A U.S. defense contractor’s ambition to acquire a piece of notorious Israeli-made spyware appears to have been quashed, for now. The New York Times reports that a deal between the American L3 Harris corporation and the Israeli NSO Group, which was leaked last month, has fallen through. The revelations reportedly attracted the ire of White House officials, who pledged that any deal would be met with stiff resistance. Just days later L3 Harris, which once sold its “Stingray”cell phone surveillance technology to both federal and local law enforcement departments, notified the Biden administration that it was backing out of negotiations.
Word that L3 Harris was in talks with NSO worried human rights and privacy advocates. For years, L3 Harris sold cell site simulator technology to federal law enforcement agencies, and then to local police departments. These devices trick phones by mimicking cell towers. Cell site simulators grant police a wide range of capabilities, but are mostly used to track the location of a target phone. The devices are also capable of gathering phone numbers and other identifying information about a phone including its International Mobile Subscriber Number (IMSI). Some cell site simulators can also intercept calls and text messages, send fake short messages and disrupt phone service.
Over the last few years, Harris began moving away from selling its devices to local police departments. When cell phone technology moved to 4G and 5G networks, unless Harris provided the right software update, Stingrays sold to local departments were rendered obsolete. While local departments including MPD began buying new technology from other companies, L3 Harris set its sights on an even more powerful technology. The NSO Group was made famous by one of these technologies, its infamous Pegasus spyware product.
Unlike Stingray, which intercepts and reroutes phone signals, Pegasus is malware, or a kind of virus, that literally gets into the target phone. After that, the phone no longer belongs to the person being targeted. Rather, it belongs to the Pegasus operator who is now able to listen in on every call; read every text, track location, hack into social media or email accounts connected to the device, turn on the camera, turn on the microphone to listen in on a room conversation and spread itself to others within the targeted person’s social circle all in real time.
Research by the Toronto-based Citizen Lab initially found Pegasus worked by sending text messages with a link for the targeted individual to click on, thus infecting the phone. Later, the spyware was found to use an extremely rare zero-click, zero-day exploit. That means that the target doesn’t need to click on anything and that the spyware was exploiting an unknown vulnerability, so there were “zero days” of protection.
Pegasus has been linked to murders, legally and ethically questionable surveillance and other abuses around the world. The spyware has been linked to the murder of Washington Post journalist Jamal Khashoggi and to the murders of Mexican journalists. Journalists, lawyers, and activists around the world have also been found to have been deliberately infected by the spyware. The NSO Group has denied the allegations. The company has been sued by Apple over the spyware’s weakening of iPhone security. In September 2021, Apple was forced to release an emergency security update to every IOS device in the world because of Pegasus. Then in November the U.S. government blacklisted NSO, followed by the FBI admitting in February that it had tested the spyware.
While it was blacklisted, L3 Harris engaged in talks to acquire the troubled company. The move raised immediate concerns that the spyware, or something similar, could be funneled to federal and local law enforcement through Harris. According to the New York Times, a deal between Harris and NSO, while not known to the White House, was supported by U.S. intelligence officials.
NSO’s deal with L3 Harris wasn’t the first time the company attempted to sell a spyware product in America. Previously, the company had solicited American law enforcement with brochures for a spyware product called “Phantom” under the name Westbridge Technologies
John Scott-Railton, senior researcher at the Citizen Lab, tweeted about NSO’s troubles “#NSOGroup certainly knew a failed deal story was inbound. Of course, looks bad to their investors. To the rest of the world…like a bit of a death spiral. Perhaps this explains some of their recent puzzling moves?” Since the NSO Group has become besieged by controversy the company created an official website, which hadn’t existed before the Citizen Lab began publishing its research. Even prior to the Citizen Labs reporting, NSO was known to regularly change its name. Servers and cyber infrastructure used by NSO’s spyware were shut down by Amazon Web Services last year, and investigations into its activities remain ongoing.
GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX