The industry argues that this spying is necessary to track terrorists, kidnappers and drug lords. Still, they also note that the company hasn’t refused to sell its technology to any countries yet.
Advertisement
Ten sources who are familiar with the sales of the NSO Group said that the company has a strict internal process in place to determine whom it will sell its services to, with an ethics committee that is composed of employees and external parties.
According to Bill Marczak, a senior fellow at Citizen Lab that analyzed the attempted hack on Mansoor, there is no check on the spyware.
Now, a latest report from New York Times revealed more documents related to the NSO Group and its price lists for potential customers, especially corrupt governments who wish to snoop its enemies inside the nation and outside the borders.
Citizen Lab said that the high cost of iPhone zero-days, the apparent use of NSO Group’s government-exclusive Pegasus product, and prior known targeting of Mansoor by the UAE government suggested that the UAE government is the most likely suspect behind the attack. “NSO can say they’re trying to make the world a safer place, but they are also making the world a more surveilled place”.
The NSO Group’s spyware finds ways around encryption by baiting targets to click unwittingly on texts containing malicious links or by exploiting previously undiscovered software flaws. It’s been reported that a San Francisco-based private equity firm Francisco Partners has acquired a controlling stake in NSO Group for $120 million in 2014.
The company’s internal documents detail pitches to countries throughout Europe and multimillion-dollar contracts with Mexico, which paid the NSO Group more than $15 million for three projects over three years, according to internal NSO Group emails dated in 2013. He declined to comment on whether it would cease selling to the United Arab Emirates and Mexico.
The NSO Group also has other packages, which can allow any entity, government or not to hack a bigger number of targets.
Pegasus is created to give a remote attacker access to virtually very function on a victim’s device including emails, texts, location, browsing history, device settings, IM, microphone, phone calls, and calendar records. The Pegasus malware was installed in any target’s iPhones, Android Phones, Symbian and BlackBerry devices, just by tricking the users through emails or text messages. It can deny the phone access to certain websites and applications, and it can grab search histories or anything viewed with the phone’s Web browser.
The client has to pay a $500,000 installation fee for an initial setup, then they will have various packages depending upon the type of device they want to get access to. The prominent advocate reportedly received a text message from a “cyber war” company with a link to malware that would have jailbroken his handset and installed surveillance software. Pegasus, can also tap into Symbian and BlackBerry smartphones. To spy on 10 iPhone users, NSO charges government agencies $650,000.
Advertisement
Further surveillance targets will require the client to pay an additional fee: $800,000 for 100 extra targets; $500,000 for 50 extra targets; or $150,000 for 20 extra targets. The ordering party can “remotely and covertly collect information about the target’s relationships, location, phone calls, plans and activities – whenever and wherever they are…[and] It leaves no traces whatsoever”.
