If you were compiling a list of the most toxic tech companies, Facebook – strangely – would not come out on top. First place belongs to NSO, an outfit of which most people have probably never heard. Wikipedia tells us that “NSO Group is an Israeli technology firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones”.
Pause for a moment on that phrase: “remote zero-click surveillance of smartphones”. Most smartphone users assume that the ability of a hacker to penetrate their device relies upon the user doing something careless or naive – clicking on a weblink, or opening an attachment. And in most cases they would be right in that assumption. But Pegasus can get in without the user doing anything untoward. And once in, it turns everything on the device into an open book for whoever deployed the malware.
That makes it remarkable enough. But the other noteworthy thing about it is that it can infect Apple iPhones. This is significant because, traditionally, iPhones have been relatively secure devices and they are overwhelmingly the smartphone of choice for politicians, investigative journalists, human rights campaigners and dissidents in authoritarian countries.
Pegasus is so powerful it is classed as a munition and, as such, requires the permission of the Israeli government before it can be sold to foreign customers. And those customers, apparently, have to be governments. It’s not available as a consumer product. (The company insists it is only intended for use against criminals and terrorists.)
In a farcical turn, French government officials were allegedly in the final stages of contract negotiations to purchase Pegasus
And it doesn’t come cheap. We don’t know what the current price is, but in 2016 NSO was apparently charging government agencies $650,000 for the capacity to spy on 10 iPhone users, along with a $500,000 setup fee. Government agencies in the United Arab Emirates and Mexico are believed to have been among NSO’s early customers, but my guess is that by now there isn’t an authoritarian or despotic state anywhere in the world that’s not on the company’s books, despite NSO’s claim that it vets its customers’ human rights record before selling to them. And those governments – it can be assumed – make predictably heinous uses of it. Evidence suggests Pegasus has been used in targeted attacks against human rights …….