What you need to know
- The CEO of NSO Group says that people who aren't criminals have nothing to fear from its Pegasus spyware.
- It comes after it emerged that the tool was used to target the phones of journalists, activists, and others in various countries.
- Shalev Hulio says that people can absolutely trust the security and privacy of Apple and Google devices.
The CEO of the company behind the notorious Pegasus spyware says law-abiding phone users have nothing to be afraid of when it comes to security and privacy.
Shalev Hulio, CEO of NSO Group made the comments in an interview with Forbes following a slew of allegations regarding the company's Pegasus spyware.
Pegasus is spyware that's maintained and licensed by a company called NSO Group to nation-states and used by the operatives of those nation-states to extract information from iPhones and Android phones and to track and monitor the people using them. Amnesty International and Forbidden Stories, working with a consortium of over a dozen world news outlets including The Washington Post and The Guardian, released a series of coordinated reports over the weekend, basically accusing NSO of being less than forthright about who exactly is using their Pegasus spyware, and how much it's really being used. In other words, they're handing out cyber guns without really checking cyber IDs or running basic background checks. And maybe not just by the hundreds or thousands, but by the tens of thousands.
In the interview Hulio denied several of the claims made against NSO Group and Pegasus, for instance, he said the NSO was definitely not involved in attempts to hack the phones of French officials including President Emmanuel Macron. He also reiterated the company's stance, stating it could not be held responsible for the actions of those it licenses its software to:
"We are selling our products to governments. We have no way to monitor what those governments do. . . . But if those governments misuse the system, we have a way to investigate. We will shut them down. We have done it before and will continue to do so. . . . But we cannot be blamed on the misuse that the government did."
Hulio also said that law-abiding phone users have nothing to fear:
As for the average person, they've no need to fear NSO Group, he insists, as his company is only going to flex its technical muscle and break into the Apple and Google phones of serious criminals. "The people that are not criminals, not the Bin Ladens of the world—there's nothing to be afraid of. They can absolutely trust on the security and privacy of their Google and Apple devices."
Hulio said that tools like Pegasus were needed to save lives and "keep the safety of the people."
Hulio also dismissed claims of the existence of a list of 50,000 potential hacking targets obtained by Forbidden Stories, stating the list has nothing to do with NSO, and that the 50,000 number is "insane", claiming it only sells to between 40 and 45 countries who target around 100 people each. He also stated that no one data store of these people existed, and posed another explanation:
He believes the data has come from what's known as a Home Location Register (HLR) lookup. The HLR is essentially a kind of database controlled by telecom companies and shows whether or not a specific mobile number is registered and the phone's rough location. Telecom businesses will query the database for mundane tasks like sending SMS text messages, but could, according to telecoms security company AdaptiveMobile, be used as a starting point for cyberattacks. A surveillance company could recruit an HLR lookup provider—easily findable on the Web—and ask it to continually check whether a target device was registered and able to receive text messages. Previously, NSO hacks have reportedly launched via links sent via text.
He also confirmed that the NSO can cut off customers it thinks are misusing Pegasus. Earlier this week the company fervently stated it could not be held responsible for the actions of its customers, and that the reports were a "planned and well-orchestrated media campaign."