According to a complaint filed with the US Department of Justice.
The allegation, which dates back to 2017 and was made by a former mobile security official named Gary Miller, was leaked to federal authorities and US Congressman Ted Lieu, who said he conducted his own due diligence on the complaint and found it “very disturbing”.
Details of Miller’s allegation were later sent in a letter from Lieu to the Justice Department.
“The privacy implications for Americans and the national security implications for America of NSO Group’s access to mobile carrier signaling networks are sweeping and alarming,” Lieu wrote in his letter.
The letter was shared with the Guardian and other media partners of Project Pegasus, a media consortium led by Paris-based Forbidden Stories, which investigated NSO and published a series of articles on how governments around the world worldwide have used the company’s spyware to target activists, journalists and lawyers, among others.
NSO said it had nothing to do with the mobile security company.
The Guardian and its media partners have separately learned that NSO is the subject of an active criminal investigation by the Department of Justice, according to four people familiar with the investigation. The investigation, they say, is focused on allegations of unauthorized intrusions into networks and mobile devices.
A US citizen whose cellphone was hacked by a customer of the spyware maker – and who asked not to be identified – said he was questioned at length about the 2021 hacking incident by US authorities. Security researchers had discovered that the individual had been hacked while living outside the United States and using a non-US mobile phone number. The DoJ also interviewed Mexican journalist Carmen Aristegui, whose iPhone was hacked using NSO technology, according to security researchers who analyzed her cellphone.
According to another person familiar with the criminal investigation, the DoJ also had contact with a company whose users were allegedly targeted by NSO clients using Pegasus spyware.
The DoJ declined to comment.
NSO has previously said it does not know how its customers use its spyware, but that customers are meant to target serious criminals only. He said his technology had saved “thousands of lives” by thwarting terrorist attacks. He also said he was investigating credible allegations of wrongdoing by his clients.
NSO has for years been considered one of the most sophisticated spyware manufacturers in the world. When successfully deployed, a Pegasus user can intercept phone calls, read messages on encrypted apps, view photos, and turn a phone into a remote listening device.
The Biden administration announced in November that it was adding NSO to the Commerce Department’s ‘entity list’ — effectively, an export blacklist — after it said it found evidence the Israeli company had provided software spies to foreign governments, who used the tools to “maliciously target” government officials, journalists, businesspeople, activists, academics, and embassy workers.
The allegation at the heart of Deputy Ted Lieu’s letter to the DoJ dates back to 2017.
In 2017, Gary Miller – the whistleblower who agreed to be interviewed by the Guardian, Washington Post and Forbidden Stories – worked for a company called Mobileum, which designed, developed and sold software to protect the decades-old SS7 network. decades, a global messaging system used for legitimate purposes by mobile phone companies, but can also be used to track the physical location of mobile users.
Miller was asked to lead a web-based voice call that he says in records provided to authorities was attended by NSO executives Shalev Hulio and Omri Lavie, two of the group’s co-founders.
NSO, Miller said, wanted to know about Mobileum’s access to hundreds of mobile networks around the world. Specifically, Miller alleged that NSO executives wanted to discuss how access to mobile networks would allow NSO “to improve the capabilities of their surveillance software.”
“They explicitly stated that their product was designed for surveillance and it was designed to monitor not the good guys but the bad guys,” Miller said.
He added, “They have repeatedly stated that their work is authorized by government agencies. They did not go into details about these government agencies.
As the meeting progressed, Miller claimed, a senior member of his own company at Mobileum asked what NSO thought the “business model” was to work with Mobileum, since Mobileum was not selling the access to global signaling networks as a product.
According to Miller, and a written disclosure he later made to federal authorities, the response Lavie allegedly made was “we’re dropping bags of cash at your office.”
Miller said the meeting ended soon after.
A few months later, Miller said he submitted an anonymous “lead” to the FBI in which he reported some details of the August conversation but received no response from authorities.
In a statement to the Guardian, Lavie’s spokesperson said: “No business has been undertaken with Mobileum. Mr. Lavie has no recollection of ever using the phrase “bags of money” and believes he did not. However, if these words were used, they will have been entirely in jest.
A representative for Lavie also said in an email to the Guardian that Lavie “strongly denies suggesting any unethical or unlawful action.”
A spokesperson for the NSO said in a statement to the Guardian: “The company [has] never done business with this company. We are not aware of any DoJ investigation. Additionally, NSO does not use cash as a method of payment. Any other suggestion demonstrates a profound lack of understanding of our business. »
Hulio did not respond to a request for comment.
Miller has since left Mobileum and is represented by attorney John Tye at Whistleblower Aid.
Miller currently works as a mobile security researcher at the Citizen Lab at the University of Toronto. He filed his whistleblower complaint with authorities at the DoJ, Securities and Exchange Commission, and Federal Communications Commission in June 2021. He then shared his account with Lieu in December 2021.
There is no evidence that Mobileum ever participated in another meeting with NSO or gave the company access to mobile networks.
Eran Gorev, who at the time was a managing partner at Francisco Partners, a US-based investment firm that had an interest in NSO in August 2017, and is listed in Miller’s disclosures to authorities as having attended the meeting, said in a statement to the Guardian that he had not been involved with NSO in more than three years and had “no recollection” of ever meeting or speaking with Mobileum.
He said that if such a meeting took place, he would “absolutely never make a comment like this” and that if anyone else did, “it would clearly have been done as a joke and a colloquialism/misunderstanding cultural “.
Gorev also said that during his time “involved” with NSO, the company complied with all applicable laws with “strict oversight from the Israeli government” and instituted a business ethics committee.
Asked about the details of the meeting, Mobileum said in a statement shared with Project Pegasus: “Mobileum does not have – and never had – any business relationship with NSO Group.”
He added, “Mobileum takes the privacy of its customers’ information very seriously and has a robust cybersecurity program in place to prevent any breaches. Mobileum does not have direct access to the customer’s network and is unable to provide any type of access, including SS7 access, to a third party.
There is no evidence that the DoJ is actively investigating Miller’s allegations.
In an interview with The Pegasus Project, Lieu, a former prosecutor, said, “This looks really dodgy and it doesn’t smell good, which is why I wanted the Department of Justice to investigate.”
NSO declined to comment on Lieu’s remark.