NSO Stuck in the Eye of the Tornado Pointing the Finger to Its Clients

• The NSO Group is under fire from all directions and now blames its clients for potential abuse of “Pegasus”.
• The spyware developer continues to claim that the list is fake/fabricated and that all media reports are baseless.
• The state of Israel protects NSO and its interests, but France has already launched a probe against the firm.

The “Pegasus” spyware revelations that came to confirm what was long suspected around the unethical deployment of NSO’s tools have marked the beginning of the end of impunity for companies of this kind, and the Israeli firm isn’t happy about it. After the name of France’s President Emmanuel Macron was found among the list of targets from the alleged leaked data, the French prosecutor’s office decided to open a probe against the NSO group, and more countries are expected to follow soon.

Let me be clear: export regulations, licensing, and reviews have been in place for years. They did not work, and cannot work.

A moratorium on the trade in intrusion software is the bare minimum for a credible response—mere triage. Anything less and the problem gets worse. https://t.co/214Dt9IWWa

— Edward Snowden (@Snowden) July 20, 2021

The spyware creator has dismissed the validity of the Amnesty International and ‘Forbidden Stories’ reports since the first moment those saw the light and continues along the same line. The Israeli company has released the following statement in response to a deluge of media requests on the scandal:

In the same statement, the NSO reminds the public that it does not operate surveillance infrastructure, has no visibility over what its customers do with its spyware tools, and if anyone abuses access or breaches the terms of use, it is their fault. NSO maintains that it cannot be held accountable for cases of abuse because, simply put, it is in no position to even confirm these cases. This is like admitting that they sell access to spyware without putting any limits around ethical deployment, confirming that they cannot be trusted.

On the matter of the list, NSO denied that President E. Macron was ever a target and also added that the 50,000 victims presented in the supposed leaked data couldn’t even represent all the targets of its clientele since the beginning of its operation. On the topic of the source of the leak, which is rumored to be a Cyprus-based server, the company responded by saying they have no servers in Cyprus at all. And finally, a spokesman stated that since NSO operates no central surveillance system, there can be no database counting 50,000 entries unless all of their clients collaborated and exchanged information somewhere else, which is overly far-fetched.

‘Forbidden Stories’ actually analyzed the devices of 67 people in the leaked list and indeed found “Pegasus” on 37 of them. NSO, which previously maintained that none of these phones were targets, explained the existence of their malware on the devices as a coincidence.

In the meantime, Amnesty International has requested an Israeli court to stop the NSO Group from exporting any surveillance tools to other countries. Still, the Tel Aviv District Court judge dismissed the request saying that the human rights protection organization didn’t produce enough evidence to support having NSO’s export license revoked. Amnesty responded to this, saying that the judge ignored a mountain of evidence and characterized the court as “a rubber stamp to the Defence Ministry’s impunity to human rights violations.”