The use of electronic surveillance by intelligence and law enforcement agencies has flourished, and the Herzliya-based NSO Group from has become a leading player in this industry. Its product, Pegasus, entices users to click on links that allow almost unlimited access to their cell phones. The intrusion is also very hard to detect.
It’s easy to see why government agencies would want such a tool. It lets them monitor criminals or people who might pose a threat to national security. It can help prevent terror attacks, drug deals, murders and other undesirable activity.
NSO has good contacts within the industry, as revealed by a wealth of email correspondence that was leaked in 2015. That year, in a display of poetic justice, an Italian company called Hacking Team, whose tools are similar to NSO’s, had its own database hacked. An enormous trove of its internal documents was made public.
One was an email sent in June 2015 by Hacking Team’s vice president for business development, Philippe Vinci. It contained a comparative analysis of each company’s products, apparently for use in sales pitches, thereby revealing the fierce competition between Hacking team and NSO. But in another email, sent in August 2014, Hacking Team CEO David Vincenzetti referred to NSO as “our friends” while discussing a Wall Street Journal article about the Israeli firm.
NSO is aware of the danger that Pegasus might fall into the wrong hands. To avoid this, it decided to sell the product only to government agencies. So as long as those agencies act legally, which NSO insists on when making the sale, there’s no reason to worry. But if they break the law, NSO has a problem – but more on that later.
Like many other Israeli startups in the security field, NSO was founded in 2010 by three veterans of the army’s premier signals intelligence unit, 8200: Niv Carmi, Omri Lavie and Shalev Hulio. They started work on Pegasus, which remains NSO's only product, immediately after founding the company.
What happened next is nothing less than astounding. Pegasus was a hit and NSO was able to charge exorbitant prices for it.
- Israeli Spyware Firm Embroiled in Mexico Mobile Hacking Scandal. Flynn Was Its Adviser
- Spyware Sold to Mexican Government Targeted International Investigators
- Blackstone Ends Talks to Buy a 40% Stake in Israeli Cybersecurity Firm NSO
According to an article in The New York Times last year, NSO charged $650,000 to monitor 10 iPhone users, plus set-up costs of $500,000 – a total of $1.15 million. Simple arithmetic shows that to monitor 50 mobile phones, NSO would charge around $4 million; its fee for monitoring 100 could rise to $7 million – and that’s just in one country. Big countries that are targeted by drug dealers and terrorists would obviously have a much longer list of targets.
NSO raised money only once, when it was first starting out. The $1.5 million in funding came from investors such as Eddy Shalev, founder of the Genesis Partners venture capital fund.
The company apparently started earning significant sums very quickly. Estimates – which two executives called overblown – indicate that it has revenues of $250 million a year. One indication of its profitability is the $230 million dividend it recently disbursed, a sum that the two executives don’t deny.
These figures are huge. Even if the actual revenue and dividend are much less – say, $50 million a year – a growing company with such revenue would easily be valued in the billions of dollars.
But that’s not what happened. In 2014, NSO’s shareholders sold 70% of the company to U.S. private equity giant Francisco Partners for an estimated $110 to $130 million, which would put the company’s full market cap at $170 million. And in July, the business newspaper Calcalist reported that BlackRock, the world’s largest investment management company, was in talks to invest in NSO at a market cap of $1 billion. NSO has denied the report, but all indications point to it being accurate.
There may be two main explanations as to how NSO can be so profitable but have such a low market cap in relative terms: its growth may be slow or inconsistent, or potential buyers and investors just aren’t willing to pay full price.
Since NSO is exporting a defense-related product, it is subject to oversight by the Defense Ministry’s department of security exports, whose approval is mandatory for such exports. NSO apparently also demands that its customers receive approval from the regulatory bodies in their own countries before using its tools. An ethics committee that reviews sales before they are finalized, said a corporate executive. The executive said some of the committee members are NSO employees, but declined to name those who are not, saying the company has no legal obligation to do so.
But what happens when the government buying the service lies? What happens if it uses the product for unapproved uses? That’s what happened in Mexico. In September 2014, 43 students disappeared in the city of Iguala and were presumably kidnapped and murdered, with the assistance – or at least the nonintervention – of local police. Three years later, The New York Times reported that Mexico uses NSO’s Pegasus to track several of Mexico’s leading human rights lawyers, who have been investigating the students’ disappearance. It also tracks an academic who has helped draft anti-corruption legislation and two leading journalists who investigated allegations of sexual assault by Mexican policemen. None of these individuals are suspected of criminal wrongdoing or terrorism, but rather of embarrassing the government. According to the report, Mexico has spent $80 million on NSO’s technology since 2011.
In Mexico, as in many other countries, the kind of surveillance made possible by NSO requires a judge to approve the specifics. The New York Times interviewed former Mexican intelligence officials and concluded that the government had not received permission to tap the phones.
NSO is aware of its public reputation, and these types of cases do it great damage. It’s not clear whether BlackRock’s decision not to invest in NSO was due to The Times report, but incidents such as the one in Mexico may explain why the company’s market cap is so low compared to its excellent financial results. Had the company known that this would happen, would it still have sold its product to the Mexican government? “No,” says the executive.
Is it reasonable to expect that NSO will verify that its customers meet all legal obligations within their home countries? Perhaps. But no other defense exporter is held to that standard. Weapons and defense system manufacturers – and certainly the government – have selective sales policies. They can be relaxes or strict, but once the buyer receives the products, it’s impossible to know how they’ll be used, or what a third party might do with them. A machine gun sold to a government could be used to disperse political rallies, or could find its way into the hands of terrorists. Local arms manufacturers can’t even know what happens to every gun sold to the Israel Defense Forces – and no small number of guns used in terror attacks against Israelis originated with the IDF. NSO, too, is at risk of such damaging incidents.