NSO Group Pitched Its Spyware to the Secret Service

Emails obtained by Motherboard show the U.S.-branch of NSO Group was pitching its product to U.S. agencies as recently as 2018.
July 23, 2020, 1:00pm
Westbridge's Phantom
Image: Motherboard

Westbridge Technologies, an American-branch of Israeli surveillance firm NSO Group, pitched its phone hacking product to the U.S. Secret Service, according to emails obtained by Motherboard.

The news provides more insight into NSO's attempted expansion into the United States, following similar attempts with city police departments. The emails also show Westbridge was trying to pitch NSO's phone hacking technology to U.S. agencies more recently than previously known; this time, some of the emails date from 2018.

Advertisement

"No requirement to be in proximity to the target, or conduct forensics. The owner of the device is NOT aware he is vulnerable," an email sent to the Secret Service reads. The sender's name is redacted, but their title is listed as President of Compass Stratagem LLC, a company based in Texas.

Do you work at NSO Group, did you used to, or do you know anything else about the company? We'd love to hear from you. Using a non-work computer or phone you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

According to LinkedIn and other online records, the company's President is James Rose, a former senior Army intelligence official. The emails appear to show Compass Stratagem pitching the phone hacking technology on Westbridge's behalf. Rose did not respond to a request for comment.

The subject line of the email reads, "Vendor Meeting Request Westbridge Technologies." Motherboard obtained the emails through a Freedom of Information Act (FOIA) request to the Secret Service.

Westbridge has a phone hacking product called Phantom, according to a brochure obtained by Motherboard. A former NSO employee previously said that Phantom was "a brand name for U.S. territory," but the "same Pegasus," referring to NSO's Pegasus malware product.

Advertisement

NSO is most well known for selling Pegasus to authoritarian regimes such as Saudi Arabia and the United Arab Emirates which have used the product to spy on dissidents and human rights defenders. Earlier this month Motherboard confirmed with a former NSO employee that Spain has also been a customer; The Guardian and El Pais found that NSO malware was used to target the phones of top Catalan politicians.

1595444080007-secret-service-westbridge-email

A screenshot of one of the emails sent to the Secret Service regarding Westbridge. Image: Motherboard

One of the emails to the Secret Service says Westbridge's product offers "Superior smart phone exploitation," including geolocation of a target and interception of voice calls. The email also specifically mentions access to encrypted applications such as WhatsApp, Telegram, and Signal.

"These capabilities are MRL 10 and currently available for employment to support USSS [U.S. Secret Service] missions," the email from the Compass Stratagem president adds, with "MRL 10" referring to an industry term meaning the product is in full production.

"We welcome the opportunity to meet with your team and conduct a demonstration of these superior intelligence collection and exploitation capabilities," the email adds.

Another email from December 2016 with the subject heading of "Phantom demo," indicates some form of meeting may have taken place earlier on. That email was written by the director of another company called E-TEL Systems Corporation, according to the email signature. Mark Deyle, who is listed in online records as the director of the company, did not respond to a request for comment.

Advertisement

E-TEL has a number of contracts with government agencies including the DEA, according to public records. Motherboard previously reported how NSO tried to acquire other U.S. companies for their sales connections to the government.

In previous statements this year, an NSO spokesperson has told Motherboard that NSO exercises no control over Westbridge. The Westbridge-authored brochure for Phantom previously obtained and published by Motherboard says "Westbridge Technologies is the North-American branch of NSO Group."

This week when asked to clarify whether NSO has ever at any point previously exercised control over Westbridge, an NSO spokesperson did not directly answer the question, and said in a statement, "NSO Group's position, which has been stated repeatedly to Vice and other publications has not changed. We also remain incredibly proud of our technology’s record of saving lives and preventing terror and serious crime globally."

“We have to wonder why Mr. Cox continues to ask the same questions, while showing no appreciation that our detractors have never offered what their solution to the use of advanced encryption by criminals and terrorists is," the spokesperson added. (Motherboard has extensively covered the use of malware and hacking tools by law enforcement agencies to identify criminal suspects that they likely couldn't unmask through other means).

The Secret Service has used hacking techniques before. In 2016 a Seattle Police Department official acting in their capacity as a Task Force Officer for the Secret Service tried to find the real IP address of a ransomware hacker using code hidden in a file sent to the attacker, according to recently unsealed court records reviewed by Motherboard.

The Secret Service did not respond to a request for comment.

Subscribe to our cybersecurity podcast, CYBER.