In response to the news on Thursday, NSO put out a prepared statement, saying the company's "mission is to help make the world a safer place" and that it only sells to "authorized" governments. The company also denied having any knowledge of the attack caught by Citizen Lab, and that it "does NOT operate any of its systems."Founded in Israel in 2010 with funding from veterans of the country's elite 8200 intelligence unit, NSO has developed a reputation for being one of the most secretive outfits in the spying business. According to Reuters, the company, which specializes in the exploitation of mobile phones, has changed its name several times, much like the private military contractor Blackwater (now Academi)."If you want to work successfully in the cloak and dagger battlefield of cyber, you don't want just anyone Googling your information," Omri Lavie, one of NSO's co-founders, told Defense News in 2013 in a rare interview. Although the company does not have a website, on his LinkedIn profile, Lavie describes himself as "a serial entrepreneur, angel investor, early adopter of technologies."
In 2014, US private equity fund Francisco Partners acquired a majority stake in NSO for around $120 million. Just over a year later, Francisco was reportedly searching for a sale that could have valued the company at around $1 billion. At the end of 2015, it had an annual revenue of approximately $75 million, according to Reuters.NSO has clearly had some success at poaching employees from other Israeli vendors in this space. The company's current director of product management used to work at NICE Systems, which also sells surveillance technology, and its director of business development until recently worked at the defense contractor Elbit Systems. In all, NSO employs at least 200 people, according to its LinkedIn page.Ironically, or what is likely a clever business decision, Lavie and other NSO employees are also part of Kaymera, a company that promises to do the complete opposite of NSO: protecting phones from hackers' attacks. The NSO founders, as Bloomberg put it, essentially play "both sides of the cyber wars."These latest findings may be the first confirmation that NSO's reputation might be well deserved.PEGASUS RISESNSO's premiere product is named Pegasus. We knew very little about it until today, when researchers at Citizen Lab, a digital rights watchdog at the University of Toronto's Munk School of Global Affairs, and mobile security firm Lookout revealed that they had caught a sample of it in the wild, after it was unsuccessfully used against Ahmed Mansoor, a human rights activist in the United Arab Emirates.
"The NSO Group software and the way it's configured and run, it's all about not being detected, [it's] designed for stealth and to be invisible."
Adding weight to the prospect of NSO doing business with Mexico is another attack that Citizen Lab was able to identify. Rafael Cabrera, a Mexican investigative journalist, received a series of messages containing links that Citizen Lab believes are connected to NSO's infrastructure, but they haven't been able to find the malware that would have infected him. (Cabrera didn't click on the links, and when Citizen Lab tried to, the links were dead.)Thanks to the documented attack on Mansoor, we now know that the UAE is another very likely customer of NSO. If the past history with Hacking Team and FinFisher is any indication, we'll likely know of more in the months and years to come."This won't be the last time that we work in a case of dissidents and journalists targeted by expensive malware," John Scott-Railton, a senior researcher at Citizen Lab, told Motherboard.This story has been updated to include the NSO Group's statement.
"This won't be the last time that we work in a case of dissidents and journalists targeted by expensive malware."