Follow us on social

Shutterstock_499281694-scaled

Israeli spyware firm in hot water over alleged interest in US data, CIA/FBI links

Lawmakers are threatening sanctions under the Magnitsky Act, which would cut the company off from US financing and customers.

Analysis | Washington Politics

The NSO Group, the Israeli firm infamous for selling spyware to foreign governments that used it against activists, journalists, and dissidents, is in turmoil once again.

Just this week, the Washington Post reported on an account from a whistleblower, Gary Miller, who alleged NSO offered “bags of cash” to Mobileum — a California-based company that works with cellular companies to enhance security — to access global communication networks. Miller, then vice president of Mobileum, said NSO officials wanted to purchase access to the SS7 network, which allows companies to route calls and data for their users. Access to the SS7 network would allow the user to query locations, divert calls, and eavesdrop on targets, providing NSO with a skeleton key that its Pegasus app could use on any phone in the world — including U.S. phone numbers. 

Miller reported the conversation to the online FBI tip portal several months later but never received a response.

The company’s role in enabling repressive regimes to conduct surveillance on their critics around the world — in deals licensed by the Israeli government — has led members of Congress like Sen. Ron Wyden (D-Ore.) and Rep. Adam Schiff (D-Calif.) to call for the imposition of sanctions on the firm under the Global Magnitsky Act, which permits the State Department to impose visa bans and freeze assets in U.S. banks against people or entities that commit human rights abuses or corrupt acts. 

The latest allegations, which were made possible by a new “Project Pegasus” consortium involving the Post, the Guardian, Israel’s Haaretz and more than 15 other international news outlets, will likely fuel the push for more sanctions.

Just last week, prior to the revelations in the Washington Post, NSO’s chairman, Asher Levi, announced his resignation, although he insisted that his decision was unrelated to the myriad of scandals in which NSO has been implicated. His timing, however, was impeccable, coming just days before the latest revelation and a feature piece in The New York Times Magazine last weekend about NSO’s dealings with U.S. government agencies. The latter investigation revealed that NSO had developed a new spyware called Phantom specifically for U.S. law enforcement that could be used to transform American smartphones into “intelligence gold mines.” 

Phantom is an adapted version of Pegasus, NSO’s notorious spyware which provides clients with full access to targeted phones via links in highly personalized phishing messages in WhatsApp, iMessage, and Android. In 2019, the Federal Bureau of Investigation paid NSO millions of dollars to test Phantom, triggering years of debate between the agency and the Department of Justice on the lawfulness of such surveillance. Last summer the agency decided against deploying either Pegasus or Phantom, according to the Times account. 

However, in 2018, the Central Intelligence Agency paid for the government of Djibouti to obtain Pegasus despite the country’s record of persecuting journalists and torturing government political detainees, the Times reported. A spokesman for Djibouti’s government denied that the country ever acquired or used Pegasus.

Despite the earlier federal flirtation with NSO, the Commerce Department in November placed the company on the Entity List of businesses whose actions negatively affect U.S. national security and foreign policy interests. Placing NSO on the Entity List effectively banned the company from buying software components from U.S. vendors without a license.​​ It is unclear why the U.S. went from testing the spyware to blacklisting the company, although Haaretz later reported that at least eleven State Department diplomats serving in Uganda found Pegasus spyware on their phones.

Spyware capable of infecting American phones brings home the myriad of reports that foreign governments have used NSO spyware to target activists and journalists around the world. In total, Pegasus has infected at least 450 phones belonging to activists, journalists, and dissidents in at least 16 countries, according to a digital forensics investigation led by Amnesty International and the University of Toronto’s Citizen Lab.

Pegasus’s stated purpose is to target and disrupt terrorism, trafficking, and other illicit crimes, but the spyware has been found on the phones of activists, journalists, and dissidents around the world. Targets were concentrated in countries such as Hungary, Saudi Arabia, and El Salvador, where repression of free speech against government corruption and other abuses are frequent. Perhaps most infamously, Saudi Arabia is believed to have used Pegasus to target the close friends and fiancée of Washington Post columnist Jamal Khashoggi, who was murdered and dismembered in the Saudi consulate in Istanbul in 2018. 

But you wouldn’t know all of that if you read NSO’s Foreign Agents Registration Act filings with the Justice Department. Amid all the negative publicity, NSO appears to have launched a major effort to improve its badly damaged image and escape further scrutiny. The main PR firm that represents NSO Group — Pillsbury Winthrop Shaw Pittman LLP —has been busy. In its most recent brief dated January 12, Pillsbury claimed that NSO ``is in fact a force for good in the world," and that it only sells spyware to "governments in the coalition of Western democracy-led countries.” 

The Israeli Defense Ministry regulates exports of the Pegasus license, a fact NSO repeatedly points to as evidence of its strict licensing criteria. The cast of suspects in Haaretz's NSO File, however, includes Saudi Arabia, Morocco, and the UAE — not countries known for their democratic governance. Last month, NSO added Chartwell Strategy Group to its PR campaign with a new contract for “strategic communications counsel.”

“Who will want to work with a company that’s been so publicly sanctioned by the U.S. government,” asked David Kaye, a former UN special rapporteur on the right to freedom of expression who called for global restrictions on surveillance technology shortly after the Commerce Department’s listing. “Who would invest in a company with this kind of black mark?”

Apparently, the state of Oregon would. In 2017, the Oregon Public Employees Retirement System invested $233 million in Novalpina Capital, a private equity firm that acquired a controlling stake in NSO in 2019, earning Oregon the dubious distinction of being the spyware company’s largest indirect investor. John Russell, the chairman of the Oregon Investment Council, defended the decision by insisting that divesting from “questionable sectors” would exceed the Council’s mandate and turn it into an “activist body.” 

At least one Oregonian doesn’t see it that way. As noted above, Sen. Wyden and Rep. Schiff, chairman of the House Intelligence Committee, and a dozen other Democratic lawmakers, have proposed taking the Commerce Department’s decision one step further by implementing targeted Global Magnitsky sanctions against technology companies that have facilitated human rights abuses, including NSO. U.S. persons are prohibited from engaging in transactions with entities under such sanctions, effectively cutting them off from the political access and financial backing that many arms exporters depend on. 

So why is this a necessary step? As Wyden and Schiff point out, “these surveillance companies do depend on the U.S. financial system and U.S.-based investors.” Since NSO depends on a significant amount of business and investors located in the United States, such as Oregon’s pension fund, this would be an effective way of sanctioning NSO’s ties to abusive governments. President Biden could also encourage U.S. allies to sanction the company, exerting pressure on UK-based Novalpina, which bought shares of NSO valued at $1 billion. Lastly, sanctioning NSO would be a way for the Biden Administration to regain trust with the American public after the CIA and FBI reported previous cooperation with NSO. 

Even if the U.S. forgoes purchasing such surveillance technology, NSO customers like Saudi Arabia and the UAE remain eager consumers. International cooperation and diplomacy are more important than ever. A restraint-based approach to cyberwarfare is imperative to protect fundamental values of democracy – freedom of speech and right to privacy – and Global Magnitsky sanctions on human rights violators like NSO would be a strong step in enforcing those values on the world stage.


(shutterstock/Morrowind)
Analysis | Washington Politics
syria damascus bombing
Top image credit: A man walks with a Syrian flag, after powerful airstrikes shook Damascus on Wednesday, targeting the defense ministry, as Israel vowed to destroy Syrian government forces attacking Druze communities in southern Syria and demanded their withdrawal, in Damascus July 16, 2025. REUTERS/Khalil Ashawi

Israel blindsides Trump in self-serving effort to break up Syria

Middle East

Just days before Israeli F-35s screamed over Damascus, the improbable seemed within reach. U.S. Special Envoy Tom Barrack, leveraging his dual role as Ambassador to Turkey and point man on Syria, was brokering painstaking back-channel talks between two historic enemies.

The Syrian government, led by interim President Ahmed al-Sharaa, the former Islamist militant turned statesman, signaled openness to a non-aggression pact with Israel. Israeli Foreign Minister Gideon Sa’ar publicly welcomed Syria into “the peace and normalization circle in the Middle East.”

keep readingShow less
US Dollar
Top image credit: Yingko via shutterstock.com

Are Trump's aggressive policies weakening the dollar?

Global Crises

There has been an extraordinary flurry of announcements from the Trump administration about its preferred domestic and international policies since January 20.

Policies have been threatened, announced, postponed, canceled, and reinstated with greater or lesser severity. But underneath this hyperactivity, a clear pattern of economic policy preferences is emerging.

keep readingShow less
Masoud Pezeshkian
Top image credit: 6/22/2025 Iranian President Masoud Pezeshkian, center, attends a protest following U.S. attacks on nuclear sites, in a square in central Tehran on sunday, Jun 22, 2025. (Photo by Sobhan Farajvan/Pacific Press/Sipa USA VIA REUTERS)

What the West misunderstands about Iran

Middle East

When Iranian officials were preparing for the sixth round of negotiations with their U.S. counterparts over the country’s nuclear program, Israel launched a surprise military strike. Rather than condemning the attack, the United States and Europe stood by — or even applauded. The German Chancellor framed it as “the dirty work Israel is doing for all of us.” This moment only reinforced what Iranian leaders have long believed: that the world demands their surrender — and leaves them alone, at constant risk of betrayal and invasion.

Unless the West begins to understand Iranian history — and the mindset it has created among Iranian leaders — it will continue to misread Tehran’s actions. What often looks like aggression or stubbornness from the outside is, in the minds of Iranian decision-makers, an act of defense grounded in deep national memory.

keep readingShow less

LATEST

QIOSK

Newsletter

Subscribe now to our weekly round-up and don't miss a beat with your favorite RS contributors and reporters, as well as staff analysis, opinion, and news promoting a positive, non-partisan vision of U.S. foreign policy.