The man who exposed Pegasus long before mainstream media

Hosted by

NSO founder and CEO Shalev Hulio, with Eyal Blum and Ramon Eshkar, in Arava district. Photo by Ministry for the Development of the Periphery, the Negev, and the Galilee.

In recent days, Pegasus, the name of Israeli spyware implicated in everything from the murder of journalists to the surveillance of world leaders, has been splashed across headlines around the globe. Reports in the Washington Post, The Guardian, and 15 other media outlets, as well as Amnesty International, which uncovered the spyware’s reach, revealed that Pegasus, sold by the Israeli company NSO, was used in attempts to track the most intimate details of thousands of people, including French President Emmanuel Macron and Pakistani Prime Minister Imran Khan, as well as hundreds of human rights activists, journalists and lawyers around the globe. The revelations have prompted Haaretz columnist Eitay Mack to declare in no uncertain terms that “Israel’s NSO and Pegasus are a real and present danger to democracy all over the world.

News that a private intelligence company run by former Israeli spies and military officials created a practically undetectable malware that can make its way onto cell phones without so much as a click likely came as a shock to many. And yet years before this recent story broke, journalist Richard Silverstein had been sounding the alarm bells about two Israeli private intelligence tech firms. As early as 2018, Silverstein wrote in The Nation:

“...in the past two decades or so, Israel has greatly expanded use of these technologies. Veterans of these spy shops have transferred their knowledge into the commercial sphere and marketed themselves as agents of repression for clients around the globe. This is a dark, dirty secret that lies behind the hype of the ‘start-up nation.’

Two Israeli companies are at the forefront of this commercialization of dirty ops: NSO Group and Black Cube.”

On this week’s “Scheer Intelligence,” Silverstein joins host Robert Scheer to discuss the dangers of Pegasus and how the latest stories about NSO are even more shocking than previous reports.

The Post story really is remarkable,” Silverstein tells Scheer. “There have been many stories written since 2018, [but] what the Washington Post documented is that the company had targeted 50,000 cell phone numbers [located] in 50 different countries--over one-third of all the countries in the world. NSO Group has perhaps as many as 50 client states, intelligence agencies, police agencies, and military forces that are using them.

“[Although] NSO claims that the only purpose for their technology is to break up criminal gangs and drug gangs, and to stop terrorism, and to help find kidnapped or missing children,” says the Tikun Olam blogger, “but in effect, that's really rarely what is actually done with this technology. It's mostly used by intelligence agencies of repressive governments, like Azerbaijan, or Hungary, or Saudi Arabia. These are countries that feel that their citizenry is the enemy. They are repressive regimes that are based on authoritarian rule, on corruption, and on violence. And

this is what this technology facilitates. It facilitates the worst in human behavior, and the worst in the behavior of nation-states.”

Scheer, whose most recent book, “They Know Everything About You,” centers on mass surveillance, points out that while the Israeli government has so far escaped direct criticism due to the companies being privately run, the same assumptions are never made about Chinese or Russian hackers, for example. Listen to the full conversation between Silverstein and Scheer as the two discuss what can be done to curtail surveillance, and whether NSA whistleblower Edward Snowden’s approach to the issue will ever work.

You can also read about how to detect Pegasus on your own phone here.

Read the full transcript below:

Robert Scheer: Hi, this is Robert Scheer with another edition of Scheer Intelligence, where the intelligence comes from my guests. In this case it's Richard Silverstein. He's well known as a podcaster about a number of issues, but you know, Israel has certainly been high on his list of concerns, and many other topics.

But I want to talk to him because of a big story that's broken in the Washington Post on Pegasus, the product of a private Israeli firm, NSO, and which draws upon many veterans of the Israeli military establishment. It can't sell its products without the approval of that government. But nonetheless, a private company, and a major take-out fueled by research done by Amnesty International, and I believe it's 26 news organizations, that ran in the Washington Post. And the New York Times had another big follow-up on it. Technology that has the name of Pegasus, which is again a privately produced product, ostensibly, sold to governments around the world, a very large number. And according to the revelations that appeared in the Washington Post, can be used by brutal dictatorships--and has been--to oppress their people, to learn about the people. And because of a really advanced technology, and ingenious, where you don't even have to click on to give them any access to your phone; they're able to even do it without a click. Maybe this is something the NSA or Chinese or Russian security can do, but nonetheless here is a private company that has sold it to Saudi Arabia, others, that turns people's cell phone into an audio/video observation post without there being any evidence.

And if Amnesty International had not managed to document this, along with some other organizations and the Washington Post, they said we would be unaware of it. Well, Richard Silverstein actually in his podcasting was really one of the first to expose this. That's how it came to my attention. And he wrote an article in The Nation magazine back in 2018 exposing the work of basically two Israeli organizations, Black Cube and NSO, which is the one connected with this Pegasus. And so I thought I would turn to him and find out: How significant is this Washington Post, Amnesty International breakthrough now, as a news story and as an insight into surveillance? Take it away, Richard.

Richard Silverstein: Well, the Post story really is remarkable. Because it is--there have been many stories written, as you mentioned, since 2018 and even before then, about NSO and how

widespread the technology was, and how intrusive it was. But what the Washington Post article documented was that the company had targeted 50,000 cell phone numbers throughout the world, belonging to--and that--these were, that was the total number of cell phones they were targeting. They, in order to actually infect your phone with the malware, they actually have to succeed in getting it onto your phone. So they didn't succeed in all 50,000 cases. But those 50,000 cell phones were located in 50 different countries around the world, and that is over one-third of all the countries in the world. So NSO Group has perhaps as many as 50 client states, intelligence agencies, police agencies, military forces that are using them.

Now, NSO claims that the only purpose for their technology is to break up criminal gangs and drug gangs, and to stop terrorism, and to help find kidnapped or missing children; that's the sort of story that they put out to the public. But in effect, that's really rarely what is actually done with this technology. It's mostly used by intelligence agencies of repressive governments, like, you know, Azerbaijan, or Hungary, or Saudi Arabia, as you mentioned. These are countries that feel that their citizenry is the enemy. They are repressive regimes that are based on authoritarian rule, on corruption, and on violence. And this is what this technology facilitates. It facilitates the worst in human behavior, and the worst in the behavior of nation-states.

Robert Scheer: Well, let's begin, first of all, talking about what is ominous about the technology. I mean, NSO, we should be very clear here, denies that it in any way condones any nefarious behavior; denies the evidence of the Washington Post and others; and claims that it has acted to deny their services to any groups that would do such things. On the other hand, they also say they're not responsible for how their clients use this technology; they claim they don't monitor it, and so forth. So we have to put that out there, and I'll let you address that.

But let's just talk about the ingenious viciousness of this technology. Because, again, this is not your normal hacking where you somehow have to be complicit, you have to sign on, click on, accept the bait. This is a technology, Pegasus, where they can invade your phone without your knowing it, and indeed it requires a great deal of expertise for anyone to do the forensics to find out you have been invaded. That's what Amnesty International’s technical competency helped demonstrate. That's what the Washington Post and others, 26 other news organizations have helped. So let's first talk about the technology emanating, at least in claim, from the private sector rather than--even though many of these people are veterans of Israeli intelligence, the Israeli government has to approve any export. But they're claiming that this is a private sector, for-profit venture. So tell us what it does that we didn't know any private company could do.

Richard Silverstein: Well, Pegasus is the most sophisticated malware of its kind produced anywhere in the world, and NSO is the most successful company of all of its competitors in doing this sort of thing. And what happens is, these cases are called zero-click exploit--that means all that NSO needs, all the client needs, is your phone number. It sends a text message to your phone number; you don't know that you've received it, and the text message itself then begins to download the malware onto your phone, without you doing anything, as you mentioned. And once it's on your phone, it controls your phone. It knows everything that you are doing, everything you're saying, every keystroke that you make, every photo that you look

at, everything that you browse on the internet, every password that you have. It has access to your financial accounts as long as you're using a banking app or PayPal or anything like that.

And in addition, it knows not just what you're doing, it knows what every person who communicates with you through your cell phone is doing as well. So in effect, one of the cybersecurity analysts that was quoted in that Washington Post article said that this really gives NSO and the client access almost to the entire world. Not just confined to those 50,000 cell phones, but just like a branching tree, it gives you access to everything going on in the world that has any connection to electronic devices. And that really, I think, is the danger here.

I wanted to address also this claim by NSO, this false claim that it has no responsibility because it doesn't know what clients do with the technology. For one, NSO maintains servers around the world, including in the United States, which have Pegasus on the server. The server then will download Pegasus to the cell phone, and then it will upload the data from the cell phone to the server. So Pegasus has absolute control over everything that is done. And it claims that it will cut off a client if the client is doing something it doesn't like. The only reason that NSO has ever cut off a client is because of bad publicity. So when Saudi Arabia was discovered to have been involved in the murder of Jamal Khashoggi, and there were claims--that are legitimate in my opinion--that the technology, Pegasus, was used to track Khashoggi and allow the assassins to know where he was and target him.

So NSO is claiming that it doesn't, it's not responsible. But the fact of the matter is that Pegasus is used by the Saudis and by other people, and [there are people] who have been actually murdered by assassins, by these governments using Pegasus. Now, while we can't say that Pegasus fired the bullet that killed Khashoggi, or the Mexican journalist who was murdered after his cell phone was hacked by Pegasus, we have to say that Pegasus is implicated in these crimes. So we're not just--

Robert Scheer: OK. So let's establish right now that the technology itself, for the private sector--we have to assume that government, big governments like China and Russia and the United States, have their ways of intruding on our phones that are maybe even more dazzling. But this is an example of where governments, even maybe less accountable, can get this right off the shelf from NSO, this Pegasus. Then the question of accountability comes up. Now, the U.S. government has taken the position, both under Trump and under Biden now, of holding the Russian government responsible for what the Russian government says may be private. They're now extending that to the Chinese government and what emanates from their territory in terms of hacking and intruding. And in this case, this is a company--along with another one, Black Cube, which we may talk about--NSO--which are basically composed of a lot of veterans of the Israeli defense community, seem to have ties with something called Unit 8200, which has honed itself by surveilling its own, mostly Palestinian population.

And so the question really is, it seems to come from the private sector, but at what point do we hold the government responsible for what it allows its private sector to do? Now, in this case, the Israeli government has said, and NSO said, they don't target Americans; I guess that's

because of our special relationship. They've also said they will not do anything that counters the Israeli government need. But what is the relationship of these companies, private companies, particularly NSO, to the Israeli government?

Richard Silverstein: Well, NSO--really, I see NSO as almost an extension of the Israeli state. Because the Washington Post article noted, there's a term used for this malware technology that is "backdoor." And U.S. law enforcement has wanted Apple to install a backdoor on its devices so law enforcement can get access to the devices and can defeat the security that protects the device from being hacked. But the Israeli government, according to the Washington Post story, U.S. intelligence agencies believe that the Israeli government, the Israeli intelligence agencies, have a backdoor to Pegasus. That means that when Pegasus is used by a repressive government, and it's attacking a human rights activist or a lawyer or a journalist, not only does the client, the intelligence agency, have access to their private life, but the Israeli government itself does.

And who has been the target of the Pegasus technology? The Washington Post says heads of state; Cabinet ministers; diplomats; military officials; security officials. And in one case in particular, a U.S. high-level Biden administration official, Rob Malley was, his cell phone was infected with Pegasus. That means that whoever did that wants to know what Rob Malley is saying about Iran, because he's the representative of the Biden administration to Iran, and dealing with the Geneva talks and the Iran nuclear agreement. So somebody--probably the Saudis, could be anybody else--who wants to know what is happening with those negotiations, is using Rob Malley's cell phone to gain that information.

So I want to say that the Israeli government is benefiting in an extraordinary way from what this private NSO group is doing. And, as you say, the very employees who are doing, who are creating Pegasus come out of the Israeli military, have devised all of these technologies inside the Israeli military, and then are exporting them and privatizing them and using them in this fashion.

Robert Scheer: Well, let me just say that we will learn a lot more. The story just broke this last week. And again, it was done by a consortium, and the Washington Post was most prominent; Amnesty International was involved, and a lot of research went into developing this case of a very ominous software, Pegasus, which turns your cell phone into basically a spy. That raises serious questions for other companies, like you mentioned Apple, who their whole profit model is to sell us these devices and to entrust our most personal information, our every movement, to track our movements, to track our associations--every detail of our life, they now have turned that into an enemy of individual freedom throughout the world.

The question is--and this is why Apple has pushed back; why WhatsApp, which was intruded on by the company, has pushed back; there are lawsuits pending, developing. Because can you really have a multinational business, internet economy in which people around the world are expected to surrender their private moments and trust in the product. And here is an ostensibly private company--but I would point out that many of the hackers in China and Russia and

elsewhere, the government there claims they are on their own. But the fact of the matter is, here is a company that could totally subvert the whole marketing strategy of an Apple. And they're going to push back, and we might actually have here--you know, I know Senator Wyden from Oregon has already pushed for that. Maybe we should talk about that, that this separation between the private and government sector doesn't hold very well.

Richard Silverstein: Well, I think it's really important that one hopeful aspect of all of this--which is very depressing in a lot of ways--is that there are ways in which citizens and companies can unite to fight back against this. There already are NGOs like Amnesty, like Citizen Lab, which do the forensic analysis, and which detect all of these infections, and expose them. But they are really still small voices in the wilderness. What we need is we need our legislators, like Senator Wyden, and we need members of the House Democratic Caucus to call for legislation which regulates these very dangerous products. And which says to a company what they can and can't do, who they can and they can't surveil, when they can do it and when they can't, and gives you the reason and gives punishments that are--you know, and enforcement mechanisms that will deter the companies.

Now, Snowden has gone even farther beyond what I'm saying right now. Snowden basically says he wants to wipe out this business model as a commercial entity completely, around the world. I have immense respect for Edward Snowden; I'm not sure that, you know, that we can get there. But at the very least, I think we could have international treaties that the United Nations could help negotiate, where countries could get together that are either threatened by the technology, or if they're enlightened enough to have companies that are doing this and want the companies themselves to have regulation, they could get together. And there could be both federal laws and international regulation that could stop some of the worst of this from happening. This is going to require--

Robert Scheer: Well, let me defend Edward Snowden in this respect. Why is this without precedent? Governments make rules all the time about private corporate behavior--can you sell cigarettes to children, or alcohol. Even in the wiretap area, we have laws in the United States about informing the person who's being recorded, to what degree you can violate their privacy, to what degree they have to have knowledge. And as I said before, we are demanding that the Russian and Chinese government control anyone within their borders who might be hacking, or take responsibility for not controlling them. The Israeli government has taken that responsibility as far as NSO tapping phones of Americans, or at least the company makes a special exemption for people in the United States--they say, we don't tap anyone in the United States if the phone is based there. And they also say, we don't violate anything the Israeli government wants to do. Well, if we can make those kinds of demands in specific situations, why isn't everyone in the world who has a cell phone given a guarantee that they will not have their most intimate, private moments captured without their knowledge? Why is that beyond reasonable legal regulation, as Snowden suggested?

Richard Silverstein: Well, there's a distinction here between regulation and eliminating the market. So Snowden, I think--you know, and I don't want to argue against Snowden, because I

have immense admiration for him. But I think what his position is, is that he wants to do away with this as a business completely; he wants to end all of these companies doing these things. I think that's a pretty radical solution; I would love to see that solution, because I think this is a totally pernicious business model with terrible, damaging ramifications around the world. But I think that until we can get to completely eliminating it, at the very least we need to regulate it carefully. We regulate lots of dangerous products. We regulate cigarettes, we regulate products that can kill people. So there's every reason why we need to stop this being a Wild West situation, where people can be killed, people can be imprisoned, and we need to tell companies what they can't do. And right now, they can do just about anything they want, without any restrictions on them. And that needs to change.

Robert Scheer: Yeah, and as I say, knowledge is the thing here. The fact is that had Amnesty International and these news organizations, including the Washington Post, not been able to break this story--and I say with all due credit to you, you were early to this criticism, but you didn't have the megaphone. Once it's revealed, it's like the abuses of NSA that Snowden revealed. Lots of people can see why they don't want this marketed. And that, you know, we don't market alcohol to children, or hard drugs to children. So, you know, why should spying of this kind be made a legal commodity in the world? Why is it assumed that this is a victimless activity, when clearly people are being killed all over the world now, and tortured, based on the invasion of their cell phone, right?

Richard Silverstein: I think the danger of this technology is that it's invisible, and that it's very difficult to detect. And even if you can detect it, as Amnesty and Citizen Lab have done, the companies themselves are 10 steps ahead of you. Because they know what you're doing, and they're going to counteract whatever it is that you've discovered. So Amnesty has done this amazing thing of revealing every aspect, technical aspect of what NSO is doing, and the product itself, and how it works, and they've laid it out on the page for technologists and for hackers to learn how Pegasus works. But the fact is that NSO is reading the same Washington Post article or Amnesty publication that you and I are reading, and they're going to take everything that's written on that page and they're going to have countermeasures.

So the problem is that when, you know, a bullet is fired or a missile is fired, you know--you have a general idea of who the victim is and who the perpetrator is, and you can see the damage physically; you can see the weapon physically. With this malware, it's invisible. That's what makes it so dangerous. You don't know who's targeted, you don't know to what extent they've been targeted, you don't know what they've learned about these people; you only know when they end up either dead or in prison. And that's what I think makes it so dangerous.

Robert Scheer: But once you find people--and I'm assuming if the case is made against NSO, or any company, if it's made against Russian or Chinese hackers, whether they're called public or private; anywhere, whether it's made as Snowden did against the NSA--this kind of invasion of privacy--and we used to have a distinction between the public and private based on our Constitution, that we the citizens are entitled to protection against our government in terms of our privacy; that's what the Fourth Amendment and others are all about. All I'm saying is,

reading these stories about what a company can do with this Pegasus product means that you shouldn't be making such a product. Because what is the purpose of it except to spy on individuals without their knowing it? And whether that spying, wherever it comes from, it's done with government convenience and support anyway. And if we can tell somebody you can't sell a bottle of liquor to somebody under a certain age, I don't see why we can't say you can't sell spyware that intrudes on cell phones without people knowing it and grabs and kidnaps their data. Why can't we?

Richard Silverstein: Well, I want to point out--I want to take a devil's advocate position here-- Robert Scheer: No, don't, we have enough devils out there that advocate for themselves. Richard Silverstein: [Laughs]

Robert Scheer: I'm just saying, just as a matter of common sense, I mean, this is lethal stuff. And why should they just be able to--it gets people killed, it takes away their freedom. If the Saudis know everything that anyone with a cell phone says or writes or knows, forget about any prospect for freedom. And that's true in every society in the world.

Richard Silverstein: Well, so the danger here--not danger, but the problem, the complication is once you say--and I'm for this. I would like to see NSO go out of business, be driven out of business. I hope that the WhatsApp lawsuit bankrupts NSO. But if you take that position, then the next logical step is to say: What about the NSA? What about the Russian internet research agency, which messed up our 2016 election? What about the Chinese that are, you know, potentially trying to sabotage our infrastructure? Because it's one step from saying we're going to outlaw private companies from doing this, but then you have to go and talk about nation-states which are doing it, and which are far more dangerous. And I'm all in favor of restraints on governments, and I think this needs to happen, but you're going to have a lot of pushback from the countries that are going to be the most inhibited, or the most targeted, with this. Because once the United States sees that the malware companies are being forced out of business, they're going to realize the NSA is in danger as well.

Robert Scheer: OK, but let me wrap this up, and maybe you'll agree with me, I don't know. But listeners can decide for themselves. At least when governments do it--[Laughs] we can hold them accountable. You know, if in fact this was not a private Israeli company, but it was the Israeli government that did it, and they in any way contributed to the death of a Washington Post columnist who was from Saudi Arabia, that would be an incredible international scandal. It's an incredible international scandal for Putin to be accused of what the U.S. has said hackers did, or for China, for any government. So as long as a government is attached to it, that they had to approve this--and it does seem that the Israeli government has complicity here, but we don't know. But if you can attach a government to it, then you can have international pressure, at least awareness of what is happening. When it's done in the private sector, and you just have these millions of people doing stuff, whether they're selling cigarettes to children or what have you, or spying on everyone and so forth--and even a company like Facebook and WhatsApp and

Apple and everyone, they can't control it. They're no match for it. You have anarchy of, you know, the Wild West here, of everyone with their six-shooter.

And it doesn't seem to me that regulation is such a--of the private sector here, in any country--is such a stretch. I just beg to differ with you. I'll give you the last word, but I don't think this is really what's going to tie it all up. What's going to tie it up is whether companies like Apple and Facebook say, wait a minute, you're destroying the best thing about the internet, which is people's confidence in it and our ability to sell them stuff. And this is really making your cell phone a lethal weapon in your pocket. That's what I would--that's what I got out of the Washington Post story. My god, I don't even want to touch that cell phone anymore; it's spying on me 24/7, and you know, who knows what gangsters have gained possession of it. Anybody who could pony up the money probably can get that technology. That is really threatening.

Richard Silverstein: I think there needs to be an alliance between the cell phone makers, the cell phone carriers, and the technology companies that you mentioned--and the public, and all of the victims of this malware technology. They all have to create an alliance; they all have to exert massive pressure on Congress to legislate. And we know how difficult it is to get Congress to do the right thing, and so it's not going to be an easy thing. But someone like Ron Wyden is really on to the direction that this needs to go. We need legislation that will restrict these companies from doing some of the horrible things that they do.

And if I could just go back to what you said about the difference between the private sector and nation-states, is--you made an important point. There is a certain level of responsibility when a country is doing it. Because at the very least, if you have a concept like nuclear deterrence--where you had Russia and the United States having enough weaponry that there could be no first use without the destruction of the other country--I think that there needs to be some level of deterrence here. There is--I mean, I'm sorry, there is some level of deterrence between Russia, China, and the United States in terms of limitations on behavior. So there are certain things maybe that Putin is willing to do in terms of sabotaging the U.S. election; there are certain things he won't do. There are certain things the NSA probably won't do, because they know that they're too dangerous, and they're too likely to escalate into some cataclysm. That is not on the horizon with the private sector. NSO has no controls over what the clients do, over its own behavior, so that's what makes it so dangerous. And that "Wild West" term that you used, I think, is really apt. There is total anarchy in that private sector, and there needs to be some order imposed on it.

Robert Scheer: Well, that's coming together on that, we recognize that this power has to be controlled in order to have accountability. And on that note, that's it for this edition. I want to thank you, Richard Silverstein, who was early to this party of accountability, because he three years ago wrote really a very important article in The Nation magazine sounding the alarm about these particular companies possibly being out of control. I also want to thank Christopher Ho, our engineer at KCRW, for getting these things professionally posted. Joshua Scheer, our executive producer, who has the control of everything. Natasha Hakimi Zapata, who writes the introductions. Lucy Berbeo, who does the transcription. And I want to thank the JWK

Foundation, which in the memory of a great journalist and writer, Jean Stein, helps fund this programming. See you next week with another edition of Scheer Intelligence.

Credits

Producer:

Joshua Scheer