Tech

LAPD Got Tech Demos from Israeli Phone Hacking Firm NSO Group

LAPD

Members of the Los Angeles Police Department (LAPD) met with employees of the U.S.-branch of the controversial Israeli surveillance vendor NSO Group and received a demo of the company’s powerful phone hacking technology, according to emails obtained by Motherboard.

The news is more evidence of NSO’s attempted move into the U.S. market, and also provides new details on previously unreported NSO products.

Videos by VICE

“I would like to thank you again for the product demo you put on for us at LAPD headquarters,” Detective Mark Castillo, from the technical support unit of the LAPD’s major crimes division, wrote to Westbridge, NSO’s U.S.-arm, in a June 2016 email. Motherboard obtained the emails through a public records act request.

NSO is best known for selling its phone hacking technology to authoritarian regimes such as Saudi Arabia, which used a tool dubbed Pegasus to monitor the associates of murdered journalist Jamal Khashoggi. As Motherboard previously found, NSO also tried to sell a U.S.-focused version of that software called Phantom to other local U.S. police departments, with a San Diego Police Department officer describing the tool as “awesome.”

“Turn your target’s smartphone into an intelligence goldmine,” a brochure for Phantom reads. After infecting a phone, Phantom can steal a target’s emails, text messages, and contact list, and also track their physical location and more, according to the brochure.

Do you work at NSO Group, did you used to, or do you know anything else about the company? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Phantom appears to be one of the products that Westbridge demoed for the LAPD, according to the emails. The emails also reveal two other products Westbridge pitched to the LAPD, “Landmark” and “Hook.”

“If you have any additional info regarding Landmark, phantom and hook I would like to go over it with my crew. Also, if my command allows, I would like to set up another demo with just my team,” Castillo wrote in the June 2016 email.

A former NSO employee told Motherboard that Landmark is an SS7-based product. Whereas Phantom and Pegasus break into cellphone devices themselves, SS7 attacks target an underlying network that phones use to communicate, allowing surveillance companies to track a phone’s location or intercept communications without the cooperation of a phone carrier. At the time of the LAPD emails, NSO had merged with another company called Circles, a surveillance vendor focused on providing SS7 products. The former NSO employee described Landmark specifically as a “SS7 locating system.” Motherboard granted the source anonymity to protect them from retaliation from the company.

The LAPD did not end up buying Westbridge’s products, according to the emails.

“The last time we talked I was hoping we could find a funding source but unfortunately it doesn’t look like that is possible,” Castillo wrote in March 2017. “I would like you to see another demo for my crew but do not foresee [sic] able to purchase it. I would not want to waste your time.” NSO’s Pegasus product can cost millions or tens of millions of dollars.

Several major U.S. cities, including Los Angeles, have recently called or made moves to defund local police departments in the wake of widespread protests over police brutality. Los Angeles mayor Eric Garcetti said he would consider cuts of up to $150 million across the police department.

1591718681423-nso-email
A screenshot of an email from the LAPD to Westbridge. Image: Motherboard

An NSO spokesperson told Motherboard in an email, “As repeatedly stated, Westbridge Technologies shares a parent company with NSO but NSO exercises no control over Westbridge Technologies. With that said, NSO is incredibly proud of our product’s record of saving lives and preventing terror and serious crime globally. Our technology is provided to and operated exclusively by verified and authorized government agencies.”

Emails previously obtained by Motherboard showed the DEA also met with Westbridge, but decided not to buy the company’s technology as it was too expensive.

The LAPD did not immediately respond to a request for comment.

Subscribe to our cybersecurity podcast, CYBER.