Israeli spyware company NSO Group has temporarily blocked several government clients around the world from using its technology as the company investigates their possible misuse, a company employee told NPR on Thursday.
The suspensions are in response to an investigation by the Pegasus Project, a consortium of media outlets that reported the company’s Pegasus spyware was linked to hacks and potential surveillance of telephones of people including journalists, human rights activists and heads of state.
The company has been under scrutiny in the wake of the reports. The Israeli government has also faced pressure since it regulates the sale of spyware technology to other countries. Now the company says it has suspended some clients’ access to its technology.
“There is an investigation into some clients. Some of those clients have been temporarily suspended,” said the source in the company, who spoke to NPR on condition of anonymity because company policy states that NSO “will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.”
Israeli officials visited NSO’s office in Herzliya, near Tel Aviv, Wednesday, “in order to assess the allegations raised in regards to the company,” the defense ministry said in a statement. The NSO employee said the company was cooperating fully with the probe and sought to prove to Israeli officials that the people named in the media reports were not Pegasus targets.
The company employee would not name or quantify the government agencies — or their countries — that NSO has recently suspended from using its spyware, asserting that Israeli defense regulations prohibit the company from identifying its clients.
NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries. It says in recent years, before the media reports, it blocked its software from five governmental agencies, including two in the past year, after finding evidence of misuse. The Washington Post reported the clients suspended include Saudi Arabia, Dubai in the United Arab Emirates and some public agencies in Mexico.
The company says it only sells its spyware to countries for the purpose of fighting terrorism and crime, but the recent reports claim NSO dealt with countries known to engage in surveillance of their citizens and that dozens of smartphones were found to be infected with its spyware.
NSO’s ongoing internal investigation checked some of the telephone numbers of people that NSO’s clients reportedly marked as potential targets. “Almost everything we checked, we found no connection to Pegasus,” the employee said, declining to elaborate on potential misuse NSO may have uncovered.
The media consortium reported French President Emmanuel Macron’s phone was listed as a potential target for surveillance by Morocco and the fiancée of slain Saudi journalist Jamal Khashoggi was penetrated with NSO’s Pegasus spyware. The NSO employee said the company’s investigation found neither was infiltrated with Pegasus.
Nearly three weeks before Pegasus Project stories were published, NSO released its first report outlining its policies on combating misuse of its technology and protecting human rights. It cites a new procedure adopted last year to investigate allegations of potential software misuse.
Shmuel Sunray, who serves as general counsel to NSO Group, said the intense scrutiny facing the company was unfair considering its own vetting efforts.
“What we are doing is, what I think today is, the best standard that can be done,” Sunray told NPR. “We’re on the one hand, I think, the world leaders in our human rights compliance, and the other hand we’re the poster child of human rights abuse.”