Sign up to save your podcasts
Or
Share A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
A New Age of Warfare: How Internet Mercenaries Do Battle for Authoritarian Governments
The New York Times
The man in charge of Saudi Arabia’s ruthless campaign to stifle dissent went searching for ways to spy on people he saw as threats to the kingdom. He knew where to go: a secretive Israeli company offering technology developed by former intelligence operatives.
It was late 2017 and Saud al-Qahtani — then a top adviser to Saudi Arabia’s powerful crown prince — was tracking Saudi dissidents around the world, part of his extensive surveillance efforts that ultimately led to the killing of the journalist Jamal Khashoggi. In messages exchanged with employees from the company, NSO Group, Mr. al-Qahtani spoke of grand plans to use its surveillance tools throughout the Middle East and Europe, like Turkey and Qatar or France and Britain.
The Saudi government’s reliance on a firm from Israel, an adversary for decades, offers a glimpse of a new age of digital warfare governed by few rules and of a growing economy, now valued at $12 billion, of spies for hire.
Today even the smallest countries can buy digital espionage services, enabling them to conduct sophisticated operations like electronic eavesdropping or influence campaigns that were once the preserve of major powers like the United States and Russia. Corporations that want to scrutinize competitors’ secrets, or a wealthy individual with a beef against a rival, can also command intelligence operations for a price, akin to purchasing off-the-shelf elements of the National Security Agency or the Mossad.
NSO and a competitor, the Emirati firm DarkMatter, exemplify the proliferation of privatized spying. A monthslong examination by The New York Times, based on interviews with current and former hackers for governments and private companies and others as well as a review of documents, uncovered secret skirmishes in this burgeoning world of digital combat.
The firms have enabled governments not only to hack criminal elements like terrorist groups and drug cartels but also in some cases to act on darker impulses, targeting activists and journalists. Hackers trained by United States spy agencies caught American businesspeople and human rights workers in their net. Cybermercenaries working for DarkMatter turned a prosaic household item, a baby monitor, into a spy device.
The F.B.I. is investigating current and former American employees of DarkMatter for possible cybercrimes, according to four people familiar with the investigation. The inquiry intensified after a former N.S.A. hacker working for the company grew concerned about its activities and contacted the F.B.I., Reuters reported.
NSO and DarkMatter also compete fiercely with each other, paying handsomely to lure top hacking talent from Israel, the United States and other countries, and sometimes pilfering recruits from each other, The Times found.
The Middle East is the epicenter of this new era of privatized spying. Besides DarkMatter and NSO, there is Black Cube, a private company run by former Mossad and Israeli military intelligence operatives that gained notoriety after Harvey Weinstein, the disgraced Hollywood mogul, hired it to dig up dirt on his accusers. Psy-Group, an Israeli company specializing in social media manipulation, worked for Russian oligarchs and in 2016 pitched the Trump campaign on a plan to build an online army of bots and avatars to swing Republican delegate votes.
Last year, a wealthy American businessman, Elliott Broidy, sued the government of Qatar and a New York firm run by a former C.I.A. officer, Global Risk Advisors, for what he said was a sophisticated breach of his company that led to thousands of his emails spilling into public. Mr. Broidy said that the operation was motivated by hard-nosed geopolitics: At the beginning of the Trump administration, he had pushed the White House to adopt anti-Qatar policies at the same time his firm was poised to receive hundreds of millions of dollars in contracts from the United Arab Emirates, the archrival to Qatar.
A judge dismissed Mr. Broidy’s lawsuit, but suspicions have grown that Qatar had a hand in other operations, including the hacking and leaking of the emails of Yousef al-Otaiba, the influential Emirati ambassador in Washington.
The rapid expansion of this global high-tech battleground, where armies of cybermercenaries clash, has prompted warnings of a dangerous and chaotic future.
“Even the smallest country, on a very low budget, can have an offensive capability,” or initiate online attacks against adversaries, said Robert Johnston, founder of the cybersecurity firm Adlumin and a key investigator on Russia’s 2016 hacking of the Democratic National Committee. “Qatar and U.A.E. are going after each other, and that war is getting very, very bloody.
“The barriers to entry in this space are getting lower and lower.”
Before NSO helped the Saudi government track its adversaries outside the kingdom, and helped the Mexican government hunt drug kingpins, and earned hundreds of millions of dollars working for dozens of countries on six continents, the company consisted of two high school friends in northern Israel with one relatively mundane idea.
Using technology developed by graduates of Intelligence Unit 8200 — Israel’s equivalent of the N.S.A.— Shalev Hulio and Omri Lavie started a company in 2008 that allowed cellphone firms to gain remote access to their customers’ devices to perform maintenance.
Word spread to Western spy services, whose operatives spotted an opportunity. At the time, American and European officials were warning that Apple, Facebook, Google and other tech giants were developing technologies that allowed criminals and terrorists to communicate through encrypted channels indecipherable to intelligence and law enforcement agencies. They called the phenomenon “going dark.”
Mr. Hulio and Mr. Lavie offered a way to circumvent this problem by hacking the end points of the communications — the phones themselves — after the data were decrypted.
By 2011, NSO had developed its first prototype, a mobile surveillance tool the company called Pegasus. Like its namesake, the Greek mythological winged horse, NSO’s tool could do something seemingly impossible: collect vast amounts of previously inaccessible data from smartphones in the air without leaving a trace — including phone calls, texts, emails, contacts, location and any data transmitted over apps like Facebook, WhatsApp and Skype.
“Once these companies invade your phone, they own it. You’re just carrying it around,” Avi Rosen of Kaymera Technologies, an Israeli cyberdefense company, said of NSO and its competitors.
The company soon had its first client for Pegasus: the government of Mexico, which was engaged in a crackdown on drug cartels. By 2013, NSO had installed Pegasus at three Mexican agencies, according to emails obtained by The Times. The emails estimated that, altogether, the firm had sold the Mexican government $15 million worth of hardware and software. Mexico was paying the firm some $77 million to track a wide array of targets’ every move and swipe of their phone.
NSO products were important to Mexico’s war against the cartels, according to four people familiar with how the Mexican government used Pegasus, speaking on the condition of anonymity to discuss intelligence matters. Mexican officials have credited Pegasus as instrumental in helping track and capture El Chapo, the famed drug kingpin who was convicted last month in New York and sentenced to life in a maximum-security prison.
Soon enough, NSO was selling to governments throughout the world, with the company claiming clients on every continent except Antarctica. NSO products — particularly Pegasus — helped break up terrorist cells and aided investigations into organized crime and child abduction, European intelligence and law enforcement officials said in interviews.
NSO’s first client, the Mexican government, was also using the hacking tools for darker purposes — as part of a broader government and industry surveillance effort. The government used NSO products to track at least two dozen journalists, government critics, international investigators looking into the unsolved disappearance of 43 students, even backers of a soda tax, according to Times investigations and research by Citizen Lab, part of the University of Toronto.
Those targets were subjected to a stream of harassing text messages that contained malware. Some messages warned that their spouses were having affairs, others that a relative had passed away. In one case, when government officials were not able to infiltrate the phone of a journalist, they targeted her 16-year-old son’s.
Though NSO says it sells its services for criminal and antiterrorism investigations, none of the Mexicans known to have been targeted were suspected in criminal or terrorism investigations.
“NSO technology has helped stop vicious crimes and deadly terrorist attacks around the world,” the company said in a statement. “We do not tolerate misuse of our products and we regularly vet and review our contracts to ensure they are not being used for anything other than the prevention or investigation of terrorism and crime.”
The company has established an ethics committee, which decides whether it can sell its spyware to countries based on their human rights records as reported by global organizations like the World Bank’s human capital index, and other indicators. NSO would not sell to Turkey, for example, because of its poor record on human rights, current and former employees said.
But on the World Bank index, Turkey ranks higher than Mexico and Saudi Arabia, both NSO clients. A spokesman for Israel’s Ministry of Defense, which needs to authorize any contract that NSO wins from a foreign government, declined to answer questions about the company.
View all episodes
By Newsbeat RadioThe New York Times
The man in charge of Saudi Arabia’s ruthless campaign to stifle dissent went searching for ways to spy on people he saw as threats to the kingdom. He knew where to go: a secretive Israeli company offering technology developed by former intelligence operatives.
It was late 2017 and Saud al-Qahtani — then a top adviser to Saudi Arabia’s powerful crown prince — was tracking Saudi dissidents around the world, part of his extensive surveillance efforts that ultimately led to the killing of the journalist Jamal Khashoggi. In messages exchanged with employees from the company, NSO Group, Mr. al-Qahtani spoke of grand plans to use its surveillance tools throughout the Middle East and Europe, like Turkey and Qatar or France and Britain.
The Saudi government’s reliance on a firm from Israel, an adversary for decades, offers a glimpse of a new age of digital warfare governed by few rules and of a growing economy, now valued at $12 billion, of spies for hire.
Today even the smallest countries can buy digital espionage services, enabling them to conduct sophisticated operations like electronic eavesdropping or influence campaigns that were once the preserve of major powers like the United States and Russia. Corporations that want to scrutinize competitors’ secrets, or a wealthy individual with a beef against a rival, can also command intelligence operations for a price, akin to purchasing off-the-shelf elements of the National Security Agency or the Mossad.
NSO and a competitor, the Emirati firm DarkMatter, exemplify the proliferation of privatized spying. A monthslong examination by The New York Times, based on interviews with current and former hackers for governments and private companies and others as well as a review of documents, uncovered secret skirmishes in this burgeoning world of digital combat.
The firms have enabled governments not only to hack criminal elements like terrorist groups and drug cartels but also in some cases to act on darker impulses, targeting activists and journalists. Hackers trained by United States spy agencies caught American businesspeople and human rights workers in their net. Cybermercenaries working for DarkMatter turned a prosaic household item, a baby monitor, into a spy device.
The F.B.I. is investigating current and former American employees of DarkMatter for possible cybercrimes, according to four people familiar with the investigation. The inquiry intensified after a former N.S.A. hacker working for the company grew concerned about its activities and contacted the F.B.I., Reuters reported.
NSO and DarkMatter also compete fiercely with each other, paying handsomely to lure top hacking talent from Israel, the United States and other countries, and sometimes pilfering recruits from each other, The Times found.
The Middle East is the epicenter of this new era of privatized spying. Besides DarkMatter and NSO, there is Black Cube, a private company run by former Mossad and Israeli military intelligence operatives that gained notoriety after Harvey Weinstein, the disgraced Hollywood mogul, hired it to dig up dirt on his accusers. Psy-Group, an Israeli company specializing in social media manipulation, worked for Russian oligarchs and in 2016 pitched the Trump campaign on a plan to build an online army of bots and avatars to swing Republican delegate votes.
Last year, a wealthy American businessman, Elliott Broidy, sued the government of Qatar and a New York firm run by a former C.I.A. officer, Global Risk Advisors, for what he said was a sophisticated breach of his company that led to thousands of his emails spilling into public. Mr. Broidy said that the operation was motivated by hard-nosed geopolitics: At the beginning of the Trump administration, he had pushed the White House to adopt anti-Qatar policies at the same time his firm was poised to receive hundreds of millions of dollars in contracts from the United Arab Emirates, the archrival to Qatar.
A judge dismissed Mr. Broidy’s lawsuit, but suspicions have grown that Qatar had a hand in other operations, including the hacking and leaking of the emails of Yousef al-Otaiba, the influential Emirati ambassador in Washington.
The rapid expansion of this global high-tech battleground, where armies of cybermercenaries clash, has prompted warnings of a dangerous and chaotic future.
“Even the smallest country, on a very low budget, can have an offensive capability,” or initiate online attacks against adversaries, said Robert Johnston, founder of the cybersecurity firm Adlumin and a key investigator on Russia’s 2016 hacking of the Democratic National Committee. “Qatar and U.A.E. are going after each other, and that war is getting very, very bloody.
“The barriers to entry in this space are getting lower and lower.”
Before NSO helped the Saudi government track its adversaries outside the kingdom, and helped the Mexican government hunt drug kingpins, and earned hundreds of millions of dollars working for dozens of countries on six continents, the company consisted of two high school friends in northern Israel with one relatively mundane idea.
Using technology developed by graduates of Intelligence Unit 8200 — Israel’s equivalent of the N.S.A.— Shalev Hulio and Omri Lavie started a company in 2008 that allowed cellphone firms to gain remote access to their customers’ devices to perform maintenance.
Word spread to Western spy services, whose operatives spotted an opportunity. At the time, American and European officials were warning that Apple, Facebook, Google and other tech giants were developing technologies that allowed criminals and terrorists to communicate through encrypted channels indecipherable to intelligence and law enforcement agencies. They called the phenomenon “going dark.”
Mr. Hulio and Mr. Lavie offered a way to circumvent this problem by hacking the end points of the communications — the phones themselves — after the data were decrypted.
By 2011, NSO had developed its first prototype, a mobile surveillance tool the company called Pegasus. Like its namesake, the Greek mythological winged horse, NSO’s tool could do something seemingly impossible: collect vast amounts of previously inaccessible data from smartphones in the air without leaving a trace — including phone calls, texts, emails, contacts, location and any data transmitted over apps like Facebook, WhatsApp and Skype.
“Once these companies invade your phone, they own it. You’re just carrying it around,” Avi Rosen of Kaymera Technologies, an Israeli cyberdefense company, said of NSO and its competitors.
The company soon had its first client for Pegasus: the government of Mexico, which was engaged in a crackdown on drug cartels. By 2013, NSO had installed Pegasus at three Mexican agencies, according to emails obtained by The Times. The emails estimated that, altogether, the firm had sold the Mexican government $15 million worth of hardware and software. Mexico was paying the firm some $77 million to track a wide array of targets’ every move and swipe of their phone.
NSO products were important to Mexico’s war against the cartels, according to four people familiar with how the Mexican government used Pegasus, speaking on the condition of anonymity to discuss intelligence matters. Mexican officials have credited Pegasus as instrumental in helping track and capture El Chapo, the famed drug kingpin who was convicted last month in New York and sentenced to life in a maximum-security prison.
Soon enough, NSO was selling to governments throughout the world, with the company claiming clients on every continent except Antarctica. NSO products — particularly Pegasus — helped break up terrorist cells and aided investigations into organized crime and child abduction, European intelligence and law enforcement officials said in interviews.
NSO’s first client, the Mexican government, was also using the hacking tools for darker purposes — as part of a broader government and industry surveillance effort. The government used NSO products to track at least two dozen journalists, government critics, international investigators looking into the unsolved disappearance of 43 students, even backers of a soda tax, according to Times investigations and research by Citizen Lab, part of the University of Toronto.
Those targets were subjected to a stream of harassing text messages that contained malware. Some messages warned that their spouses were having affairs, others that a relative had passed away. In one case, when government officials were not able to infiltrate the phone of a journalist, they targeted her 16-year-old son’s.
Though NSO says it sells its services for criminal and antiterrorism investigations, none of the Mexicans known to have been targeted were suspected in criminal or terrorism investigations.
“NSO technology has helped stop vicious crimes and deadly terrorist attacks around the world,” the company said in a statement. “We do not tolerate misuse of our products and we regularly vet and review our contracts to ensure they are not being used for anything other than the prevention or investigation of terrorism and crime.”
The company has established an ethics committee, which decides whether it can sell its spyware to countries based on their human rights records as reported by global organizations like the World Bank’s human capital index, and other indicators. NSO would not sell to Turkey, for example, because of its poor record on human rights, current and former employees said.
But on the World Bank index, Turkey ranks higher than Mexico and Saudi Arabia, both NSO clients. A spokesman for Israel’s Ministry of Defense, which needs to authorize any contract that NSO wins from a foreign government, declined to answer questions about the company.