Israeli government officials this week visited the offices of NSO as part of an investigation into the developer's Pegasus spyware, which was reportedly deployed against journalists, politicians, activists and other prominent public figures.
Officials are scrutinizing NSO's business practices on the back of allegations that governments and other entities leveraged Pegasus to target dissidents and journalists, Israel's Ministry of Defense said in a statement on Wednesday, as reported by MIT Technology Review.
Israel declined to name the agencies conducting the NSO inquiry, but local media outlets have in the past claimed a number of groups are investigating the matter including the foreign ministry, justice ministry, Mossad and military intelligence, the report said.
NSO Group CEO Shalev Hulio confirmed the Israeli investigation in a statement to the publication.
"That's true," Hulio said. "I believe it's very good that they are checking, since we know the truth and we know that the list never existed and is not related to NSO."
Asked whether the investigation will continue following today's visit, he said, "We want them to check everything and make sure that the allegations are wrong."
The executive is referencing a recently published cooperative report from 17 media organizations that focused on the hacking of 37 smartphones belonging to human rights activists, journalists and business leaders using NSO's Pegasus tool. That report also mentioned a leaked list of more than 50,000 phone numbers — more than 180 of which are linked to journalists at major publications — that are thought to be people of interest for supposed NSO clients.
While NSO has denied the allegations, Hulio in an interview last week said his company should not be held responsible for abuse of its tools by governments clients.
"We are selling our products to governments. We have no way to monitor what those governments do," Hulio said at the time.
In a seemingly contradictory statement, the executive revealed that NSO is capable of detecting and shutting down abuse of products like Pegasus. The firm has used these safeguards in the past and "will continue to do so," he said. It was recently learned that NSO dropped five customers for misusing its tools.
A closer look at the revelations contained in the July report show Pegasus exploited vulnerabilities in Apple's first-party software to gain access to target iPhones. One particularly devious zero-click attack was deployed against Messages, while another took advantage of a flaw in Apple Music.
Groups like Amnesty International and companies like Apple have condemned the use of spyware to infiltrate devices not subject to criminal or legitimate government investigation, but Hulio apparently holds a different view.
"The people that are not criminals, not the Bin Ladens of the world— there's nothing to be afraid of. They can absolutely trust on the security and privacy of their Google and Apple devices," he said last week.
Separately, a report from AFP, via The Economic Times, claims the private equity firm that owns NSO Group will be dissolved after a dispute between its cofounders. The liquidation of Novalpina Capital, which purchased NSO in 2019, leaves the fate of the spyware company up in the air.