Uganda’s secret deal that has brought NSO to the brink of collapse


A man walks past the entrance to the building of the Israeli cyber company NSO Group at one of its branches in the Arava desert on November 11, 2021, in Sapir, Israel.
Enlarge / A man walks past the entrance to the building of the Israeli cyber company NSO Group at one of its branches in the Arava desert on November 11, 2021, in Sapir, Israel.

Amir Levy | fake images

In February 2019, an Israeli woman sat in front of the Ugandan president’s son and made a bold pitch: Would she secretly want to hack any phone in the world?

Lieutenant General Muhoozi Kainerugaba, in charge of his father’s security and long-whispered successor to Yoweri Museveni, was interested, two people familiar with the sales pitch said.

After all, the woman, who had ties to Israeli intelligence, was throwing Pegasus at him, spyware so powerful that Middle Eastern dictators and autocratic regimes had been paying tens of millions for it for years.

But for NSO, the Israeli company that created Pegasus, this flirtation with East Africa would turn out to be the moment he crossed a red line, enraging American diplomats and setting off a chain of events that would put him on the department’s blacklist. trade, pursued by Apple. and driven to the brink of defaulting on its loans, according to interviews with US and Israeli officials, industry experts and NSO employees.

A few months after the initial rapprochement, NSO CEO Shalev Hulio landed in Uganda to seal the deal, according to two people familiar with NSO’s business in East Africa. Hulio, who flew around the world with permission from the Israeli government to sell Pegasus, liked to demonstrate in real time how he could hack a new boxed iPhone.

The eventual business was small for NSO. A person familiar with the transaction said it generated between $ 10 million and $ 20 million, a fraction of the $ 243 million that Moody’s estimated the privately owned NSO made in revenue in 2020.

But about two years after the sales pitch, someone deployed Pegasus to try to hack into the phones of 11 American diplomats and employees of the U.S. embassy in Uganda, according to two U.S. officials, who spoke after Apple sent out notifications when the manufacturer iPhone discovered and closed a flaw in its operating system in November.

It is unclear who attempted to hack American citizens. Uganda’s neighbor, Rwanda, had also been using Pegasus to hack phones inside Uganda, but the revelation shocked the United States. NSO has always told its customers that US phone numbers are prohibited. In this case, all 11 targets used Ugandan numbers, but had Apple logins using their State Department emails, according to the two US officials.

NSO said it closed the hacking systems for “clients relevant to this case” and is investigating the problem. A person familiar with the company said it no longer has business in Africa.

Museveni’s presidential press secretary and the Ugandan government’s information minister did not respond to a request for comment. A person close to Museveni said they were “not authorized to speak on the matter.”

Israeli and US officials declined to confirm that the Ugandan attack directly triggered the decision to blacklist NSO. But a US official who discussed the issue with the Israel Defense Ministry said: “Look at the full sequence of events here; this is careful, not by chance.” He added that putting NSO, one of the jewels of Israel’s tech community, on a US blacklist was designed to “punish and isolate” the company.

The blacklist, which occurred in November, means that NSO cannot purchase any equipment, services, or intellectual property from US-based companies without approval, crippling a company whose terminals run on Dell servers and Intel, Cisco routers and whose desktops. they run on Windows operating systems, according to a specification sheet from a sale to Ghana, West Africa.

In recent weeks, for example, Intel has asked all of its employees to terminate any ongoing business relationship with NSO, a person familiar with the matter said. Intel said in a statement that it “complies with all applicable US laws, including US export control regulations.”

A new CEO, Itzik Benbenisti, hired by Partner Communications, one of Israel’s largest telecom providers, resigned two weeks from his new job after being blacklisted. And as the company tried to cheer up its employees with a Hanukkah party in the Eilat seaside resort, Hulio, who took over the reins after Benbenisti stepped down, was less optimistic in a recent phone call with a former business partner.

“We always knew this thing had an expiration date,” he told the friend, complaining that some clients had asked to switch their contracts to lesser-known rivals, according to a person familiar with the conversation.

After spending a decade in favor of the Israeli government, NSO now finds itself as an irritant in US-Israel relations, spending the vital “foreign policy bandwidth we need to talk about Iran,” he said. an official from the Ministry of Foreign Affairs who requested anonymity.

That’s a change for NSO, which former Prime Minister Benjamin Netanyahu used as a diplomatic calling card with several countries, including the United Arab Emirates, Morocco, Bahrain and Saudi Arabia, which had no official relations with Israel.

The reputational damage has also made it difficult to recruit the most promising graduates of Israel’s elite signals intelligence units, who have the skills to repeatedly circumvent the defenses of Android phones and iPhones.

For example, when Google reverse-engineered the stunt used against American diplomats in Uganda, it found tiny, fancy code that adapted the software from the Xerox machines of the 1990s to fit a so-called Turing machine, essentially a complete computer, in a single GIF file.

“Pretty incredible and, at the same time, pretty scary,” said Google engineers. “Wow. Just wow,” tweeted Yaniv Erlich, an Israeli professor of computer science at Columbia University.

“You can count on your fingers how many computers in the world could create something like this,” said John Scott-Railton, principal investigator at the Citizen Lab at the University of Toronto, who found the malware and caught it. from Apple.

NSO said it had hired 30 new employees in recent weeks. “There is an understanding among our employees that there is a huge gap between media reports and reality,” said a spokesperson.

Meanwhile, NSO has also fallen in the sights of Silicon Valley, after enraging Apple and Meta by hacking iPhones and WhatsApp.

Apple’s two-pronged approach – it has notified many of the targets of the NSO attacks, while suing the company in US courts – sent a “shock wave” to the industry, said a person familiar with the matter.

Apple and Citizen Lab have also shared the technical secrets of NSO, which worries rival companies enough to ask their customers to reduce their use of other spyware, for fear of getting caught in Apple’s network, said one. Former top executive of an Israeli tech group.

“There is a sense that this is an all-out war against the entire industry,” he said, adding that senior Israeli employees of NSO and other similar firms are “staying” in Israel to avoid being lured in for questioning in the United States. and its allies.

For now, pressure from the United States had left NSO with few options, company experts said. Moody’s has downgraded NSO’s debt as the company’s free cash flow turned negative in 2020 and is expected to remain negative this year. “There is a high risk that NSO is not complying” with an agreement on the $ 500 million in loans that were needed in 2019 to go private with a valuation of $ 1 billion, Moody’s said.

It has hired Moelis & Co, a New York-based investment bank, to see if it can sell parts of the company to raise cash, even offering to make Pegasus a “defensive” product if that makes it more palatable to US investors. . .

Last Wednesday, that window was narrowed as well: 18 U.S. senators wrote to Secretary of State Antony Blinken and Secretary of the Treasury Janet Yellen to sanction NSO under the Magnitsky Act, along with a handful of other cyber-surveillance firms.

If the US acted on that request, NSO would be cut off from the US banking system and its employees would be barred from traveling to the US.

© 2021 The Financial Times Ltd. All rights reserved It must not be redistributed, copied or modified in any way.


arstechnica.com

Leave a Reply

Your email address will not be published. Required fields are marked *