The Israeli company 'behind' WhatsApp, Khashoggi, Qatari emir hacks

Israeli technology firm NSO Group has come under criticism again for providing the code used to hack phones through one simple WhatsApp call.
6 min read
14 May, 2019
NSO's spyware has been used to hack Emirati and Saudi dissidents' phones [Getty]

WhatsApp - a messaging and voice call app with more than 1.5 billion active monthly users - discovered earlier this month that users worldwide were vulnerable to a high-tech hacking technique which is thought to be behind the targeting of a select number of people.

Israeli spyware company NSO Group allegedly developed the malicious code that can hack any phone through just one WhatsApp voice call, The Financial Times reported on Monday.

WhatsApp users did not even need to answer the call for their phone to be infiltrated, according to one spyware dealer.

Who are the NSO Group

NSO is a technology firm based in Herzliya, Israel that, according to the company, provides governments with technology that "helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe".

While its name may seem nondescript, the company has worked for a decade to build some of the world's most invasive - but near undectable - mobile spyware.

NSO's co-founders Shalev Hulio and Omri Lavie are rumoured to be veterans of the Israeli army's Unit 8200, the country's elite military intelligence wing, according to Forbes.

They also created Kaymera, a mobile security outfit designed to tackle the exact problems presented by spyware developed by NSO and other malware creators.

Snooping on Khashoggi

The company's most infamous spyware, Pegasus, can be installed on a phone through a single text.

Once installed, the malware can access all communications on the mobile phone - from WhatsApp, Facebook and Telegram messages to Skype chats and Gmail conversations.

It can also be used to trace the owner's location and snoop on their surroundings using the phone's camera and microphone.

Omar Abdulaziz, a Saudi dissident based in Canada, last year implicated the software in the murder of Saudi journalist Jamal Khashoggi.

Khashoggi, a vocal critic of Saudi Crown Prince Mohammed bin Salman, was murdered in the Saudi consulate in Istanbul in October.

The journalist, who lived in the US, had been in frequent communication with Abdulaziz before his death.

The two outspoken Saudis had been working on several pro-democracy projects together, including a campaign to tackle Saudi government trolls on social media, Abdulaziz said.

But when his phone was hacked with the Pegasus malware, his conversations with Khashoggi were left vulnerable to prying ears, according to Canada-based research group Citizen Lab.

"For sure, they listened to the conversation between me and Jamal and other activists, in Canada, in the States, in Turkey, in Saudi Arabia," Omar Abdulaziz said in an interview with the Canadian Broadcasting Corporation.

Abdulaziz alleges that Saudi Arabia was behind the hack.

Saudi Arabia is among several authoritarian regimes to which NSO has sold its Pegasus hacking software.

The 27-year-old critic of the Saudi royal family has since launched a lawsuit against the company.

But Abdulaziz is not the only dissident to have been hacked by Pegasus.

From Mexico to the UAE

NSO signed a reported $20 million  deal with Mexico in 2012.

Since then, the company's Pegasus spyware has allegedly been used to hack a range of political opponents, activists and journalists in the Central American state, according to Citizen Lab.

The Canadian research outfit has been prolific in producing reports on NSO and Pegasus.

Mobile phones in at least 45 countries have been hacked by Pegasus software wielded by around 36 likely operators, according to Citizen Lab

In 2016, Citizen Lab alleged that another prominent NSO customer, the UAE, had used Pegasus-predecessor Trident in an attempt to hack the phone of award-winning Emirati human rights activist Ahmed Mansoor.

Mansoor, currently in prison on a 10-year sentence for spreading "misinformation" on social media, received a text promising him vital information about the torture of detainees in Emirati jails - if he clicked on the attached link.

Instead of clicking on the link, Mansoor forwarded the text to Citizen Lab, who determined that a successful hack using the technology would have given the UAE almost complete access to his phone.

The UAE has allegedly since used Pegasus software to hack phones belonging to Qatar Emir Tamim al-Thani and Lebanon Prime Minister Saad al-Hariri, among others.

Emails leaked last year revealed that the Emirati government had been trying to hack the phone of Qatar's Sheikh Tamim for at least four years, and had allegedly been successfully in infiltrating the communications of 159 Qatari royals and officials.

Another target was the former head of the Saudi National Guard, Prince Mutaib bin Abdullah, who at the time was considered a contender for the throne.

Prince Mutaib was removed from his post in 2017 and arrested as part of a purported anti-corruption probe led by the powerful crown prince targeting rivals.

Saudi Arabia has also purchased the technology, which it reportedly used to hack the phone of an Amnesty International worker, as well as Abdulaziz, London-based Saudi satirist Ghanem al-Masrir and Saudi activist Yahya Assiri, who founded the UK-based human rights organisation ALQST.

Amnesty on Tuesday launched a legal case in Israel calling on the Israeli defence ministry to cancel NSO's export license, alleging that the company has recklessly sold technology to authoritarian regimes, further endangering human rights in those countries and elsewhere.

According to Citizen Lab, mobile phones in at least 45 countries have been hacked by Pegasus software wielded by around 36 likely operators - six of whom, the research group says, are countries with a history of "abusing spyware to target civil society".

Mobile phone owners across the Middle East have been affected, with targets in almost every Arab country, with the exception of Sudan, Syria and Mauritania.

People in the US, UK, Turkey and Israel have also been targeted.

Lawsuits and spies

In addition to Amnesty and Abdulaziz's lawsuits, legal cases against NSO have been lodged in Cyprus and Israel by lawyers representing a group of Mexican journalists and a Qatari journalist.

Lawsuits have also been filed in Panama alleging that the president used the Israeli spyware to snoop on political rivals.

Three lawyers involved in the Cyprus and Israel-based legal cases against NSO were approached by "spies" in an attempt to get them to reveal sensitive information about the lawsuits, as well as to goad them into making anti-Israel statements that might discredit the cases, it was reported in February.

Operatives also approached two Citizen Lab researchers and Eyad Hamid, a journalist with The New Arab's Arabic service who had covered the UAE and Saudi Arabia's use of the Pegasus spyware.

The agent had initially approached Hamid claiming she worked for an organisation, "MGP Management Group", which offered scholarships to Syrian students.

Further investigation suggests "MGP Management" either does not exist or is a front group.

During the "application process", the agent pressured Hamid to divulge information about his sources.