wordpress blog stats
Connect with us

Hi, what are you looking for?

All you need to know about NSO Group and its Pegasus spyware

Since news broke that WhatsApp is suing an Israeli spyware company for exploiting a vulnerability in WhatsApp to plant spyware in users’ phones just by ringing the target’s device, people are wondering who and what NSO is.

What is the NSO Group?

According to its website, NSO Group, which also goes by Q Cyber Technologies, develops technology to “help government agencies detect and prevent terrorism and crime”. As per the website, the products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror. News that at least 20 Indians were targeted by the Pegasus software (more on it below) is especially damning because it suggests the government of India bought the product to surveil its own citizens who disagreed with the government.

In a 2016 email to Forbes, the NSO group had said that it did not operate any of its systems and was strictly a technology companies. “The agreements signed with the company’s customers require that the company’s products only be used in a lawful manner. Specifically, the products may only be used for the prevention and investigation of crimes,” the email said.

As per WhatsApp’s lawsuit, NSO Group was incorporated in Israel in 2010 and had a marketing and sales arm in the US, WestBridge Technologies, Inc. Between 2014 and 2019, a San Francisco-based private equity firm, Francisco Partners Management LLC, acquired a controlling stake in the NSO Group for $120 million. Now, however, it has been reacquired by its founders and management, a European private equity firm called Novalpina Capital, and Q Cyber is listed as the only active director of the Group and its majority shareholder.

Who is part of the NSO Group?

It was founded by two Israelis — Shalev Hulio and Omri Lavie. Both of them are on the company’s board. Lavie also co-founded Kaymera, a company that creates super-secure phones for government officials. So NSO Group and Kaymera offer complementary products. According to Forbes, Kaymera and NSO’s offices are located next to each other.

Advertisement. Scroll to continue reading.

Its other directors include citizens of the USA, UK, Germany and Israel. Its senior advisors include Tom Ridge, the first American Secretary of Homeland Security, Gerard Araud, a French diplomat, Juliette Kayyem, faculty chair of Harvard’s Homeland Security Programme, and Daniel Reisner, the former head of Israel Defence Forces’ International Law Department.

What is Pegasus?

Pegasus is a malware that NSO Group developed, which, when installed on a phone, hoovers all communications (iMessage, WhatsApp, Gmail, Viber, Facebook, Skype) and locations. It can be installed on a target’s phone through a few different means: exploiting vulnerabilities such as the WhatsApp one, sending infected links to targets (spear phishing), social engineering. (Read more about other methods here.) This isn’t a new malware, and has been around since at least 2016.

What Pegasus can do:

  • Intercept communications sent to and from a device, including communications over iMessage, WhatsApp, Skype, Telegram, etc.
  • Remotely turn on phone’s camera and microphone to capture activity in phone’s vicinity
  • Use GPS functions to track a target’s location and movements.

All that Pegasus can do. Source: Pegasus Product Description

“This malware is designed to evade forensic analysis, avoid detection by anti-virus software, and can be deactivated and removed by operators,” according to Citizen Lab.

In 2016, the NSO Group used Pegasus to exploit three unpatched iOS vulnerabilities. As a result, they broke into iPhones with just one click of a link in a text. These vulnerabilities were patches with iOS 9.3.5.

In a July 2019 sales pitch for Pegasus, the NSO Group said that it could “surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft”, the Financial Times had reported.

Whom has Pegasus targeted?

Analyses from University of Toronto-based Citizen Lab and cybersecurity firm Lookout revealed that NSO had supplied spyware products to UAE, Saudi Arabia and Mexico. Over 100 cases of abusive targeting of human rights defenders and journalists have been identified in at least 20 countries across the globe.

Advertisement. Scroll to continue reading.

In India, the more than two dozen targeted users include Nagpur-based Human Rights lawyer Nihalsingh Rathod, Adivasi activists Bela Bhatia and Degree Prasad Chauhan, Shalini Gera of Jagdalpur Legal Aid Group, Anand Teltumbde, a former BBC journalist Shubhranshu Choudhary, amongst others. (Read the more detailed list here.)

Perhaps the best known case would be that of a close confidant of Jamal Khashoggi — Omar Abdulaziz, a Saudi activist and Canadian permanent resident, back in 2018. On whether Khashoggi himself was targeted, NSO’s CEO Hulio had said, “Khashoggi was not targeted by any NSO product or technology, including listening, monitoring, location tracking and intelligence collection.”

Watch this video to know more about the case:

[embeddoc url=”http://staging.medianama.com/wp-content/uploads/NSO-Pegasus.pdf” download=”all”]

***Update (November 1, 2019 11 am): This article was updated with more details about what Pegasus can do, a video explaining the case, and with a digital copy of Pegasus’s product description from the lawsuit.

Advertisement. Scroll to continue reading.

Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ