The CEO of Israeli spyware company the NSO Group has stepped down and 100 employees are set to be made redundant as part of a restructuring, which will see it renew its focus on selling its controversial Pegasus surveillance software to NATO countries.
Outgoing CEO, Shalev Hulio was one of the founders of the scandal-hit company, and despite stepping down from the top job, he is expected to remain with the company. Current COO Yaron Shohat will lead the restructuring before the board appoint a new CEO.
Shohat says NSO’s products are still in high demand with customers including governments and law enforcement agencies. The COO said “NSO will ensure that the company’s groundbreaking technologies are used for rightful and worthy purposes”.
A statement on the restructuring says the company will examine “all aspects of its business, including streamlining its operations to ensure NSO remains one of the world’s leading high-tech cyber intelligence companies, focusing on NATO-member countries”.
What is NSO Group and why is its software controversial?
NSO’s flagship Pegasus software can be deployed to iPhone and Android devices remotely to give the client access to the data and sensors on the target phone. It is classified as a weapon by the Israeli government and its sale is restricted to foreign governments but not private entities.
But the company was placed on the US “entity list” last year, which means US companies are limited from doing business with it on national security grounds. Google’s top security specialist says the US government should impose even tighter regulation on spyware such as Pegasus.
The software can infiltrate a device without the owner noticing and once in the system can copy messages, harvest photos, record calls and even secretly record through the camera or microphone. It uses the same exploits as hacking groups but is sold by a commercial entity to governments around the world. It can infect any phone running iOS or Android and often gets in through a malicious link or phishing attack.
Pegasus and NSO has been heavily criticised by human rights groups and researchers who say customers have abused the technology. While the company doesn’t disclose its client list it has admitted to having to cut off at least seven customers for abusing the technology in the past.
NSO faces multiple lawsuits over hacking
The restructuring may have been prompted by NSO being hit by multiple lawsuits after allegations its tools had been misused by governments and non-governmental agencies to hack the mobile phones of journalists and politicians. The company says its technology is intended to help in the fight against terrorism as well as catch paedophiles and criminals.
Last year, a major international investigation revealed Pegasus has been used by authoritarian regimes to spy on political opponents, activists and journalists. More recently it has been deployed against government officials in the UK and Spain, including Prime Minister Boris Johnson’s office.
It has seen its client base shrink since the US blacklisting, despite reportedly being urged by creditors including Swiss bank Credit Suisse to continue selling Pegasus in the face of the international outcry about its use.
The use of spyware by governments around the world is growing, according to Kaja Ciglic, senior director of digital diplomacy at Microsoft. “It’s a practice that is growing, in terms of the numbers of different actors, the numbers of different governments engaging and investing in this area and the numbers of attacks and their sophistication,” Ciglic said at a European Parliament committee hearing into the use of Pegasus and other spyware earlier today.
Weaponising intelligence is nothing new, says Jamie Moles, a senior technical manager at network detection and response firm ExtraHop. But, he says: “We’ve never really seen it because we’re not told about it. We have never really seen it in the commercial market, which is what NSO is doing.”