Not Just NSO: Was Another Israeli Spyware Used in the Caribbean?

A local newspaper reported that NSO’s Pegasus spyware was sold to Trinidad and Tobago. However, it may be a different Israeli firm’s spyware, recently found on the phone of a Greek journalist, that was actually used

Omer Benjakob
Omer Benjakob
The NSO Group logo and a cellphone showing a map of the world.
The NSO Group logo and a cellphone showing a map of the world. Credit: Sebastian Scheiner / AP / Images
Omer Benjakob
Omer Benjakob

The Caribbean islands of Trinidad and Tobago purchased the Pegasus spyware made by Israeli cyber firm NSO, a local newspaper claimed on Sunday. However, sources and previous investigations suggest it may be a different Israeli firm altogether.

According to a report in Trinidad Express, the Trinidad and Tobago Police Services bought Pegasus at some point in the past. The report is based on “sources” and also claims by the head of the country’s opposition, Kamla Persad-Bissessar. Citing an unnamed “whistleblower,” she said she received “confirmation” that the government was using the spyware to snoop on journalists, judges, lawmakers and union members.

However, the country’s former police commander, Gary Griffith, denied purchasing the spyware – which can provide clients with full access to a target’s phone, its encrypted data, and even its camera and microphone.

Israel's dangerous Pegasus scandal – and how to protect your phone. LISTEN

In response to the report, the police said they did not buy any spyware and were not in communication with any Israeli firm for that end. However, they said they were in touch with a firm called MER. The police said MER did not sell them spyware, but instead drones and CCTV systems.

The police also said that if any spyware deal was in place, it was not signed with the police but rather with the state security forces. “We never went to Israel to look at spyware. We went to look at drones. We know of no arrangement with Israel. That would have been government-to-government and possibly through SSA (the Strategic Security Agency),” the report quoted Griffith as saying.

MER is a reference to the Mer Group, which is one of a number of Israeli firms providing a wide array of technological services. One of those services is software for public transportation, which they sold to Trinidad and Tobago a number of years ago.

A 2016 report in The Intercept claimed that Mer Group also sells “surveillance products sold by the company’s security division.” However, if MER still sells such products, they were not sold to Trinidad and Tobago. Furthermore, it seems that any activity the company may have had in the cyber or mobile sectors were purely defensive.

Generally, NSO and other firms in the field have been known to use third parties and mediators in sales. Moreover, NSO does have a drone business. However, no ties between NSO and MER exist or have existed. Furthermore, NSO denied Sunday’s report, saying it was impossible. Though such denails are common, in this case there is evidence to suggest it was not NSO.

NSO competitors

Past investigations and current sources in Israel’s cyberoffense industry say it is most likely that NSO was not active in Trinidad and Tobago. If Israeli spyware was purchased, they said, the local sources and opposition leader are possibly confusing Pegasus with any one of a number of NSO’s competitors.

Kamla Persad-Bissessar, leader of the opposition in Trinidad and Tobago.Credit: Moises Castillo / AP

In 2018, a Haaretz investigation revealed that Israeli companies had sold espionage and intelligence-gathering software to a number of countries in the past, and Trinidad and Tobago was among them.

Sources said potential candidates included Paragon and Quadream – Israeli companies that provide a similar service to NSO. However, past investigations may point to a different company.

At the end of 2021, the University of Toronto-based digital forensics group Citizen Lab revealed that two Egyptian nationals were targeted with both NSO’s Pegasus spyware and a rival Israeli version called Predator, which is developed by spyware firm Cytrox. Predator is almost identical to Pegasus in terms of its capabilities, providing full access to any infected phone.

Cytrox was in the news earlier this week when a report claimed that a Greek journalist’s phone had been infected by the company’s spyware. A report in Greece’s Inside Story on Sunday said the phone of Thanasis Koukakis was infected with Predator from July 12 to September 24, 2021. Citizen Lab, which discovered the spyware, noted that “this does not rule out the possibility of other infections.”

Cytrox is an Israeli firm with offices in Hungary. It is also part of the so-called “Intellexa Alliance” – a network of Israeli cyberoffense firms connected to a Cyprus-based businessman called Tal Dilian. He founded the Israeli cyber firms Circles and WiSpear (the latter hacks into Wi-Fi systems), and is the CEO of Intellexa, which reportedly purchased Cytrox in 2018.

In their 2021 investigation into Predator, Citizen Lab found a number of suspect links that had been sent to victims. Once clicked, the links would refer the cellphone to a website that would have the spyware installed on it.

One of the ways digital forensic analysis finds spyware is by searching for such links. In its investigation, Citizen Lab found that two of the links used to infect a phone with Cytrox’s Predator were based in Trinidad and Tobago.

While this does not mean Cytrox is doing business on the Caribbean islands, it does raise the possibility.

Cytrox, whose website is offline since its 2018 sale to Intellexa, could not be reached for comment. Intellexa did not respond to a request for comment.

A spokesperson for the NSO Group said: “The details raised in your inquiry and the information we received are not possible and could not have happened with NSO’s tools – technically, legally and contractually. We support an investigation that will discover who is behind these targets and continue to call for the establishment of international regulation of the cyber intelligence industry.”

Click the alert icon to follow topics:

Comments

SUBSCRIBERS JOIN THE CONVERSATION FASTER

Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN

ICYMI

Yair Lapid.

Yair Lapid Is the Most Israeli of All

An El Al jet sits on the tarmac at John C. Munro International Airport in Hamilton, Thursday, in 2003.

El Al to Stop Flying to Toronto, Warsaw and Brussels

An anti-abortion protester holds a cross in front of the U.S. Supreme Court in Washington, D.C.

Roe v. Wade: The Supreme Court Leaves a Barely United States

A young Zeschke during down time, while serving with the Wehrmacht in Scandinavia.

How a Spanish Beach Town Became a Haven for Nazis

Ayelet Shaked.

What's Ayelet Shaked's Next Move?

A Palestinian flag is taken down from a building by Israeli authorities after being put up by an advocacy group that promotes coexistence between Palestinians and Israelis, in Ramat Gan, Israel earlier this month

Israel-Palestine Confederation: A Response to Eric Yoffie