According to reports, the Israeli government is forming a task force to deal with the fallout from the Pegasus project revelations about the use of spying tools sold to authoritarian governments by the Israeli surveillance firm NSO Group.
A team comprised of representatives from the defense ministry, the ministry of justice, the foreign ministry, military intelligence, and the Mossad, Israel’s national intelligence agency, is poised to conduct an investigation into whether “policy changes” regarding sensitive cyber exports are required, according to several Israeli media outlets on Tuesday night, citing unnamed officials.
The reports come as diplomatic pressure mounts on Israel over concerns that by granting NSO export licenses for the spyware, the government has enabled abuses by repressive states around the world.
There are also questions about whether Israeli intelligence agencies gained access to information gathered by NSO’s clients, which both Israel and the surveillance firm strongly deny.
“We believe the cyber threats we face are global threats,” an anonymous government source told reporters. It is critical that all cyber actors use their capabilities legally, responsibly, and proportionately to ensure that cyberspace remains a safe and prosperous space for all, and we will work with our allies to achieve this goal.
The Pegasus project, a media consortium that includes the Guardian, Washington Post, Die Zeit, Süddeutsche Zeitung, and Le Monde, revealed on Sunday that government clients all over the world had used NSO hacking software to target human rights activists, journalists, and lawyers.
The investigation was based on forensic analysis of phones as well as an examination of a massive leak of 50,000 phone numbers. The presence of a number on the list was in no way indicative of whether that number was chosen for Pegasus surveillance or was infiltrated with NSO’s software. The list does not say who made the numbers or how many people were targeted or compromised. NSO has repeatedly denied that the list was created solely for surveillance purposes. “It is not a list of NSO’s customers’ targets or potential targets, and your repeated reliance on this list and association of the people on this list as potential surveillance targets is false and misleading,” NSO stated. The company said it may be part of a larger list of numbers that might have been used by NSO Group customers “for other purposes”.
However, the list is thought to provide insights into the people identified as persons of interest by NSO’s government clients. According to forensic analysis of their devices, it includes people whose phones showed traces of NSO’s signature phone-hacking spyware, Pegasus.
The Pegasus project investigation discovered that NSO has close ties to the Israeli state and was given explicit permission by the Israeli government in 2017 to try to sell the hacking tools to Saudi Arabia in a deal worth at least $55 million.
The ten countries, including India and Hungary, that the analysis of the leak and forensic analysis of phones suggests have been using the technology all have trade or diplomatic ties with Israel that have improved in recent years. NSO does not confirm or deny which governments it sells its technology to, but it does state that its tools are only distributed to carefully vetted military, intelligence, and law enforcement agencies.
The Pegasus project report heralds the start of a crisis for Israel’s new, ideologically diverse coalition government led by Naftali Bennett. The majority of the findings are related to his predecessor as Prime Minister, Benjamin Netanyahu’s long tenure.
The leaked database contains the mobile phone numbers of many government officials, including the French president, Emmanuel Macron, and 13 other heads of state and governments, in addition to activists, lawyers, and journalists.
The presence of a number on the leaked list – which includes numbers chosen by governments that are NSO clients – does not imply that it was the target of an attempted or successful hack.