The new battleground: Cybermercenaries spying for any government

The man responsible for Saudi's merciless crackdown on dissidents was looking for ways to spy on people he saw as a threat to the kingdom. And I knew who to talk to: an Israeli company that offers technology developed by former intelligence officials.

It was the end of the year 2017 and Saudi Al Qahtani – then a close adviser to the crown prince of Saudi Arabia – was pursuing Saudi dissidents from around the world as part of a vast operation of surveillance during which journalist Jamal Khashoggi was later murdered. In messages he exchanged with employees of the NSO Group company, Al Qahtani talked about his big project of using surveillance tools throughout the Middle East and Europe, in countries like Turkey , Qatar, France and England.

The dependence of the Saudi government on an Israeli company, its political opponent for decades, is a sign of a new way of fighting conflicts: numerically unregulated and in a market of cyberspies by commission valued at $ 12 billion dollars.

Nowadays, even the smallest countries can buy digital espionage services, which allows them to conduct sophisticated wiretapping operations or to influence political campaigns, which could only be done before by the state apparatus. United States and Russia. Companies wishing to examine the secrets of their competitors or a high-net worth individual may also perform these intelligence operations if they pay the price, as if they could use Mossad digital tools or the National Security Agency (NSA). ).

The NSO group and one of its competitors, the Emirati company DarkMatter, are examples of the proliferation of privatized espionage. A multi-month survey conducted by the New York Times, from interviews with hackers working on behalf of governments and private companies, as well as document badysis, revealed the secret battles of this digital fight.

The companies have allowed governments not only to carry out cyberattacks against terrorist groups or drug trafficking groups, but in many cases to attack them with activists and journalists. Hackers trained by US spying agencies now working in these companies have captured entrepreneurs and human rights advocates in their network. DarkMatter cybermenists turned a baby monitor into a spy device.

In addition to DarkMatter and NSO, there is Black Cube, a private Israeli intelligence exaggeration company and the Mossad hired by Harvey Weinstein to seek compromising information from women who accused him of harbading and harbading him. badual abuse. There is also Psy-Group, an Israeli society specializing in manipulation via social networks that has worked with Russian businessmen and proposed its robot services to the Donald Trump campaign in 2016.

Some think that a chaotic and dangerous future is approaching because of the rapid expansion of this high-tech battlefield.

"Even the smallest tight budget country can have an offensive capability" and conduct online attacks against its opponents, said Robert Johnston, founder of the cybersecurity firm Adlumin.

Before NSO helped the Saudi government monitor its opponents outside the kingdom, before helping the Mexican government in its attempt to hunt down drug traffickers and before collecting millions of dollars in jobs for dozens of countries on six continents, the company was formed by two friends located in northern Israel.

Shalev Hulio and Omri Lavie founded the company in 2008 with technology developed by graduates of the 8200 unit of the Israeli Intelligence Corps, the NSA's equivalent for that country. This technology has enabled mobile carriers to remotely access their customers' devices for maintenance purposes.

Western intelligence services were informed of the program's capabilities and saw an opportunity there. At that time, US and European officials had warned Apple, Facebook, Google and other technology giants to develop technologies with which criminals and terrorists could communicate over encrypted channels that public agencies do not could not decipher.

Hulio and Lavie offered them a way to solve this problem by hacking the terminal of these encrypted communications, the device itself, even after data encryption.

For 2011, NSO had its first prototype, a cellular surveillance tool that the company called Pegasus. The program could do something that seemed impossible: collect huge amounts of previously inaccessible data from cell phones, remotely and without a trace. Calls, SMS, emails, contacts, locations and any information transmitted by apps such as Facebook, WhatsApp and Skype.

"As soon as these companies interfere with your phone, they take charge of it, you only wear it," said Avi Rosen of Kaymera Technologies, an Israeli cyber defense company.

The NSO group soon has its first major client of Pegasus: the Mexican government, in the midst of the war against drug trafficking. In 2013, NSO had installed Pegasus in three Mexican agencies, according to e-mails obtained by the Times. In the emails, it is estimated that the Israeli company sold Mexico $ 15 million worth of hardware and software, while Mexico paid $ 77 million to the company to track all the movements and clicks of the whites.

NSO's products have played an important role in the fight against drug trafficking in Mexico, according to four people who are very familiar with how the government of this country has used Pegasus (all requested to maintain their anonymity). Mexican officials said Pegasus helped find and capture Joaquín "el Chapo" Guzmán Loera, the drug trafficker who was sentenced in February to life imprisonment after a trial in New York.

Shortly after, NSO sold its products to governments on all continents except Antarctica. The tools, including Pegasus, have contributed to the dismantling of terrorist cells and the investigation of child abduction and organized crime, according to interviews with European intelligence officials and members of the police force.

But the first client of the NSO group, the Mexican government, has also used hacking tools for more macabre purposes. The government has used NSO products to monitor at least twenty journalists, government critics, international experts investigating the disappearance of 43 students and even promoters of a tax on sugary drinks, according to the press. Time.

Affected people have been the target of a series of threatening text messages containing the malware. Some said that the recipient's partner had an affair; others that a parent had just pbaded away. In one case, officials could not infiltrate a reporter's phone, so they sent the malevolent link to their 16-year-old son.

NSO claims to only sell its products as part of criminal and counterterrorism investigations, but none of the white Mexicans were suspected of being involved in a criminal or terrorist investigation.

"NSO's technology has put an end to terrorist attacks and deadly attacks around the world," the company said in a statement. "We do not tolerate misuse of our products and regularly review and inspect contracts to ensure that they are not used for purposes other than terrorism or crime prevention or investigation. . "

The company has already set up an Ethics Committee that determines whether it can sell its programs to countries based on their human rights backgrounds, based on counters such as the. Human Capital Index of the World Bank. NSO has not sold its products to Turkey, for example, because of its track record in human rights, according to its current and former employees.

However, Turkey is better positioned on this World Bank index than Mexico or Saudi Arabia. Both are NSO customers. A spokesman for the Israeli Defense Ministry, which must authorize NSO contracts with any foreign government, declined to comment.

According to a complaint lodged last year, Jamal Khashoggi, a Washington Post editorial writer strangled and dismembered at the Saudi Arabian consulate in Istanbul, had been spied a few months before his death by Saudi Arabia with products. of the NSO.

Even in the face of obvious abuses, the NSO has continued to renew contracts with some governments. In 2013, for example, the OSN signed its first agreement with the United Arab Emirates and less than a year later, it was discovered that the UAE government had installed malware on the mobile phone of the United Arab Emirates. famous human rights defender Ahmed Mansoor.

Mansoor has received a wave of suspicious text messages. He brought his device to security researchers who noticed that the links included in the messages were digital baits, which made it possible to take advantage of the security flaws of the Apple software to pick up the phone. The researchers said it was the most sophisticated spyware they saw on a mobile device.

Apple has released an emergency fix for its software. But at that time, Mansoor had already been fired from his job, his pbadport had been confiscated, his car stolen, his email hacked, $ 140,000 withdrawn from his bank account, his whereabouts monitored, and he had been beaten into one. week. time

Mansoor is currently in solitary confinement and sentenced to ten years in prison, accused of attacking the Emirati national unity.

The proliferation of companies that are trying to replicate NSO's success and compete according to what Moody's believes to be a $ 12 billion market for spyware for lawful interception has sparked fierce competition from veterans of the most sophisticated intelligence agencies in the United States. United, Israel and Russia. Companies even steal recruits from one another.

DarkMatter, the Emirati company, is from another company, the American CyberPoint, which for years has signed contracts with the UAE to enhance its security against cyber attacks. Many CyberPoint employees had worked on clbadified projects from the NSA and other US intelligence agencies.

But the Emiratis had greater ambitions than those in the deal and lobbied CyberPoint workers to go beyond the limits of the license, such as decrypting encryption codes and hacking web-based websites. servers in the United States. CyberPoint therefore refused what would have violated US laws.

Thus, in 2015, the Emiratis founded DarkMatter, a company that should not abide by US law, and attracted half a dozen US employees from CyberPoint. Marc Baier, a former officer of an NSA unit that conducts advanced cyber-offensive operations, has become one of the key leaders of DarkMatter, who has also hired several other NSA and CIA officers, according to a pay file obtained by Le temps.

DarkMatter is basically a parapublic arm; He has worked directly with Emirati intelligence agents on computer hacking missions in ministries in Turkey, Qatar, and Iran, and spying on dissidents within the UAE. In addition, DarkMatter broke into the accounts of Google, Yahoo and Hotmail, according to former employees interviewed.

Neither the company nor a spokesman for the UAE government responded to requests for comment. A lawyer from Baier also declined to comment.

The FBI is investigating whether former and current US employees of DarkMatter have committed cybercrime, according to four people who are very familiar with the investigation. The FBI investigation has intensified after a former NSA employee working for this UAE company has alerted US authorities.

The case of the Department of Justice is centered on problems of cyber fraud and the possible illegal transfer of a technology of American espionage to a foreign country. However, prosecutors face serious obstacles, ranging from possible diplomatic consequences in relations between Washington and the United Arab Emirates to concerns about what might be revealed by the case of cooperation between DarkMatter and US intelligence agencies.

In addition, US laws are unclear, outdated, or poorly formulated for technological advancement. They were primarily designed to prevent the sale of 20th century weapons, such as missiles or fighter jets. They do not consider the capabilities of cyberattacks that can be adjusted from a computer or the most advanced intelligence agencies on the planet, then sold to the highest bidder.

"The worst thing is that these weapons are becoming easier to obtain," said Brian Bartholomew, security researcher for security at Kaspersky Lab, the digital security company. "Many newcomers to this arena do not follow the same rules, it's like giving a military caliber weapon to anyone."

Scott Shane collaborated with the report.

* Copyright: 2019 The New York Times News Service