The Daily - The Sunday Read: 'The Battle for the World’s Most Powerful Cyberweapon'

Episode Date: February 27, 2022

Ronen Bergman and Mark Mazzetti investigate Pegasus, an Israeli spying tool that was acquired for use by the F.B.I., and which the United States government is now trying to ban.Pegasus is used globall...y. For nearly a decade, NSO, an Israeli firm, had been selling this surveillance software on a subscription basis to law-enforcement and intelligence agencies around the world, promising to consistently and reliably crack the encrypted communications of any iPhone or Android smartphone.The software has helped the authorities capture drug lords, thwart terrorist plots, fight organized crime, and, in one case, take down a global child-abuse ring, identifying suspects in more than 40 countries. But it has been prone to abuses of power: The Mexican government deployed Pegasus against journalists and political dissidents; and it was used to intercept communications with Jamal Khashoggi, a columnist for The Washington Post, whom Saudi operatives killed and dismembered in Istanbul in 2018.Cyberweapons are here to stay — but their legacy is still to be determined.This story was written by Ronen Bergman and Mark Mazzetti and recorded by Audm. To hear more audio stories from publications like The New York Times, download Audm for iPhone or Android.

Transcript
Discussion (0)
Starting point is 00:00:00 Hi, my name is Roland Bergman. I am an investigative reporter for the New York Times Magazine. I wrote a story with my colleague Mark Mazzetti about one of the most powerful and some would say notorious weapons on Earth. This weapon can intercept the means of communication used by a vast amount of mankind, Android and iOS on smartphones, and it does it better than any other intelligence agency in the world.
Starting point is 00:00:32 The weapon's name is Pegasus, and it was made by an Israeli company, it's called NSO, probably the most successful cyber company in the world. probably the most successful cyber company in the world. So traditionally, law enforcement and intelligence agencies could look at the communication between two individuals. What they needed to do was to look at the physical channel of communication between them, like copper wires or telephone or fiber optics or satellites. But with the introduction of smartphones, along with instant messaging apps like Signal or WhatsApp or Telegram,
Starting point is 00:01:12 using military-grade encryption, suddenly looking at the pipeline was just not enough. Because you could look at the communications, but it would take a supercomputer years to figure out what was actually said or exchanged. could look at the communications, but it would take a supercomputer years to figure out what was actually said or exchanged. NSO was the first to understand the business potential here. With Pegasus, they developed a way to hack a phone, get control over it, and grab the
Starting point is 00:01:38 data before it was encrypted. And that has become the key to intelligence and law enforcement agencies that wanted to catch pedophiles and drug traffickers or terrorists because there was no other way to look at their communication. Pegasus also became popular with tyrants and dictators who wanted to exploit it against civil society, human rights activists, political dissidents, journalists. And as a part of our research for this New York Times Magazine story, we witnessed a demonstration of Pegasus.
Starting point is 00:02:10 It takes only 45 minutes to capture the complete content of the phone. You had the ability to order the phone, to open the microphone, or to take photographs of what was happening in the room. This is not an Israeli story, however. It's about an Israeli company and product, but much of it happens in the U.S. Mark Mazzeri and I discovered
Starting point is 00:02:33 that while many U.S. military and intelligence agencies had negotiated buying a Pegasus from NSO, the FBI and CIA ended up actually buying one each, something that the agency had never before disclosed. In June of 2019, the FBI had installed Pegasus
Starting point is 00:02:54 in a site in New Jersey, while also discussing buying another to be used against American numbers. The FBI claims that they never used Pegasus operationally and they only had it for testing and evaluation. But testing and evaluation could mean anything. And to this day, the system remains at the FBI site in New Jersey, it's waiting to be reactivated.
Starting point is 00:03:21 So here's our article from the New York Times Magazine, The Battle for the World's Most Powerful Cyberweapon, read by Malcolm Hillgartner. This was recorded by Autumn. To listen to more stories from The New York Times, The New Yorker, Vanity Fair, The Atlantic, and other publications on your smartphone, download AUDM on the App Store or the Play Store. Visit AUDM, that's A-U-D-M, dot com, for more details. In June 2019, three Israeli computer engineers arrived at a New Jersey building used by the FBI. They unpacked dozens of computer servers, arranging them on tall racks in an isolated room. As they set up the equipment, the engineers made a series of calls to their bosses in Herzliya, a Tel Aviv suburb, at the headquarters for NSO Group, the world's most notorious maker of spyware.
Starting point is 00:04:33 Then, with their equipment in place, they began testing. The FBI had bought a version of Pegasus, NSO's premier spying tool. of Pegasus, NSO's premier spying tool. For nearly a decade, the Israeli firm had been selling its surveillance software on a subscription basis to law enforcement and intelligence agencies around the world, promising that it could do what no one else, not a private company, not even a state intelligence service, could do, consistently and reliably crack the encrypted communications of any iPhone or Android smartphone. Since NSO had introduced Pegasus to the global market in 2011, it had helped Mexican authorities
Starting point is 00:05:18 capture Joaquin Guzman Loera, the drug lord known as El Chapo. European investigators have quietly used Pegasus to thwart terrorist plots, fight organized crime, and, in one case, take down a global child abuse ring, identifying dozens of suspects in more than 40 countries. In a broader sense, NSO's products seem to solve one of the biggest problems facing law enforcement and intelligence agencies in the 21st century. That criminals and terrorists had better technology for encrypting their communications than investigators had to decrypt them. The criminal world had gone dark, even as it was increasingly going global. even as it was increasingly going global.
Starting point is 00:06:08 But by the time the company's engineers walked through the door of the New Jersey facility in 2019, the many abuses of Pegasus had also been well documented. Mexico deployed the software not just against gangsters, but also against journalists and political dissidents. The United Arab Emirates used the software to hack the phone of a civil rights activist whom the government threw in jail. Saudi Arabia used it against women's rights activists and, according to a lawsuit filed by a Saudi dissident, to spy on communications with Jamal Khashoggi, a columnist for the Washington Post, whom Saudi operatives killed and dismembered in Istanbul in 2018.
Starting point is 00:06:49 None of this prevented new customers from approaching NSO, including the United States. The details of the FBI's purchase and testing of Pegasus have never before been made public. Additionally, the same year that Khashoggi was killed, the Central Intelligence Agency arranged and paid for the government of Djibouti to acquire Pegasus to assist the American ally in combating terrorism, despite long-standing concerns about human rights abuses there, including the persecution of journalists and the torture of government opponents. including the persecution of journalists and the torture of government opponents.
Starting point is 00:07:30 The DEA, the Secret Service, and the U.S. military's Africa Command had all held discussions with NSO. The FBI was now taking the next step. As part of their training, FBI employees bought new smartphones at local stores and set them up with dummy accounts, using SIM cards from other countries. Pegasus was designed to be unable to hack into American numbers. Then the Pegasus engineers, as they had in previous demonstrations around the world, opened their interface, entered the number of the phone, and began an attack. entered the number of the phone, and began an attack. This version of Pegasus was zero-click.
Starting point is 00:08:09 Unlike more common hacking software, it did not require users to click on a malicious attachment or link. So the Americans monitoring the phones could see no evidence of an ongoing breach. They couldn't see the Pegasus computers connecting to a network of servers around the world, hacking the phone, then connecting back to the equipment at the New Jersey facility. What they could see, minutes later, was every piece of data stored on the phone as it unspooled onto the large monitors of the Pegasus computers. Every email, every photo, every text thread, every personal contact. They could also see the phone's location and even take control of its camera and microphone.
Starting point is 00:08:53 FBI agents using Pegasus could, in theory, almost instantly transform phones around the world into powerful surveillance tools, everywhere except in the United States. Ever since the 2013 revelations by Edward Snowden, a former national security agency contractor, about US government surveillance of American citizens, few debates in this country have been more fraught than those over the proper scope of domestic spying. fraught than those over the proper scope of domestic spying. Questions about the balance between privacy and security took on new urgency with the
Starting point is 00:09:32 parallel development of smartphones and spyware that could be used to scoop up the terabytes of information those phones generate every day. Israel, wary of angering Americans by abetting the efforts of other countries to spy on the United States, had required NSO to program Pegasus so it was incapable of targeting U.S. numbers. This prevented its foreign clients from spying on Americans, but it also prevented Americans from spying on Americans. NSO had recently offered the FBI a workaround. During a presentation to officials in Washington, the company demonstrated a new system called Phantom that could hack any number in the United States that the FBI decided to target.
Starting point is 00:10:19 Israel had granted a special license to NSO, one that permitted its Phantom system to attack U.S. numbers. The license allowed for only one type of client, U.S. government agencies. A slick brochure put together for potential customers by NSO's U.S. subsidiary, obtained by the Times, says that Phantom allows American law enforcement and spy agencies to get intelligence by extracting and monitoring crucial data from mobile devices it is an independent solution that requires no cooperation from at t verizon apple or google the system it says will turn your target's smartphone into an intelligence goldmine.
Starting point is 00:11:15 The Phantom presentation triggered a discussion among government lawyers at the Justice Department and the FBI that lasted two years across two presidential administrations, centering on a basic question. Could deploying Phantom inside the United States run afoul of long-established wiretapping laws? As the lawyers debated, the FBI renewed the contract for the Pegasus system and ran up fees to NSO of approximately $5 million. During this time, NSO engineers were in frequent contact with FBI employees, asking about the various technological details that could change the legal implications of an attack. The discussions at the Justice Department and the FBI continued until last summer, when the FBI finally decided not to deploy the NSO weapons. It was around this time that a consortium of news organizations called Forbidden Stories brought forward new revelations about NSO cyberweapons and their use against journalists and political dissidents.
Starting point is 00:12:15 The Pegasus system currently lies dormant at the facility in New Jersey. An FBI spokeswoman said that the Bureau examines new technologies, not just to explore a potential legal use, but also to combat crime and to protect both the American people and our civil liberties. That means we routinely identify, evaluate, and test technical solutions and services for a variety of reasons, including possible operational and security concerns they might pose in the wrong hands. The CIA, the DEA, the Secret Service, and Africa Command declined to comment. A spokesman for the government of Djibouti said the country had never acquired or used Pegasus.
Starting point is 00:13:03 In November, the United States announced what appeared, at least to those who knew about its previous dealings, to be a complete about-face on NSO. The Commerce Department was adding the Israeli firm to its entity list for activities contrary to the national security or foreign policy interests of the United States. The list, originally designed to prevent U.S. companies from selling to nations or other entities
Starting point is 00:13:31 that might be in the business of manufacturing weapons of mass destruction, had in recent years come to include several cyberweapons companies. NSO could no longer buy critical supplies from American firms It was a very public rebuke of a company that had in many ways become the crown jewel of the Israeli defense industry Now, without access to the American technology it needed to run its operations including Dell computers and Amazon cloud servers it risked being unable to function.
Starting point is 00:14:07 The United States delivered the news to Israel's Ministry of Defense less than an hour before it was made public. Israeli officials were furious. Many of the headlines focused on the specter of an out-of-control private company, one based in Israel but largely funded offshore. But authorities in Israel reacted as if the ban were an attack on the state itself. The people aiming their arrows against NSO, said Eagle Una, director general of the Israel National Cyber Directorate until January 5th, are actually aiming at the blue and white flag hanging behind it.
Starting point is 00:14:44 5th, are actually aiming at the blue and white flag hanging behind it. The Israelis' anger was, in part, about U.S. hypocrisy. The American ban came after years of secretly testing NSO's products at home and putting them in the hands of at least one country, Djibouti, with a record of human rights abuses. But Israel also had its own interests to protect. To an extent not previously understood, Israel, through its internal export licensing process, has ultimate say over who NSO can sell its spyware to. This has allowed Israel to make NSO a central component of its national security strategy for years,
Starting point is 00:15:25 using it and similar firms to advance the country's interests around the world. A year-long Times investigation, including dozens of interviews with government officials, leaders of intelligence and law enforcement agencies, cyber weapons experts, business executives and privacy activists in a dozen countries, shows how Israel's ability to approve or deny access to NSO's cyber weapons has become entangled with its diplomacy. Countries like Mexico and Panama have shifted their positions toward Israel in key votes at the United Nations after winning access to Pegasus.
Starting point is 00:16:04 Israel in key votes at the United Nations after winning access to Pegasus. Times reporting also reveals how sales of Pegasus played an unseen but critical role in securing the support of Arab nations in Israel's campaign against Iran, and even in negotiating the Abraham Accords, the 2020 diplomatic agreements that normalized relations between Israel and some of its longtime Arab adversaries. The combination of Israel's search for influence and NSO's drive for profits has also led to the powerful spying tools ending up in the hands of a new generation of nationalist leaders worldwide. Though the Israeli government's oversight was meant to prevent the powerful spyware from being used in repressive ways,
Starting point is 00:16:48 Pegasus has been sold to Poland, Hungary, and India, despite those countries' questionable records on human rights. The United States has made a series of calculations in response to these developments, secretly acquiring, testing, and deploying the company's technology, even as it has denounced the company in public and sought to limit its access to vital American suppliers. The current showdown between the United States and Israel over NSO demonstrates how governments increasingly view powerful cyber weapons the same way they have long viewed
Starting point is 00:17:22 military hardware like fighter jets and centrifuges, not only as pivotal to national defense, but also as a currency with which to buy influence around the world. Selling weapons for diplomatic ends has long been a tool of statecraft. Foreign service officers posted in American embassies abroad have served for years as pitchmen for defense firms hoping to sell arms to their client states, as the thousands of diplomatic cables released by WikiLeaks in 2010 showed. When American defense secretaries meet with their counterparts in allied capitals, the end result is often the announcement of an arms deal that pads the profits of Lockheed Martin or Raytheon. Cyberweapons have changed international
Starting point is 00:18:11 relations more profoundly than any advance since the advent of the atomic bomb. In some ways, they are even more profoundly destabilizing. They are comparatively cheap, easily distributed, and can be deployed without consequences to the attacker. Dealing with their proliferation is radically changing the nature of state relations, as Israel long ago discovered, and the rest of the world is now also beginning to understand. For Israel, the weapons trade has always been central to the country's sense of national survival. It was a major driver of economic growth, which in turn funded further military research and development. But it also played an important role in forging new alliances in a dangerous world. In the 1950s, when the nation was still young and essentially powerless,
Starting point is 00:19:04 In the 1950s, when the nation was still young and essentially powerless, its first prime minister, David Ben-Gurion, established covert links with countries and organizations that lay just outside the ring of hostile Arab states that surround Israel. He called this approach the Periphery Doctrine, and his foreign intelligence agency, the Mossad, began weaving a network of secret contacts inside countries throughout the Middle East, Asia, and Africa, including many that publicly sided with Arabs. Offering advanced weapons was a key to making those connections.
Starting point is 00:19:37 By the mid-1980s, Israel had firmly established itself as one of the world's top arms exporters, with an estimated one in ten of the nation's workers employed by the industry in some way. All of this bought goodwill for Israel from select foreign leaders, who saw the military aid as essential to preserving their own power. In turn, those countries often voted in Israel's favor at the United Nations General Assembly, the Security Council, and other international forums. They also allowed the Mossad and the Israel Defense Forces to use their countries as bases to launch operations against Arab nations.
Starting point is 00:20:18 As cyber weapons began to eclipse fighter jets in the schemes of military planners, a different kind of weapons industry emerged in Israel. Veterans of Unit 8200, Israel's equivalent of the National Security Agency, poured into secretive startups in the private sector, giving rise to a multi-billion dollar cybersecurity industry. As with purveyors of conventional weapons, cyber weapons makers are required
Starting point is 00:20:45 to obtain export licenses from Israel's Ministry of Defense to sell their tools abroad, providing a crucial lever for the government to influence the firms and, in some cases, the countries that buy from them. None of these firms have been as wildly successful or as strategically useful to the Israeli government as NSO. The firm has its roots in a former chicken coop in Benet Zion, an agricultural cooperative just outside Tel Aviv. In the mid-2000s, the building's owner, realizing that coders might deliver a better profit than chickens, gave the space a light makeover and began renting it to technology startups looking for cheap office space. Among the startup founders there, Shalev Julio stood out from the veteran programmers around him. He was charismatic and easy to spend time with, but he also gave the impression, at least initially,
Starting point is 00:21:42 of being somewhat naive. He and his partner, Henri Lévy, an old friend from school, had each done their mandatory military service in combat units, rather than intelligence or technology, and for years they struggled to find a product that would connect. They developed a video marketing product, which briefly took off but then crashed with the 2008 global recession. They then started another company called Communitake that offered cell phone tech support workers the ability to take control of their customers' devices with permission.
Starting point is 00:22:18 That idea met with little enthusiasm, so the two friends pivoted to a very different kind of customer. A European intelligence agency found out about our innovation and contacted me, Julio recalled in an interview. What quickly emerged was that their product could solve a much bigger problem than customer service. For years, law enforcement and intelligence agencies had been able to intercept and understand communications in transit. But as powerful encryption became widely available, that was no longer the case. They could intercept a communication, but they could no longer understand what it said. If they could control the device itself, though, they could collect the data before it was encrypted. Communitech had already figured out how to control the devices. All the partners needed was a way to do so,
Starting point is 00:23:12 without permission. And so NSO was born. Julio and Lévy, lacking the contacts they would need to scale their product, brought in a third partner, Niv Karmi, who had served both in military intelligence and in the Mossad. They took the company name from their first initials, Niv, Shalev, and Omri, that it sounded a little like NSA was a happy coincidence, and began hiring. Recruitment was the essential ingredient of their business plan. The company would eventually employ more than 700 people in offices around the world and a sprawling headquarters in Herzliya, where individual labs for Apple and Android operating systems are filled with racks of smartphones undergoing constant testing by the firm's hackers as they seek and exploit new vulnerabilities.
Starting point is 00:24:05 Nearly every member of NSO's research team is a veteran of the intelligence services. Most of them served with Amman, the Israeli Military Intelligence Directorate, the largest agency in the Israeli espionage community, and many of them in Amman's Unit 8200. The company's most valuable employees are all graduates of elite training courses, including a secretive and prestigious Unit 8200 program called ARAM that accepts only a handful of the most brilliant recruits and trains them in the most advanced methods of cyber weapons programming. There are very few people with this kind of training anywhere in the world, and soon enough, few places would have a higher concentration of them
Starting point is 00:24:47 than NSO's headquarters in Herzliya, where there were not just a few top specialists, but hundreds. This would provide NSO with an incredible competitive advantage. All of those engineers would work daily to find zero days, i.e. new vulnerabilities in phone software that could be exploited to install Pegasus. Unlike rival firms, which generally struggle to find even a single zero day, and therefore could be shut down if it were made public, NSO would be able to discover and bank multitudes of them. If someone locked one back door,
Starting point is 00:25:25 a company could quickly open another. In 2011, NSO engineers finished coding the first iteration of Pegasus. With its powerful new tool, NSO hoped to quickly build a stable of clients in the West. But many countries, especially those in Europe, were initially wary of buying foreign intelligence products. There was a particular concern about Israeli companies that were staffed by former top intelligence officials. Potential customers feared that their spyware might be contaminated with even deeper spyware, allowing the Mossad access to their internal systems.
Starting point is 00:26:16 Reputation mattered, both for sales and for holding on to the well-trained coders who had made Pegasus a reality. Julio appointed Major General Avigdor Bengal, a Holocaust survivor and a highly respected combat officer, as NSO's chairman, and established what he said would be the company's four main pillars. NSO would not operate the system itself. It would sell only to governments, not to individuals or companies. It would be selective about which governments it allowed to use the software. And it would cooperate with Israel's Defense Export Controls Agency, or DECA, to license
Starting point is 00:26:54 every sale. The decisions NSO made early on about its relationship with regulators ensured that it would function as a close ally, if not an arm, of Israeli foreign policy. Bengal saw that this oversight was crucial to NSO's growth. It might restrict which countries the company could sell to, but it would also protect the company from public blowback about what its clients did. When he informed the defense ministry that NSO would voluntarily be subject to oversight, the authorities also seemed happy with this plan.
Starting point is 00:27:29 One former military aide to Benjamin Netanyahu, at the time Israel's prime minister, explained the advantages quite clearly. With our Defense Ministry sitting at the controls of how these systems move around, he said, we will be able to exploit them and reap diplomatic profits. The company quickly got its first major break. Mexico, in its ongoing battle against drug cartels, was looking for ways to hack the encrypted BlackBerry messaging service favored by cartel operatives.
Starting point is 00:28:00 The NSA had found a way in, but the American agency offered Mexico only sporadic access. Julio and Bengal arranged a meeting with Mexico's president, Felipe Calderon, and arrived with an aggressive sales pitch. Pegasus could do what the NSA could do, and it could do so entirely at the command of Mexican authorities. Calderon was interested. at the command of Mexican authorities. Calderon was interested. Israel's Ministry of Defense informed NSO that there was no issue with selling Pegasus to Mexico, and a deal was finalized. Soon after, investigators at an office of the Center for Investigation and National Security, or CISEN, now called the Center for National Investigation, went to work with one of the Pegasus machines.
Starting point is 00:28:46 They fed the mobile phone number of a person connected to Joaquin Guzman's Sinaloa cartel into the system, and the BlackBerry was successfully attacked. Investigators could see the content of the messages, as well as the locations of different BlackBerry devices. Suddenly we started to see and hear anew, says a former CSUN leader. It was like magic. In his view, the new system had revitalized their entire operation. Everyone felt like maybe for the first time we could win. It was also a win for Israel. Mexico is a dominant power in Latin America, a region where Israel for years has
Starting point is 00:29:26 waged a kind of diplomatic trench warfare against anti-Israeli groups supported by the country's adversaries in the Middle East. There is no direct evidence that Mexico's contracts with NSO brought about a change in the country's foreign policy toward Israel, but there is at least a recognizable pattern of correlation. After a long tradition of voting against Israel at United Nations conferences, Mexico slowly began to shift no votes to abstentions. Then in 2016, Enrique Peña Nieto, who succeeded Calderón in 2012, went to Israel, which had not seen an official visit from a Mexican president since 2000. Netanyahu visited Mexico City the following year,
Starting point is 00:30:12 the first visit ever by an Israeli prime minister. Shortly after, Mexico announced that it would abstain from voting on several pro-Palestinian resolutions that were being considered by the United Nations. In a statement, Netanyahu's spokesman said that the former Prime Minister never sought a quid pro quo when other countries wanted to buy Pegasus. The claim that Prime Minister Netanyahu spoke to foreign leaders and offered them such systems in exchange for political or other measures is a complete and utter lie. All sales of this system or similar products of Israeli companies to foreign countries are conducted with the approval and supervision of the Ministry of Defense, as outlined in Israeli law. The Mexico example revealed both the promise and the perils of working within SO.
Starting point is 00:31:08 example revealed both the promise and the perils of working within SO. In 2017, researchers at Citizen Lab, a watchdog group based at the University of Toronto, reported that authorities in Mexico had used Pegasus to hack the accounts of advocates for a soda tax as part of a broader campaign aimed at human rights activists, political opposition movements, and journalists. More disturbing, it appeared that someone in the government had used Pegasus to spy on lawyers working to untangle the massacre of 43 students in Iguala in 2014. Tomás Cerón de Lucio, the chief of the Mexican equivalent of the FBI, was a main author of the federal government's version of the event, which concluded that author of the federal government's version of the event, which concluded that the students were killed by a local gang. But in 2016, he became
Starting point is 00:31:52 the subject of an investigation himself, on suspicion that he had covered up federal involvement in the events there. Now it appeared that he might have used Pegasus in that effort. One of his official duties was to sign off on the procurement of cyber weapons and other equipment. In March 2019, soon after Andres Manuel Lopez Obrador replaced Peña Nieto after a landslide election, investigators charged that Zerón had engaged in torture, abduction, and tampering with evidence in relation to the Iguala massacre. Ceron fled to Canada and then to Israel, where he entered the country as a tourist and where, despite an extradition request from Mexico, which is now seeking him on additional charges
Starting point is 00:32:38 of embezzlement, he remains today. The American reluctance to share intelligence was creating other opportunities for NSO and for Israel. In August 2009, Panama's new president, Ricardo Martinelli, fresh off a presidential campaign grounded on promises of eliminating political corruption, tried to persuade U.S. diplomats in the country to give him surveillance equipment to spy on security threats as well as political opponents, according to a State Department cable published by WikiLeaks. The United States will not be party to any effort to expand wire taps to domestic political targets, the deputy chief of mission replied. the deputy chief of mission replied.
Starting point is 00:33:25 Martinelli tried a different approach. In early 2010, Panama was one of only six countries at the UN General Assembly to back Israel against a resolution to keep the Goldstone Commission report on war crimes committed during the 2008-2009 Israeli assault on Gaza on the international agenda. 2009 Israeli assault on Gaza on the international agenda. A week after the vote, Martinelli landed in Tel Aviv on one of his first trips outside Latin America. Panama will always stand with Israel, he told the Israeli president, Shimon Peres, in appreciation of its guardianship of the capital of the world, Jerusalem. He said he and his entourage of ministers, business people, and Jewish community leaders had come to Israel to learn. We came a great distance, but we are very close
Starting point is 00:34:14 because of the Jewish heart of Panama, he said. Behind closed doors, Martinelli used his trip to go on a surveillance shopping spree. In a private meeting with Netanyahu, the two men discussed the military and intelligence equipment that Martinelli wanted to buy from Israeli vendors. According to one person who attended the meeting, Martinelli was particularly interested in the ability to hack into BlackBerry's BBM text service, which was very popular in Panama at that time.
Starting point is 00:34:46 Within two years, Israel was able to offer him one of the most sophisticated tools yet made. After the installation of NSO systems in Panama City in 2012, Martinelli's government voted in Israel's favor on numerous occasions, including to oppose the United Nations decision to upgrade the status of the Palestinian delegation. 138 countries voted in favor of the resolution, with just Israel, Panama, and seven other countries opposing it. According to a later legal affidavit from Ismail Piti, an analyst for Panama's National Security Council. The equipment was used in a widespread campaign to violate the privacy of Panamanians and non-Panamanians, political opponents, magistrates, union leaders, business competitors, all without following the legal procedure. Prosecutors later said Martinelli even ordered the team operating Pegasus to hack the phone of his mistress.
Starting point is 00:35:47 It all came to an end in 2014, when Martinelli was replaced by his vice president, Juan Carlos Varela, who himself claims to have been a target of Martinelli's spying. Martinelli's subordinates dismantled the espionage system, and the former president fled the country. In November, he was acquitted by Panamanian courts of wiretapping charges. NSO was doubling its sales every year. $15 million, $30 million, $60 million.
Starting point is 00:36:19 That growth attracted the attention of investors. In 2014, Francisco Partners, a U.S.-based global investment firm, paid $130 million for 70% of NSO's shares, then merged another Israeli cyberweapons firm called Circles into their new acquisition. Founded by a former senior Amman officer, Circles offered clients access to a vulnerability that allowed them to detect the location of any mobile phone in the world, a vulnerability discovered by Israeli intelligence ten years earlier. The combined company could offer more services to more clients than ever. Through a series of new deals, Pegasus was helping to knit together a rising generation of right-wing leaders worldwide.
Starting point is 00:37:09 On November 21, 2016, Sarah and Benjamin Netanyahu welcomed Prime Minister Beata Szydło of Poland and her foreign minister, Witold Waszczykowski, for dinner at their home. Shortly after, Poland signed an agreement with NSO to purchase a Pegasus system for its Central Anti-Corruption Bureau. Citizen Lab reported in December 2021 that the phones of at least three members of the Polish opposition were attacked by this spy machine. Netanyahu did not order the Pegasus system to be cut off,
Starting point is 00:37:43 even when the Polish government enacted laws that many in the Jewish world and in Israel saw as Holocaust denial. And even when Prime Minister Mateusz Morawiecki, at a conference attended by Netanyahu himself, listed Jewish perpetrators among those responsible for the Holocaust. In July 2017, Narendra Modi, who won office on a platform of Hindu nationalism, became the first Indian Prime Minister to visit Israel. For decades, India had maintained a policy of what it called commitment to the Palestinian cause, and relations with Israel were frosty. The Modi visit, however, was notably cordial, complete with a carefully staged moment of him and Prime Minister Netanyahu walking together
Starting point is 00:38:32 barefoot on a local beach. They had reason for the warm feelings. Their countries had agreed on the sale of a package of sophisticated weapons and intelligence gear worth roughly $2 billion, with Pegasus and a missile system as the centerpieces. Months later, Netanyahu made a rare state visit to India. And in June 2019, India voted in support of Israel at the UN's Economic and Social Council to deny observer status to a Palestinian human rights organization, a first for the nation. The Israeli Defense Ministry also licensed the sale of Pegasus to Hungary, despite Prime Minister Viktor Orban's campaign of persecution against his political opponents. Orban deployed the hacking tools on opposition figures, social activists, journalists who conducted investigations
Starting point is 00:39:25 against him, and families of former business partners who had become bitter enemies. But Orban has been Israel's devoted supporter in the European Union. In 2020, Hungary was one of the few countries that did not publicly speak out against Israel's plan at the time to unilaterally annex swaths of the West Bank. In May of that year, European Union foreign ministers tried to reach unanimity when calling for a ceasefire between Israel and the Palestinian Islamic group Hamas, as well as for increased humanitarian aid for Gaza. Hungary declined to join the other 26 countries. for Gaza. Hungary declined to join the other 26 countries. Arguably the most fruitful alliances made with Pegasus' help have been those between Israel and its Arab neighbors. Israel first authorized the sale of the system to the UAE as something of
Starting point is 00:40:19 an olive branch, after Mossad agents poisoned a senior Hamas operative in a Dubai hotel room in 2010. It was not the assassination itself that infuriated Crown Prince Mohammed bin Zayed, the de facto Emirati leader, so much as it was that the Israelis had carried it out on Emirati soil. The prince, widely known as MBZ, ordered that security ties between Israel and the UAE be severed. In 2013, by way of a truce, MBZ was offered the opportunity to buy Pegasus. He readily agreed. The Emirates did not hesitate to deploy Pegasus against its domestic enemies.
Starting point is 00:41:01 Ahmed Mansour, an outspoken critic of the government, went public after Citizen Lab determined that Pegasus had been used to hack his phone. When the vulnerability was made public, Apple immediately pushed out an update to block the vulnerability. But for Mansour, the damage had already been done. His car was stolen, his email account was hacked, his location was monitored, his passport was taken from him, $140,000 was stolen from his bank account, he was fired from his job, and strangers beat him on the street several times. You start to believe your every move is watched, he said at the time. Your family starts to panic. I have to live with that. Your family starts to panic. I have to live with that. In 2018, Mansour was sentenced to 10 years in prison for posts he made on Facebook and Twitter.
Starting point is 00:41:56 The messy outcome of the Dubai assassination aside, Israel and the UAE had in fact been growing closer together for years. The calcified animosities between Israel and the Arab world that for years drove Middle East politics had given way to a new, uneasy alliance in the region. Israel and the Sunni states and the Persian Gulf lining up against their archenemy, Iran, a Shia nation. Such an alliance would have been unheard of decades ago, when Arab kings proclaimed themselves to be the protectors of the Palestinians and their struggle for independence from Israel. The Palestinian cause has less of a hold on some of the next generation of Arab leaders, who have shaped much of their foreign policy to address the sectarian battle between Sunni and Shia, and they have found common cause with Israel as an important ally against Iran. No leader represents this dynamic more than Saudi Arabia's crowned prince Mohammed bin Salman, the son of the alien king and the kingdom's de facto ruler.
Starting point is 00:42:59 In 2017, Israeli authorities decided to approve the sale of Pegasus to the kingdom, and in particular to a Saudi security agency under the supervision of Prince Mohammed. From this point on, a small group of senior members of the Israeli defense establishment, reporting directly to Netanyahu, took a lead role in the exchanges with the Saudis, all while taking extreme measures of secrecy, according to one of the Israelis involved in the affair. One Israeli official said that the hope was to gain Prince Mohammed's commitment and gratitude. The contract for an initial installation fee of $55 million was signed in 2017. Years prior, NSO had formed an ethics committee made up of a bipartisan cast of
Starting point is 00:43:48 former U.S. foreign policy officials who would advise on potential customers. After the Khashoggi killing in 2018, its members requested an urgent meeting to address the stories circulating about NSO involvement. Julio flatly denied that Pegasus had been used to spy on the Washington Post columnist. Pegasus systems log every attack in case there is a complaint and, with the client's permission, NSO can perform an after-the-fact forensic analysis. Julio said his staff had done just that with the Saudi logs and found no use of any NSO product or technology against Khashoggi. The committee nonetheless urged NSO to shut off the Pegasus system in Saudi Arabia, and
Starting point is 00:44:34 it did. The committee also advised NSO to reject a subsequent request by the Israeli government to reconnect the hacking system in Saudi Arabia, and it stayed off. Then the following year, the company reversed course. Novolpina, a British private equity firm acting in cooperation with Julio, purchased Francisco Partners' shares of NSO with a valuation of $1 billion, more than five times more than it was when the American Fund acquired it in 2014. In early 2019, NSO agreed to turn the Pegasus system in Saudi Arabia back on. Keeping the Saudis happy was important for Netanyahu,
Starting point is 00:45:17 who was in the middle of a secret diplomatic initiative he believed would cement his legacy as a statesman, an official rapprochement between Israel and several Arab states. In September 2020, Netanyahu, Donald Trump, and the foreign ministers of the United Arab Emirates and Bahrain signed the Abraham Accords, and all the signatories heralded it as a new era of peace for the region. But behind the scenes of the peace deal was a Middle East weapons bazaar. The Trump administration had quietly agreed to overturn past American policy
Starting point is 00:45:53 and sell F-35 joint strike fighters and armed Reaper drones to the UAE, and had spent weeks assuaging Israel's concerns that it would no longer be the only country in the region with the sophisticated F-35. Pompeo would later describe the aircraft deals in an interview as critical to obtaining MBZ's consent to the historic move. And by the time the Abraham Accords were announced, Israel had provided licenses to sell Pegasus to nearly all the signatories. Things hit a snag a month later when the Saudi export license expired. Now it was up to the Israeli Defense Ministry to decide whether or not to renew it. Citing Saudi Arabia's abuse of Pegasus, it declined to do so. Without the license, NSO could not provide routine maintenance on the
Starting point is 00:46:46 software, and the systems were crashing. Numerous calls among Prince Mohammed's aides, NSO executives, the Mossad, and the Israeli Defense Ministry had failed to resolve the issue. So the Crown Prince placed an urgent telephone call to Netanyahu, according to people familiar with the call. placed an urgent telephone call to Netanyahu, according to people familiar with the call. He wanted the Saudi license for Pegasus renewed. Prince Mohammed had a significant amount of leverage. His ailing father, King Salman,
Starting point is 00:47:17 had not officially signed on to the Abraham Accords, but he offered the other signatories his tacit blessing. He also allowed for a crucial part of the agreement to move forward, the use of Saudi airspace for the first time ever by Israeli planes flying eastward on their way to the Persian Gulf. If the Saudis were to change their mind about the use of their airspace, an important public component of the accords might collapse. Netanyahu apparently had not been updated on the brewing crisis, but after the conversation with Prince Mohammed, his office immediately ordered the defense ministry to have the problem fixed. That night, a ministry official called NSO's operations room to have the Saudi
Starting point is 00:47:58 systems switched back on, but the NSO compliance officer on duty rebuffed the request without a signed license. Told that the orders came directly from Netanyahu, the NSO employee agreed to accept an email from the Defense Ministry. Shortly afterward, Pegasus in Saudi Arabia was once again up and running. The next morning, a courier from the Defense Ministry arrived at NSO headquarters, delivering a stamped and sealed permit. In December 2021, just weeks after NSO landed on the American blacklist, the White House National Security Advisor, Jake Sullivan, arrived in Israel for meetings with Israeli officials about one of the Biden administration's top foreign policy priorities, getting a new nuclear pact with Iran three years after President Trump scuttled the original deal. The visit carried historical weight. In 2012, Sullivan was one of
Starting point is 00:48:58 the first American officials to talk with Iranian officials about a possible nuclear deal, meetings that President Obama chose to keep secret from the Israelis out of fear they might try to blow up the negotiations, and Israeli officials were furious when they found out. Now, years later, Sullivan arrived in Jerusalem to make his case for a united front in the next round of Iran diplomacy. But there was another matter that Israeli officials, including the Prime Minister, the Minister of Defense, and the Foreign Minister, wanted to discuss. The future of NSO. The Israelis pressed Sullivan about the reasons behind the blacklist decision.
Starting point is 00:49:41 They also warned that if NSO went bankrupt, Russia and China might fill the vacuum and expand their own influence by selling their own hacking tools to nations that could no longer buy from Israel. Una, the former head of the Israel National Cyber Directorate, says he believes the move against the Israeli firms, which was followed by Facebook's blacklisting of more Israeli cyberweapons and intelligence companies, is part of something bigger, a plan to neuter Israel's advantage in cyberweapons. We have to prepare for a battle to defend the good name that we earned, honestly, he says. Biden administration officials dismissed this talk of a deep conspiracy, saying the decision about NSO has everything to do with reigning in a dangerous company and nothing to do with America's relationship with Israel.
Starting point is 00:50:33 There is far more at stake in the decades-old alliance, they say, than the fate of a hacking firm. Martin Indyk, a former American ambassador to Israel, agrees. NSO was providing the means for states to spy on their own people, he says. From my point of view, it's straightforward. This issue is not about Israel's security. It's about something that got out of control. Under the ban, NSO's future is in doubt, not just because of its reliance on American technology,
Starting point is 00:51:04 but also because its presence on an American blacklist will probably scare away prospective clients and employees. One Israeli industry veteran says that the sharks in the water smell blood. And Israeli officials and industry executives say there are currently a handful of American companies, some with close ties to intelligence and law enforcement agencies, interested in buying the company. Were that to happen, the new owner could potentially bring the company in line with U.S. regulations and start selling its products to the CIA, the FBI, and other American agencies eager to pay for the power its weapons offer.
Starting point is 00:51:47 Israeli officials now fear a strategic takeover of NSO, in which some other company or country would take command over how and where the weapon is used. The State of Israel cannot allow itself to lose control of these types of companies, a senior Israeli official said, explaining why such a deal was unlikely. Their manpower, the knowledge they've gathered. Foreign ownership was fine, but Israel had to maintain control. A sale was possible only under conditions that preserve Israel's interests and freedom of action. But the days of Israel's near monopoly are over, or soon will be. The intense desire inside the United States government for
Starting point is 00:52:33 offensive hacking tools has not gone unnoticed by the company's potential American competitors. In January 2021, a cyber weapons firm called Bold End made a pitch to Raytheon, the defense industry giant. According to a presentation obtained by the Times, the company had developed for various American government agencies its own arsenal of weapons for attacking cell phones and other devices. One slide in particular underscored the convoluted nature of the cyberweapons business. One slide in particular underscored the convoluted nature of the cyber weapons business. The slide claimed that Bolden had found a way to hack WhatsApp, a popular messaging service owned by Facebook,
Starting point is 00:53:15 but then lost the capability after a WhatsApp update. This claim is especially remarkable because, according to one of the slides, a major Bolden investor is Founders Fund, a company run by Peter Thiel, the billionaire who was one of Facebook's first investors and remains on its board. The capability to hack WhatsApp, according to the presentation, doesn't currently exist in the United States government, and the intelligence community was interested in acquiring that capability. In October 2019, WhatsApp sued NSO, arguing that NSO tools had exploited a vulnerability in its service to attack approximately 1,400 phones around the world.
Starting point is 00:53:59 Beyond the question of who controls the weapons, at stake in that lawsuit is who is responsible for the damage they do. NSO's defense has always been that the company only sells the technology to foreign governments. It has no role in, or responsibility for, targeting specific individuals. This has long been the standard PR line of weapons manufacturers, whether Raytheon or Remington. Facebook is out to prove that this defense, at least in NSO's case, is a lie. In its lawsuit, the tech giant argues that the NSO was an active participant in some of the hacks, pointing to evidence that it leased some of the computer servers used to attack WhatsApp accounts.
Starting point is 00:54:44 Facebook's argument is essentially that without NSO's constant involvement, many of its clients would not be able to aim the gun. When they first presented their case against NSO, Facebook's lawyers thought they had evidence to disprove one of the Israeli company's longtime claims, that the Israeli government strictly prohibits the firm from hacking any phone numbers in the United States. In court documents, Facebook asserted it had evidence that at least one number with a Washington area code
Starting point is 00:55:16 had been attacked. Clearly, someone was using NSO spyware to monitor an American phone number. But the tech giant didn't have the entire picture. What Facebook didn't appear to know was that the attack on a U.S. phone number, far from being an assault by a foreign power, was part of the NSO demonstrations to the FBI of Phantom,
Starting point is 00:55:40 the system NSO designed for American law enforcement agencies to turn the nation's smartphones into an intelligence goldmine.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.