Saudi Arabi’s Israeli Hacking Tools

The Israeli company NSO Group Technologies offered Saudi Arabia a surveillance system a few months before Crown Prince Mohammed bin Salman began his purge of regime opponents, which was allegedly used to track murdered journalist Jamal Khashoggi.

Background

Israel and Saudi Arabia do not have any official diplomatic relations. However, reports indicate extensive behind-the-scenes diplomatic and intelligence cooperation between the countries, in pursuit of mutual goals against their mutual regional enemy, Iran. Prime Minister Benjamin Netanyahu has recently expressed pride in the tightening ties with Gulf states, with Israel’s strength its technology.

NSO Group Technologies is an Israeli firm that works in the world of cyber intelligence. It was founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio. According to the company, it provides "authorized governments with technology that helps them combat terror and crime”. Electronic Frontier Foundation and Citizen Lab, a digital rights group and a human rights group respectively, claimed, and proved with the help of Lookout Security, that software created by NSO Group was used in targeted attacks against human rights activists and journalists in several countries.

On August 25, 2016, Citizen Lab and Lookout revealed that a spy software known as Pegasus, created by the company, was being used to target human rights activist Ahmed Mansoor in the United Arab Emirates, who informed Citizen Lab researchers that his iPhone 6 had been targeted on August 10, 2016, by means of a clickable link in an SMS text message. Analysts discovered that the link downloaded software that exploited three previously unknown and unpatched zero-day vulnerabilities in the iPhone's operating system. The software can silently jailbreak an iPhone when the phone owner, through spear phishing, is sent and opens a specific URL. After a user opens this link, the software installs on the phone, collecting all communications and locations of the targeted iPhones including iMessage, Gmail, Viber, Facebook, WhatsApp, Telegram and Skype communications.

Analysis

NSO Group Technologies, an Israeli technology firm specialising in cyber intelligence, offered Saudi Arabia a highly advanced system that hacks into mobile phones months before Crown Prince Mohammed bin Salman began a crackdown on dissidents. Representatives from NSO Group Technologies held negotiations with Saudi officials in Austria capital Vienna in June 2017.

The officials were identified as Abdullah al-Malihi, a close aide to Prince Turki al-Faisal - a senior member of the royal family and a former Saudi intelligence chief - and Nasser al-Qahtani, who presented himself as the deputy of the current intelligence chief. At the time, NSO was avidly promoting its Pegasus 3 software, an "espionage tool so sophisticated that it does not depend on the victim clicking on a link before the phone is breached.”

In October, Edward Snowden, who uncovered the classified surveillance programme of the United States' National Security Agency, claimed that Pegasus had been used by the Saudi authorities for the surveillance of journalist Jamal Khashoggi. After initial denials, the Kingdom has admitted Khashoggi was killed inside its consulate in the Turkish city of Istanbul on 2 October. The Washington Post journalist was critical of Prince Mohammed and was a Saudi Arabian citizen living in self-imposed exile.

"They are the worst of the worst," Snowden said of NSO, whom he accused of aiding and abetting human rights violations.

It was also reported that the system was used to conduct surveillance on Saudi dissidents living abroad in recent months. Last year, Saudi security forces arrested hundreds of the richest people in the country, allegedly in an effort to tackle corruption among the higher echelons of the kingdom's bureaucrats. Analysts have suggested that the crown prince used the purge to remove people who posed a political threat to him.

Counterpoint

NSO was quoted as saying it acted according to the law and "its products are used in the fight against crime and terror". In 2012, NSO sold an earlier version of Pegasus to Mexico to help it combat the drug cartel in that country.

According to the company, all its contracts include a clause specifically permitting the use of its software only to “investigate and prevent crime or acts of terror.” The New York Times reported in 2016 that the Mexican authorities also kept tabs on journalists and lawyers.

Assessment

Our assessment is that Israel’s willingness to sell security-related technologies to countries such as Saudi Arabia, is part of the attempt from both countries, to forge closer ties with potential allies in the strategic battle against Iran.