US defense firm L3Harris in talks with NSO Group over spyware

Placeholder while loading article actions

The Biden administration warns that a potential deal between a major US defense company and NSO Group, a blacklisted Israeli spyware company, to buy the Israeli company’s hacking tools would raise ‘serious’ counter-terrorism issues – espionage and security for the US government.

“We are deeply concerned,” said a senior White House official, speaking on condition of anonymity due to the sensitivity of the matter.

Defense contractor L3Harris is in talks with NSO Group to buy phone-hacking spyware in a deal that would give the US company control of one of the world’s most sophisticated hacking tools and the most controversial in the world, according to people familiar with the talks. This story was reported jointly by The Washington Post, The Guardian and Haaretz.

The unusual transaction appears to be an attempt to salvage some of the utility of a company facing serious financial difficulties, by selling its most valuable product – its hack code and developer access to the software – to a company which would limit its use to the United States and trusted Western allies.

But the talks, first reported by digital publication Intelligence Online, face significant hurdles, including concerns from the Biden administration. “The U.S. government opposes efforts by foreign companies to circumvent U.S. export control measures or sanctions,” the White House official said in a statement.

In November, the Commerce Department placed NSO Group on its export blacklist – known as the Entity List – after determining that its spyware had been used by foreign governments to “maliciously target” government officials, activists, journalists, academics and embassy staff around the world. . Placing the company on the entity list limited its ability to use American technology and hurt its business. Its executives lobbied US officials to remove the company from the blacklist.

“Any U.S. company, especially an authorized U.S. defense contractor, should be aware that a transaction with a foreign entity on the Entity List will not automatically remove a designated entity from the Entity List,” the official said. White House.

Such an agreement “would also spur further scrutiny to determine whether the transaction poses a counterintelligence threat to the U.S. government and its systems and information, whether further U.S. actions with the defense contractor may be at risk, in the extent to which a foreign entity or government retains some degree of access or control, and the broader human rights implications,” the official said.

The counterintelligence concerns stem from what US officials say is the NSO Group’s close relationship with the Israeli government. The Israeli Ministry of Defense must sign all contracts for the company. Israel, despite being a close partner of the United States, is not part of the trusted circle of Western intelligence allies, which includes Britain, Australia, Canada and New Zealand. One of the unresolved questions in the deal is whether the Israeli government would be able to use NSO’s surveillance technology.

A host of other questions also remain open, such as the sale price, the structure of the transaction and where the technology will be housed, said people familiar with the ongoing discussions.

L3Harris declined to comment on whether there were discussions with NSO Group.

“We are aware of the capacity and we constantly assess the national security needs of our customers,” said a spokesperson for L3Harris. “At this point, anything beyond that is just speculation.”

Israel’s Defense Ministry did not respond to a request for comment. NSO Group declined to comment.

Some information security experts agreed that a sale to L3 would pose counter-intelligence issues.

Even with American ownership, “it is doubtful that the most elite intelligence agencies like the CIA, NSA and [Britain’s] GCHQ would trust this technology for its most sensitive operations,” said John Scott-Railton, senior fellow at Citizen Lab, affiliated with the University of Toronto’s Munk School of Global Affairs and Public Policy, who criticized the deployment by NSO of Pégase. “So where would the big market be?” I fear that the logical consumers are the American police departments. It would be an unprecedented threat to our civil liberties.

NSO Group is one of the world’s leading surveillance companies, known for its Pegasus spyware, which is able to penetrate almost all mobile devices, including the latest iPhones, and collect images, audio clips, recordings of location, emails and chats on encrypted apps.

Takeaways from Project Pegasus

NSO licenses Pegasus to government customers, including intelligence, law enforcement and military agencies, and the company says the spyware is only intended for use against terrorists and other serious criminals.

But Project Pegasus, an investigative consortium involving the Washington Post and 16 other news outlets, detailed the abuses in a series of articles last year, including the targeting of dissidents, politicians, journalists, human rights defenders and businessmen. Official investigations in many countries have revealed other abuses.

The Biden administration seeks to counter the proliferation of hacking tools such as Pegasus. The National Security Council is drafting a ban on the U.S. government’s purchase or use of foreign commercial spyware that poses counterintelligence and security risks or that has been misused for stranger, the official said.

Last fall, Apple sued the company and notified users it believed might have been targeted by Pegasus. Meta, WhatsApp’s parent company, previously sued NSO Group for using its systems to deliver Pegasus to the devices of surveillance targets.

The Guardian’s Stephanie Kirchgaessner and Haaretz’s Gur Megiddo and Omer Benjakob contributed to this report.

Comments are closed.