The Israeli spyware firm NSO is in talks to be sold to the U.S. defense contractor L3Harris, a number of sources with knowledge of the deal in Israel and the U.S. have said, with the senior White House official saying it is 'deeply concerned' by any possible deal.
The deal is yet to be finalized and still needs to be approved by Israel, the U.S. and L3Harris’ board of directors.
This story was jointly reported by Haaretz, The Washington Post and The Guardian, and confirms parts of a report published in Intelligence Online published on Tuesday.
NSO is infamous for producing the controversial Pegasus spyware, which can hack mobile phones and provide client operators – in the form of states or national intelligence agencies – full access to the targets' devices, including through the use of so-called “zero-click” attacks.
The U.S. Department of Commerce blacklisted NSO last November after it was revealed the phones of U.S. officials in Africa were targeted using Pegasus, with the hacking likely being the work of one of NSO’s clients.
The move also came after the Project Pegasus investigative journalist consortium, led by Paris-based NGO Forbidden Stories, published a string of reports alleging misuse of the Pegasus spyware by regimes across the world.
According to sources who spoke to Haaretz, The Washington Post and The Guardian, if approved, the deal could see NSO removed from the U.S. Department of Commerce's blacklist – either directly, or by having its assets bought by L3Harris, which will only work with the U.S. and its allies.
The deal, sources said, would include NSO’s client base in the so-called Five Eyes – an alliance of intelligence agencies comprising the U.S., U.K., Australia, Canada, New Zealand – as well as those in Europe and possibly other NATO countries.
It would also include NSO’s software and some of its workers who are seen as key to the firm’s ability to continue to hack mobile devices over time even as firms like Apple and Google work to patch the vulnerabilities Pegasus and other types of spyware exploit to gain access to encrypted devices.
Israel, which initially lobbied the White House to help NSO be removed from the blacklist, is said to be involved in talks and is now perceived to be an obstacle.
One question is whether the company remains in Israel, or if Israel will remain a client and have access to its technology. Another unclear issue, according to one source, is whether NSO's talent and the development of its ongoing hacking capabilities will remain in Israel and under its oversight.
The assumption in the Israeli cyber industry is that any future deal will see either NSO or its technology remain in Israel in some capacity, and that Israeli defense bodies will have access to it or at least be its clients. The assumption is that U.S. defense, intelligence and maybe even law enforcement agencies will make a similar demand on their end.
“We are deeply concerned,” said a senior White House official, speaking on condition of anonymity because of the matter's sensitivity, adding that "such a transaction, if it were to take place, raises serious counterintelligence and security concerns for the U.S. government.
"Without getting ahead of any process, any U.S. company, particularly a cleared U.S. defense contractor, should be aware that a transaction with a foreign entity on the Entity List will not automatically remove a designated entity from the [list], and would spur intensive review."
- ‘We Don’t Want These Kinds of People’: NSO Staff Pay the Price for Pegasus Spyware
- Did NSO Go Rogue and Use Pegasus Spyware for Private Ops?
- What Did the FBI Really Want NSO’s Pegasus For?
L3Harris, sources said, also met with another offensive Israeli cyber firm, but decided to move ahead with talks with NSO instead. NSO was described as having the ability to provide solutions the American defense firm cannot currently supply independently. NSO was in the past in talks with the FBI, and according to sources the FBI and CIA know about the current talks.
“We are aware of the capability, and we are constantly evaluating our customers’ national security needs,” said an L3Harris spokesperson. “At this point, anything beyond that is speculation."
NSO did not respond to this report, nor did Israel's Defense Ministry.
John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab project, said that even with American ownership, "it’s doubtful that the most elite intelligence services like the CIA, NSA and GCHQ would trust this technology for their most sensitive operations. So where would the big market be? I fear the logical consumers are U.S. police departments. This would be an unprecedented threat to our civil liberties.”
Stephanie Kirchgaessner of The Guardian, and Ellen Nakashima and Craig Timberg of The Washington Post contributed to this report.