The Israeli government officially mediated the sale of spyware made by private firm NSO Group to a number of Gulf nations to help them in surveillance of opposition figures, in deals worth hundreds of millions of dollars over the past few years, the Haaretz daily reported on Sunday.
Contracts were reportedly signed with Bahrain, Oman, Saudi Arabia and the emirates of Abu Dhabi and Ras Al-Khaimah. The report said Israel prohibited NSO from working with Qatar, an ally of Iran.
One deal alone was said to have been signed for $250 million, with no further details given.
“A product sold in Europe for $10 million can be sold in the Gulf for ten times that,” an individual familiar with the financials of NSO told the newspaper.
The report said that representatives of the Israeli government participated in some meetings between intelligence officials from Arab states and executives from NSO. Some of those meetings were said to have been held in Israel.
According to the report, the Israeli company only worked with governments and official organizations, but did not distinguish between democracies and dictatorships and had little sway over how the technology was used.
The company was said to have a team dedicated to sales in the Gulf, whose members all had foreign passports to ease travel. The report said each country was given a code name based on a car manufacturer beginning with the first letter of the country’s name: Saudi Arabia was Subaru, Bahrain was BMW and Jordan was Jaguar.
The report said that in NSO’s latest iteration of its hacking software, Pegasus 3, simply supplying the program with the phone number of the device one wants to hack usually allows the operator access to the device within several hours, with no action required by the targeted user.
Additionally, the report said NSO can “fully control” its software remotely, and shut it down or examine the intelligence being collected by its clients in real time.
Pegasus allows agents to effectively take control of a phone, surreptitiously controlling its cameras and microphones from remote servers and vacuuming up personal data and geolocations.
The company was said to have shut down the use of its software in Mexico after it was used against journalists, but the report said no such action had been taken in any of the Gulf states.
NSO is said to have also hired former Israeli security officers to help with the analysis of the Gulf information, separate to the phone hacking, as regimes were said to be struggling to make sense of the volume of data.
Unidentified employees told Haaretz that although the company has claimed it carefully regulates use of its software to only allow the tracking of criminals and suspected terrorists, there were no actual checks on its use.
According to the report, the software is designed to self-destruct if it detects the device it has been installed on has crossed a border into Israel, Iran, Russia, China or the United States.
The report also said that after the 2018 murder of Washington Post columnist Jamal Khashoggi at the Saudi consulate in Istanbul, which allegedly involved use of NSO’s Pegasus software, some employees of the Israeli firm protested and a few quit.
NSO Group CEO Shalev Hulio denied any connection to the incident. The report pointed out that the company’s compliance rules differ from country to country, allowing the possibility that a Saudi dissident could be labeled a “terrorist.”
Earlier this month, Israel and the United Arab Emirates announced a deal to normalize relations, bringing ties into the open that had been conducted in the shadows for many years.
A 2019 Amnesty International report found that UAE authorities “subjected detainees, including foreign nationals, to arbitrary arrest and detention, torture and enforced disappearance.”
A Human Rights Watch report for 2019 found that “UAE authorities have launched a sustained assault on freedom of expression and association since 2011. The UAE arbitrarily detains and forcibly disappears individuals who criticize the authorities within the UAE’s borders.”
In response to the Haaretz reported NSO issued a statement denying the claims made.
“The claims in the article are false and untrue. We are very proud of our technology, which each and every day helps to foil terror and prevent serious crime and pedophilia around the world, while we fully meet our compliance and human rights policy, which is unprecedented in the world,” the statement read.
Last month a US judge ruled that a lawsuit brought by WhatsApp against NSO Group can go ahead, meaning the Israeli spyware firm could be compelled to reveal information about its clients and practices, the Guardian reported.
WhatsApp is suing NSO Group, accusing it of using the Facebook-owned messaging service to conduct cyber-espionage on journalists, human rights activists and others. The accounts said to have been targeted included those of senior government officials, journalists, and human rights activists worldwide.
The lawsuit said the Pegasus software developed by NSO was designed to be remotely installed to hijack devices using the Android, iOS, and BlackBerry operating systems.
NSO Group has previously claimed that it only licenses its software to governments for “fighting crime and terror” and that it investigates credible allegations of misuse, but activists argue the technology has been instead used for human rights abuses.
Agencies contributed to this report.