Surveillance company offered ‘bags of money’ to access US cellular networks, whistleblower claims

Surveillance firm NSO Group offered to give representatives of a US mobile security company ‘bags of money’ in exchange for access to global cellular networks, according to a whistleblower who described the encounter in confidential disclosures to the Department of Justice that were reviewed. by the Washington Post.

Mobile phone security expert Gary Miller claims the offer was presented during an August 2017 conference call between NSO Group officials and representatives of his then-employer, Mobileum, a company based in California which provides security services to mobile phone companies around the world. NSO officials were specifically looking to gain access to what’s called the SS7 network, which helps mobile phone companies route calls and services as their users roam the world, according to Miller.

Surveillance companies try to access cellular communication networks to geolocate targets and provide other spying services. Mobile phone companies seek to prevent such intrusions by limiting access to the SS7 network and using firewalls to block computer requests that seek personal information about their customers.

Miller’s allegations become public at a time when the Justice Department is conducting a criminal investigation into NSO over allegations that its clients illegally hacked into phones and misused computer networks with company technology. , according to four people familiar with the investigation who described elements of it. on condition of anonymity to discuss matters not authorized for public disclosure. These people did not know what role, if any, Miller’s allegation plays in this investigation or whether charges will ultimately be brought against NSO, which is based in Israel.

In a statement, NSO said it had “never done business with” Mobileum, and that it “does not do business using cash as a form of payment” and is “not aware of any no DOJ investigation.”

In Miller’s disclosures to the Justice Department and in an interview with The Post and other members of a global journalism consortium that investigated the use of NSO software, he said NSO officials had clearly indicated in the call that they wanted access to SS7 so that NOS customers could monitor cellphone users to investigate crimes.

Miller is a former vice president of Mobileum who left the company in 2020 and now works as a mobile security researcher for Citizen Lab, a top critic of NSO and its surveillance operations.

“NSO Group was specifically interested in mobile networks,” Miller said. “They explicitly stated that their product was designed for surveillance and it was designed to monitor not the good guys but the bad guys.”

In Miller’s account to the Justice Department, when one of Mobileum’s representatives pointed out that security companies generally don’t offer services to surveillance companies and asked how such an arrangement would work, the co-founder of NSO, Omri Lavie, reportedly said: “We drop bags of money at your desk.

In a statement through a spokesperson, Lavie said he does not believe he made the remark. “No business has been undertaken with Mobileum,” the statement said. “Mr Lavie has no recollection of ever using the phrase ‘bags of money’ and believes he did not. However, if those words were used, they will have been entirely joking.

Mobileum chief executive Bobby Srinivasan released a statement saying, “Mobileum does not have – and never has had – any business relationship with NSO Group.”

Miller said in an interview that he first provided an account of the conversation to an FBI online advice portal in 2017, several months after the call with NSO Group, but received no response. He said he made more detailed disclosures to the Justice Department last year and provided copies to the Federal Communications Commission and the Securities and Exchange Commission.

Separately, Miller last year shared his account with U.S. Representative Ted Lieu, D-California, who has a long-standing interest in cell security, and on Dec. 27 sent a criminal reference to the Justice Department. He shared redacted copies of Miller’s revelations with the Paris-based journalism nonprofit Forbidden Stories, which shared them with The Post and other members of Project Pegasus, a global journalism consortium investigating NSO. .

“Having such access,” Lieu said in his referral to the Justice Department, “would allow the ONS to spy on large numbers of cell phones in the United States and in foreign countries.”

In an interview, Lieu said the proposed method of payment – the so-called “bags of money” – convinced him that foul play might have been contemplated, even though the account Miller shared had no direct evidence of it. ‘illegality.

“I’m a former prosecutor, and you would do cash transactions because you want to hide it,” Lieu said. “When you have telecommunications companies and software companies, they normally don’t do cash transactions.”

He added: “It looks really dodgy, and it doesn’t smell right, and that’s why I want the Department of Justice to investigate.”

Legal experts said they are not aware of any law that would make it illegal to even access SS7 in the US or pay for a service in cash. But some types of surveillance are illegal in the United States unless explicitly authorized by legal process, such as a court order, as happens when police obtain permission to wiretap. telephone. Unauthorized hacking also violates US law, experts said.

Orrin Kerr, a University of California, Berkeley law professor who specializes in computer crime, said Miller’s account of the conversation doesn’t necessarily describe a crime but suggests the possibility of criminal intent.

“It’s very suspicious and may be part of an attempted crime,” Kerr said. “But it’s hard to say without more details.”

Privacy experts have long complained that the SS7 network is rife with security holes that are easily exploited for surveillance by nations with advanced capabilities and by private providers that offer similar capabilities to customers around the world. Businesses with access to SS7 can submit queries to find the location and other information of anyone with a cell phone. They can also use SS7 to divert calls and eavesdrop on calls.

NSO is best known for its Pegasus spyware, which it leases to intelligence and law enforcement agencies in dozens of countries. Pegasus can turn a targeted smartphone into a powerful surveillance tool, allowing operators to track user locations, listen in on calls, grab photos, and monitor social media activity.

The company has long asserted that Pegasus is intended to investigate terrorists, pedophiles and other serious criminals and that targeting and other system deployment decisions are made by customers, not NSO. He pledged to investigate abuse.

Some of the company’s customers, however, have used the technology to target the phones of politicians, journalists, human rights advocates, academics and others, as The Post and other members of the Pegasus Project.

In addition to Lavie, the people Miller identified as representing NSO on the 2017 call were Shalev Hulio, a second co-founder who is also the company’s chief executive, and Eran Gorev, who at the time was an operating partner of Francisco Partners, an investment firm that held a majority stake in the NSO Group.

Hulio did not personally respond to a list of questions from The Post, but Gorev said in an email response to questions from The Post that he had no recollection of the call and was not currently involved. in the business. “If such a meeting did take place, I would absolutely never make a comment like this. If anyone else had made this comment, it clearly would have been made in jest and colloquium/cultural misunderstanding.

The US Department of Justice declined to comment on the criminal dismissal of NSO Group or Lieu.

People familiar with the Department of Justice investigation said the investigation relates to allegations of unauthorized intrusions into networks and mobile devices in the United States by NSO customers using NSO technology, such as spyware Pegasus. Reuters in 2020 reported that NSO Group was under investigation by the Department of Justice.

The FBI has interviewed several people about NSO in recent months, including Mexican journalist Carmen Aristegui, whose phone independent investigators believe was hacked by Pegasus, according to people familiar with the investigation who spoke on condition of anonymity. to discuss sensitive topics. .

Additionally, a phone used by Aristegui’s son with a Mexican phone number received malicious NSO links in 2016 while he was attending school in the United States, although it is unclear whether the attempt to infect his phone was successful or if a successful hack occurred. while he was in the United States, say Citizen Lab investigators. NSO said phones with US phone numbers or geographically located in the US cannot be infected with Pegasus.

The FBI also interviewed a US citizen in detail last year about a Pegasus hack, said the person, who spoke on condition of anonymity to discuss an ongoing investigation. The alleged hack happened while this person was traveling abroad and using a phone with a foreign phone number.

The U.S. Commerce Department blacklisted NSO Group in November, limiting its access to U.S. technologies, and the activities of the company and its customers have been investigated by officials in many other countries, including by Israel’s own attorney general, in response to reports of abuse in recent years.

Miller’s attorney, John Tye of Whistleblower Aid, said NSO’s customer abuse makes the company’s efforts to gain access to SS7 particularly concerning, given that the network includes information about every cellular customer globally. .

“We now know that the NSO Group tried to buy access to our mobile communications,” Tye said. “This should terrify all Americans. We urge the Department of Justice to investigate whether any laws have been broken. »

– – –

Ellen Nakashima and Elizabeth Dwoskin of the Washington Post, and Stephanie Kirchgaessner of the Guardian to this report.

Previous 'Made in Pakistan' handbag line hits fashion weeks in Milan, Paris and beyond - Reuters
Next 2022 Tennis Bags and Backpacks Market Outlook and Analysis by 2029