NSO offered “cash bags” for access to US cellular networks, whistleblower says –

Gary Miller, a mobile security expert, says the offer has come between NSO Group officials and representatives from his employer, California-based Mobileum, which provides security services to mobile phone companies around the world. world in August 2017. Miller said NSO officials specifically wanted access to what’s called the SS7 network, which helps mobile phone companies route calls and services as users travel the world.

Surveillance companies attempt to access cellular communications networks to geolocate targets and provide other spy services. Mobile phone companies try to prevent such intrusions by restricting access to the SS7 network and using firewalls to block requests from computers looking for personal information about their users.

Miller’s allegations are made public at a time when the Justice Department is conducting a criminal investigation against NSO over allegations that customers have illegally hacked their phones using the company’s technology and abused their computer networks. . Consider matters that are not disclosed to the public, as long as they remain confidential. They did not know what role Miller’s allegations played in this investigation or if allegations could be made against the Israel-based NSO.

For Sale: Systems that can secretly monitor cell phone users anywhere in the world

NSO said in a statement that it “has no business” with Mobileum and “does not do business with cash as a form of payment” and “is not aware of any investigation by the DOJ.”

In an interview with the Department of Justice and The Post and other members of the Global Journalism Consortium investigating the use of the NSO’s software, Miller said NSO officials made it clear during the call that they wanted to access SS7, also known as NSO Clients. It can track cell phone users to investigate crimes.

Miller is a former VP of Mobileum, who left the company in 2020, and currently works as a researcher on mobile security at Citizen Lab, a leading critic of the NSO and surveillance operations.

“The NSO group was particularly interested in mobile networks,” Miller said. “They made it clear that their product is for surveillance and designed for the bad guys, not the good guys.”

In a report Miller filed with the Justice Department, when a representative from Mobileum asked how security companies don’t normally serve surveillance companies and how such a deal would work, NSO co-founder Omri Lavi allegedly said. : In your office. “

Israeli private espionage program used to hack the cell phones of journalists and activists around the world

Lavi, speaking through the speaker, said he did not believe he made this comment. “No work has been done with Mobilum,” the statement said. “Mr. Love doesn’t remember using the expression ‘cash’ and he thinks he didn’t. However, it would be a complete joke if these words were used. “

Mobileum CEO Bobby Srinivasan said, “Mobileum does not have and has never been a business relationship with the NSO group.”

Miller said in an interview that he first submitted an engagement report on the speech to the FBI’s online portal in 2017, just months after a call to the NSO group, but was not answered. He said he provided more detailed information to the Justice Department last year and provided copies to the Federal Communications Commission and the Securities and Exchange Commission.

Separately, Miller shared his report last year with longtime U.S. rep Ted Lie (D-Calif.), Who has been involved in cellular security, and filed a complaint with the Justice Department on Dec.27. . He shared edited copies of Miller’s disclosure with Paris-based nonprofit journalism Forbidden Stories, who shared them with The Post and other members of The Pegasus Project, a global journalism consortium that investigates the NSO.

“Having such access would allow the NSO to monitor large numbers of cell phones in the United States and abroad,” Liu told the Justice Department.

Excerpts from the Pegasus project

In an interview, Lie claimed that the proposed payment method – presumably “in cash” – convinced him that the criminal act may have been intended, even though the report Miller shared contained no direct evidence of the illegality.

“I’m a former prosecutor and you do cash deals because you want to hide it,” Lie said. “When you have telecommunications companies and software companies, they usually don’t do cash transactions.”

“It looks like fish and doesn’t smell good, so I want the Justice Department to investigate,” he added.

Legal experts said they were unaware of a law that would make it illegal to access SS7 or pay cash for services in the US alone. However, some types of surveillance are illegal in the United States unless expressly authorized by a legal process such as a court order, such as when the police are given permission to hold a hearing. Experts say unauthorized hacking also violates US laws.

Orin Kerr, a professor of law specializing in cybercrime at the University of California, Berkeley, said the narrative of Miller’s speech does not necessarily define crime, but indicates the possibility of criminal intent.

“This is very suspicious and could be part of an attempted crime,” Kerr said. “But it’s hard to say without further details.”

Privacy experts have long complained that the SS7 network is rife with vulnerabilities that can easily be exploited by countries with advanced surveillance capabilities and private merchants offering similar capabilities to customers around the world. Companies with access to SS7 can request the location and other information from anyone with a cell phone. They can also use SS7 to forward calls and listen to calls.

How can spies use your cell phone to find you and listen to your calls and messages?

NSO is known for its Pegasus spyware, which it leases to intelligence and law enforcement agencies in dozens of countries. Pegasus transforms a targeted smartphone into a powerful surveillance tool, allowing operators to track a user’s location, listen to calls, search for images and monitor social media activity.

The company has long said that Pegasus is designed to investigate terrorists, pedophiles and other serious criminals, and that other decisions about targeting and implementing the system are made by customers rather than the NSO. He promised to investigate the abuse.

However, as reported by The Post and other members of the Pegasus Project last year, some of the company’s customers have used this technology for the phones of politicians, journalists, human rights activists, academics, and others.

Pegasus spyware used to hack American diplomats working overseas

In addition to Lava, the people Miller named NSO representatives in the 2017 call were second co-founder Shalev Hulio, who was also the company’s CEO, and Eran Gorev, who was operating partner of Francisco Partners at the time. An investment company with a controlling interest in NSO Group.

Julio didn’t personally respond to The Post’s list of questions, but Gorev said in an email to The Post’s questions that he doesn’t remember the call and has nothing to do with the company right now. “If such a meeting had taken place, I would never have made such a comment. If anyone else had made that comment, it would obviously have been a joke and a collective expression / cultural misunderstanding. “

The United States Department of Justice declined to comment on the NSO Group or Lieu’s criminal appeal.

People familiar with the Department of Justice investigation said the investigation concerned allegations of unauthorized access to networks and mobile devices in the United States by NSO users using NSO technology such as Pegasus spyware. It is reported that the Reuters 2020 NSO group is under investigation by the Ministry of Justice.

The FBI has interviewed several people on NSO in recent months, including Mexican journalist Carmen Aristeg, whose phone was hacked by Pegasus, according to independent investigators. .

The phone used by Aristegu’s son, who also has a Mexican phone number, received malicious NSO connections while at school in the US in 2016, but if it was hacked, it is not known whether the phone attempt was successful. Citizens’ Lab, while the investigators are in the United States. The NSO said phones with US or geographically located phone numbers in the US cannot be infected with Pegasus.

Speaking on condition of anonymity about the ongoing investigation, the man said the FBI questioned a US citizen in detail last year about a Pegasus hacker. Allegedly, the attack took place while the man was traveling overseas and was using the phone with a foreign phone number.

The most important question for Americans abroad: can their phones be hacked?

The U.S. Department of Commerce blacklisted the NSO group in November, restricting its access to U.S. technology, and the company’s and its customers’ activities were investigated by officials from several other countries, including the Attorney General. of Israel, in response to the news. abuses in recent years.

Miller’s attorney, John Time of Whistleblower Aid, said NSO user abuse forced the company to attempt to access SS7, as the network contains information on all cell phone users across the country. world.

“We know the NSO group is trying to access our mobile communications,” Tai said. He said. “Only then did it come to our attention. We ask the Ministry of Justice to investigate whether any laws have been violated. “

Ellen Nakashima and Elizabeth Dvoskin of the Washington Post and Stephanie Kirchgasner of the Guardian contributed to this report.

Source: Washington Post

follow:
\