In the summer of 2016, a Dubai-based human rights activist was targeted with a sophisticated iPhone hacking tool. That piece of malware had been developed by NSO Group, an Israeli company that sells surveillance and hacking tools to governments around the world.
It was the first time its malware—called Pegasus—was discovered in the wild, but NSO Group had been selling it since 2011, according to Israeli newspaper Yedioth Ahronoth. In 2016, NSO was so reluctant to get any public attention that it didn’t even have a website, and the little press coverage it got was vague and made it look like the company was secretive.
Three years later, NSO is stepping into the light with a marketing and public relations push unprecedented for a company that operates in the shady world of government hacking contractors. Whereas only two years ago only people who follow the government spyware industry knew what NSO was, it is now giving more interviews to the press (including a segment on 60 Minutes this weekend), buying Google search ads, and just launched a sleek new website.
“Nothing has been proven.”
Many people probably heard of NSO for the first time in December 2018, when a New York Times story that claimed the company helped Saudi Arabia spy on the Washington Post journalist Jamal Khashoggi before he was killed in the Saudi consulate in Istanbul, Turkey in October of last year.
A reader who wanted to learn more about NSO would understandably turn to Google search, where, in some cases the first result would be a Google Ad campaign paid for by NSO. The ads are not visible at the time of publication but Motherboard has seen them multiple times over the last few days. Ads for NSO’s new site came up when searching for the company’s name, but also when searching for the name and words such as “abuse,” and “human rights.”
An NSO Group spokesperson told Motherboard that “like many companies, NSO purchased Google Search ads as part of our new website launch.”
“The ads are displayed to users who might want to learn more about NSO and our work helping intelligence and law enforcement agencies prevent and investigate crime and terror to save lives,” the spokesperson said in a statement sent via email.
Google did not respond to multiple requests for comment.
The only other time a spyware company like NSO Group did anything like this was when Hacking Team, an Italian company that also sells spyware to governments, made an infamous commercial featuring a hooded actor. In 2012 FinFisher, a British-German competitor, gave Bloomberg access to its managing director.
Got a tip? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com.
NSO's new website features buzzwordy statements on how the company operates (“We take a pioneering approach to applying rigorous, ethical standards to everything we do”) and tries to lure new hires by showcasing employees enjoying the company's game room and doing pilates. The site also claims NSO’s tech helps “save thousands of lives around the globe.”
NSO Group’s marketing campaign has been accompanied by what appears to be a carefully orchestrated public relations tour. In the last few weeks, NSO’s founders gave an extensive on the record interview to Yedioth Ahronoth, and sat down with CBS News’s 60 Minutes, allowing cameras inside the company’s office for the first time.
In interviews for the Yedioth Ahronoth story and the 60 Minutes feature, NSO executives didn’t share a lot of new information about the company, but took the opportunity to deny any abuses of its technology, and strongly deny Pegasus had any role in the killing of Saudi Arabian journalist Jamal Khashoggi.
”You can dress up Frankenstein all you want, but deep down he's still a monster.”
In Yedioth Ahronoth, NSO Group claimed to have helped stop “several very big terror attacks in Europe,” and have a crucial role in bringing down Mexican drug lord Joaquín “El Chapo” Guzmán. Talking to 60 Minutes, NSO Group’s co-founder Shalev Hulio said Pegaus spyware has helped save “tens of thousands of people.”
This sudden openness comes at a crucial time for the company.
In the last three years, researchers at Citizen Lab, an academic group at the University of Toronto’s Munk School that studies how new technologies impact human rights, has uncovered around 30 cases where NSO spyware was used to target human rights activists and journalists in countries like Mexico, United Arab Emirates, but also Canada. In the summer of last year, Amnesty International accused the company of providing malware to someone who targeted one of its researchers. Then in November, Forbes found that someone had attempted to hack a Saudi dissident in London with NSO’s malware.
NSO Group’s founders also just recently regained control of the company with the help of a European private equity firm. The deal valued the company at around 1 billion, according to reports. As a result of the deal, some financial firms have taken a look at the company, revealing interesting new details about it, such as the fact that the company has more than 60 customers in 35 countries, and around 600 employees.
Despite the multiple public cases of abuse detailed by researchers and journalists, NSO Group’s co-president Tami Shachar told 60 Minutes that “nothing has been proven.”
Hulio doubled down, saying “we only had real three cases of misuse, three cases. Out of thousands of cases of saving lives, three was a misuse, and those people or those organizations that misuse the system, they are no longer a customer and they will never be a customer again.”
Ronald Deibert, Citizen Lab’s founder and director, said NSO Group should acknowledge and prevent abuse, instead of “putting window-dressing on their increasingly smeared public profile.”
“Our (and others) data-driven, peer-reviewed and evidence-based research into NSO spyware shows indisputably that their technology has been used to target journalists, human rights defenders, staff at Amnesty International, research scientists, health advocates, and investigators into mass disappearances,” Deibert told Motherboard in an email. “That’s not something you can PR out of peoples’ minds. You can dress up Frankenstein all you want, but deep down he's still a monster.”
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.