NSO Group’s sophisticated Pegasus iPhone hack repeatedly made headlines this year. Security researchers discovered that attackers could hack an iPhone without the user’s knowledge. Google researchers later described the 0-day hack as one of the most sophisticated attacks of all time. Following the security reports, Apple patched the vulnerability and started notifying iPhone owners who had been hacked. Also, Apple sued the Israeli cybersecurity company just as the US government placed it on its infamous entity list. Banned to do business with any US tech company, NSO is in serious trouble. It might be facing potential ruin as well as additional legal implications. And it turns out that NSO’s Pegasus problems started in the most unexpected way: A minor deal in an African country.
Reports revealed that totalitarian governments used NSO’s Pegasus to attack dissidents, journalists, and potential political adversaries. Pegasus exploited a vulnerability that allowed an attacker to send a malicious iMessage to an iPhone user. The victim’s phone would not make a sound, and the target would not see a notification. There wouldn’t be any message to read or interact with at all.
Just like that, the hackers could spy on the target iPhone thanks to the NSO’s highly sophisticated attack that garnered much attention in the past few months.
A new report from the Financial Times focuses on NSO Group’s one deal that might have spiraled out into the current scandal that threatens the company’s future.
The Pegasus sales pitch that might have ruined NSO
According to the report, NSO pitched Pegasus to the son of Uganda’s president in February 2019, asking Lt. General Muhoozi Kainerugaba whether he wanted to hack any phone in the world secretly. The answer was apparently yes. The two parties inked a deal between $10 million and $20 million, representing only a fraction of the company’s revenues. An estimate says that NSO made $243 million in 2020 alone.
Two years after the NSO Pegasus deal with the Ugandan government, someone in the region tried to hack the phones of 11 American diplomats, the report notes. These were iPhone users stationed at the US embassy in Uganda.
While it’s not clear whether Ugandan hackers or attackers from the neighboring country Rwanda tried to attack the US iPhones in Uganda, this might have triggered the sequence of events that ultimately led to NSO’s current Pegasus-related problems.
The company reportedly instructed its customers never to attack US phone numbers so that the US government would not take action. But the 11 targets at the Ugandan embassy used local phone numbers combined with Apple IDs that used State Department emails.
The Times notes that the parties involved in these activities have not confirmed these findings. NSO is investigating the Pegasus attack in Uganda, and it’s no longer conducting business in Africa. The Ugandan government did not comment on the matter. Israeli and US officials also declined to confirm that the Pegasus attack in Uganda triggered the eventual NSO blacklisting.
More problems might follow
NSO’s Pegasus problems are far from over. Following the ban, the company can’t buy the tech equipment it desperately needs from US firms. Furthermore, NSO might not finance its previous loans, as it’s losing business to rivals. Hiring promising hackers might be another problem after the Pegasus debacle.
On top of that, the report notes that existing NSO employees are “staying put” in Israel to avoid questioning from the US and its allies. Moreover, 18 US senators want to sanction NSO under the Magnitsky Act. If that were to happen, NSO would be unable to deal with US banking systems. Its employees would be barred from traveling to the US.
Finally, the Pegasus scandal is also a problem for the US-Israel relations, The Times explained — the full story is available at this link.