Israel Cybersecurity firm NSO Group which develops ways to break through encryptions and security systems was accused by Amnesty International and Microsoft of helping governments hack the telephones of journalists. Specifically, NSO Group’s Pegasus Spyware software is said to be used by nefarious regimes to hack into the cell phones and computers of journalists and political opponents alike. Well now Shalev Hulio, the CEO of NSO Group, is speaking out.
NSO Group develops cybersecurity technology to help government agencies detect and prevent terrorism and crime. Its products are used by licensed government intelligence and law-enforcement agencies. NSO boasts that its technology has helped prevent terrorism, break up criminal operations, find missing persons, and assist search and rescue teams.
Amnesty International has alleged that NSO Group’s spyware was used to facilitate” human rights violations around the world on a massive scale.” This accusation, says Amnesty International, is based on what they describe as a major investigation into the leak of 50,000 phone numbers of potential surveillance targets. These included heads of state, activists and journalists, including Jamal Khashoggi’s family.
In an interview with Calcalist, Shalev Hulio, gave his side of the story. The publication pointed out that the accusers, in their report, did not reveal the source of their list of 50,000 phone numbers that they say were hacked or under the surveillance of governments and organizations using the Pegasus software. Also, no evidence was given that NSO Group’s software was used in these hacks if they in fact did take place.
So what, if anything, had NSO Group known or heard about these hacks before the report was released?
“Around one month ago we received the first approach from an information broker,” Shalev Hulio told Calcalist. “He said that there is a list circulating in the market and that whoever holds it is saying that the NSO servers in Cyprus were hacked and that there is a list of targets there and that we should be careful. We looked into it.”
Well Hulio explained that NSO Group does not have servers in Cyprus and nor does it have these types kinds lists. He also said that 50,000 figure does not “make sense in any way so it has nothing to do with us.”
NSO Group was later approached by two different clients who said that brokers came to them claiming that they have a list related to NSO. “We eventually received some screenshots of the list the brokers managed to get a hold of and based on that we understood that this doesn’t look like the Pegasus system,” explained Shalev Hulio, “certainly on the server, and that this is an engineered list unrelated to us. We looked over it with the clients and it slowly became clear to us that it is an HLR Lookup server and has nothing to do with NSO. We understood that this was a joke.”
NSO Group had already released a statement saying that the report is “full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources.” NSO Group asserts that whoever the “unidentified sources” cited may have been, their claims have “no factual basis and are far from reality.”
“After checking their claims, we firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims,” read he statement. “In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit.”