerability exploits.
- US Supremes deny Pegasus spyware maker's immunity claim
- EU proposes spyware Tech Lab to keep Big Brother governments in check
- Alien versus Predator? No, this Android spyware works together
- Spyware slinger QuaDream's reported demise may be the canary in the coal mine
These perfunctory efforts don't seem to have had much effect. Reports keep emerging about Pegasus and other surveillance technologies being used in ways that decidedly violate NSO's claims that it only sells the malware to legitimate government agencies "for the purpose of preventing and investigating terrorism and other serious crimes."
Just last week an investigation unveiled more cases of Pegasus being used to target civil society victims in Armenia, including a former Human Rights Defender of the nation, two journalists, a United Nations official, a former spokesperson of Armenia's Foreign Ministry (now an NGO worker), and seven other representatives in the state.
The joint investigation between Access Now, CyberHUB-AM, Citizen Lab, Amnesty International's Security Lab, and an independent mobile security researcher Ruben Muradyan, suggested the hacking is related to the military conflict in Nagorno-Karabakh between Armenia and Azerbaijan, a disputed territory which is currently being overseen by Russian peacekeepers since the 2020 war. ®