In Latest Black Eye For NSO Group, Dubai's King Found To Have Used NSO Spyware To Hack His Ex-Wife's Phone
from the slumming-it-as-a-service dept
NSO Group has endured some particularly bad press lately, what with leaked data pointing to its customers' targeting of journalists, political figures, religious leaders, and dissidents. That its powerful spyware would be abused by its customers was not surprising. Neither were the findings from the leaked data, which only confirmed what was already known.
Despite this, NSO continues to make contradictory claims. First, it says it has no control (or visibility) as to how its customers use its products -- customers that include some notorious abusers of human rights. Second, it says that it cuts off customers who abuse its products to target people who only annoy their governments, rather than directly threaten it with criminal or terrorist acts.
Well, it's either one or the other. And if NSO is waiting for secondhand reports about abusive deployments to act, it really shouldn't be in the intel business. If NSO wants to stay above the fray, it could start by being a lot more selective about who it sells to.
If you're not selective, your customers will not only pettily target people (critics, activists, journalists, dissidents) the government doesn't like but will move on to the extreme pettiness of targeting people certain government officials don't like.
This latest nadir for NSO Group comes courtesy of court proceedings, which illustrates the danger of putting powerful cellphone exploits in the hands of the wrong people.
Dubai's ruler Sheikh Mohammed bin Rashid al-Maktoum ordered the phones of his ex-wife and her lawyers to be hacked as part of a "sustained campaign of intimidation and threat" during the custody battle over their children, England's High Court has ruled.
Mohammed used the sophisticated "Pegasus" software, developed by Israeli firm NSO for states to counter national security risks, to hack the phones of Princess Haya bint al-Hussein, half-sister of Jordan's King Abdullah, and some of those closely connected to her, according to the rulings.
That's the sort of thing you can expect to happen when powerful hacking tools are given to people who have never proven they're capable of handling power responsibly. Adding to the irony is the fact that the King's ex was tipped off by the wife of Tony Blair, who used to work as an outside legal adviser for NSO Group.
Now that this has been exposed, NSO is finally ready to take action.
Once the hacking was uncovered, NSO cancelled its contract with the UAE, Haya's lawyers said. The Israeli firm said it could not immediately comment on the case, but said it took action if it received evidence of misuse of Pegasus.
Well, duh (to use a technical term). But if NSO is so supposedly "proactive" why even sell to the UAE at all? It's not as though it has a long, storied history of respecting rights, much less those possessed by women who also happen to have angered the king? While I understand it might be difficult to promise investors steadily-increasing returns if you choose not to sell to questionable entities, it seems like a long run of bad press and government investigations might have the same effect on the bottom line. Or maybe NSO's investors are just as unconcerned about its partnerships with abusive governments as it is. Whatever the case is, it's led NSO to where it is now: a company best known for giving oppressive governments even more oppression options.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: dubai, hacking, malware, pegasus, princess haya bint al-hussein, sheikh mohammed bin rashid al-maktoum, spyware
Companies: nso group
Reader Comments
Subscribe: RSS
View by: Time | Thread
Free markets unconcerned
Hey, Free Market here. Free Markets never concernt themselves with what the [hero/heel] is going to do with the [product] they're selling.
Depending on [product], how much that matters is variable. For example, [water] or [foodstuff] is probably okay, but not [WMD].
For NSO...I wouldn't trust their product in the hands of Jack Ryan.
[ link to this | view in chronology ]
Re: Free markets unconcerned
Careful there, you might soon be hearing from Mr. Clancy's lawyers. Just sayin'.....
[ link to this | view in chronology ]
Different standards?
If NSO weren't an identifiable company located in a friendly nation, but rather "shadowy hackers" in China or Russia, wouldn't they be considered international criminals, or maybe even "terrorists?" I don't see them as any different from the people selling dangerous ransomware and other malware on the dark web.
I know that these kind of double standards are SOP for unprincipled, corrupt governments, but it is still hard to get used to.
[ link to this | view in chronology ]
Re: Different standards?
true, that
[ link to this | view in chronology ]
Re: Different standards?
While it's certainly possible to claim that the government purchasing and using weapons is a double standard, this is generally restricted to anarchists. A "monopoly on force" is otherwise pretty ubiquitous in every political system.
The difference between NSO and their equivalents in most other countries is that Israel allows NSO to pretty much freely export to other governments. Most nations either prohibit weapon developers from exporting at all, or strictly control the details of such exports.
The "shadowy hackers" in China or Russia are "international criminals" only in the sense that China and Russia wish to maintain plausible deniability over external use of weapons developed by their "NSO" equivalents. Internal use of said weapons is ubiquitous in both, without being attributed to "shadowy hackers." It's just called law enforcement, because they have no need for such deniability internally.
[ link to this | view in chronology ]
So a company
Creates a Program/game.
Distributes it to those that would like it.
then finds the owners of the program are abusing it?
Um,
Did anyone learn things from the Old days about programs and games?
We will crack and hack anything we can, one of the longest cracks took about 5 years, Bruce Lee.
Program was written to the center tracks and All of the rest of the disk was Track and sector errors. The protection looked at random track and sectors and if it didnt get the right error, would fail loading the game. You had to Write direct to the center track to create the game, then fill the rest of the disk with TONS of errors.
So they Think Anyone using the program will do AS' the company wishes?
Thats BS.
[ link to this | view in chronology ]
Six months later...
Yes, Sheikh...
Yes, Sheikh. We've managed to settle most of those lawsuits.
Yes, Sheikh. YES, Sheikh. I know it was embarrassing. It was embarrassing for us too, you know.
Yes, Sheikh. We purged the leakers from our staff. No, sheikh. We're pretty sure that if there had been another leak, we would have heard about it in the press. Or the courts.
... The press in the West, yes. We understand, and are grateful for your control of the press there. Makes things so much simpler.
Now, you did want to renew your subscription to our services, yes? No, we were telling the truth, Sheikh, when we said we cancelled your subscription. We just didn't say it would STAY cancelled...
[ link to this | view in chronology ]
Who knew... creepy stalker ex's can be really rich people too.
[ link to this | view in chronology ]
With absolute power comes... no responsibility.
The UAE rulers (emirs) are no different than the brilliant people we have here in the white world.
The Big Lie?
Stolen Election?
Do you think Team Trump isn't spying on people's cellphones?
Everybody in power is corrupt. The tools to help them are beside
the point. It is less important that "They used software from the NSO group" and much more important that "They used every available means to spy on, steal information from, deny access to, and harass" otherwise nonguilty parties.
THAT is what they do. THAT is unlawful in most western jurisdictions. THAT is still what they do.
How about that election being stolen from Captain Cheeto?
E
[ link to this | view in chronology ]