Day 6

'A spy in your pocket': How Israel's growing cyber security industry is tied to the WhatsApp hack

The company behind spyware that used a WhatsApp vulnerability to hack smartphones says their products are intended to be used to fight terror and crime — but human rights advocates say they're also used to target dissidents and journalists.

WhatsApp was hacked with the Pegasus surveillance software created by Israel's NSO Group Technologies

WhatsApp urged users Monday to update their version of the popular messaging app after a vulnerability that allowed spyware that could track a users phone to be installed was patched. (Thomas White, File/Reuters)

The company behind spyware that used a WhatsApp vulnerability to hack smartphones says their products are intended to be used to fight terror and crime — but human rights advocates say they're also used to target dissidents and journalists.

NSO Group, an Israel-based cybersecurity firm, is known for its product Pegasus.

Criticism of the company resurfaced this week after Facebook Inc. advised users of its WhatsApp messaging service to immediately update the app after the social media company discovered a vulnerability involving Pegasus in early May.

The spyware, which can be installed through a call — even if the user doesn't answer — can track phone conversations, messages and location.

"It's been described by others as a spy in your pocket and that's really accurate," said Danna Ingleton, deputy director for Amnesty International's Amnesty Tech program.

According to Ingleton, Pegasus has been used by governments to target journalists and human rights activists.

"I don't necessarily doubt the claim that at least some of NSO's — and other companies' — clients use these kind of technologies to fight terrorism, crime and other social and political maladies," Haaretz reporter Jonathan Jacobson told Day 6 host Brent Bambury.

"Nevertheless the usual line of defence with these companies goes around their capability — or incapability — of regulating this kind of activity," he added.

Big business in Israel

The link between NSO and WhatsApp was initially reported by the Financial Times on May 13.

As late as last Sunday, the paper reported, a U.K.-based lawyer was targeted by the spyware. NSO Group denied any direct involvement.

Cybersecurity and spyware is a big business for Israel.

"As far as two years ago, give or take, Israel had roughly between 10 and 20 per cent of the global market of this kind of equipment," Jacobson said.

WhatsApp hack exposes security vulnerability in 1.5 billion phones

6 years ago
Duration 2:02
Spyware took advantage of a flaw in the popular WhatsApp communications program to remotely hijack dozens of phones, WhatsApp said. Many more phones are vulnerable to the same attack.

Jacobson describes NSO Group as a "boutique" company, offering specific solutions to specific clients.

NSO says they only sell to governments — and many of its clients include governments with documented human rights abuses, including Saudi Arabia, Bahrain and South Sudan.

The Israeli government also supports the development of these companies, according to Jacobson, by providing "professional education" to young people in the army.

"Naturally many of them go to these kind of companies and work and gain very significant sums of money every month for this kind of work," Jacobson said. "It's very prestigious and it's envious for many kids and their mothers alike."

A 'wild west' situation

NSO said in a statement to the Intercept that any use of their products outside of "preventing or investigating crime and terror" is a misuse of their technology and that such scenarios will be investigated.

Jacobson says that while NSO does have a team in place to investigate misuse claims, history suggests it's hardly transparent.

"It's hard to know what their record is because they don't really show it," he said.

"I know they did it in certain cases, [but] are they doing it in this case? Are they doing it in other relevant cases and important cases where their equipment has been misused? Probably not."

NSO Group says that their cybersecurity products are intended to fight terror and crime — any other uses are considered 'misuse' by the Israel-based company. (Daniella Cheslow, File/Associated Press)

For Amnesty International's Ingleton, the key to combating that lack of transparency is through regulation.

She's one of 30 human rights advocates planning to take Israel's Ministry of Defence to court and demand that NSO Group be banned from exporting their products.

"It's a real sort of wild west situation where they've been operating under the radar. There's been no real regulatory systems around them," Ingleton said.

"We really need to show civil society that there are people fighting on their side that these sort of what seem unchecked potential for violations of their human rights are actually being checked."


To hear the full interview with Jonathan Jacobson, download our podcast or click 'Listen' at the top of this page.