Cyber-mercenaries helped Saudis hack an NYT reporter

Citizen Lab caught the NSO Group in a(nother) war crime.

The NSO Group are among the world’s most notorious cyber-mercenaries; they’re an Israeli firm under UK/EU private equity control (the owners have previously threatened to sue me and other journalists for reporting on the company’s ownership structure).

The company claims to be a “lawful interception” supplier, helping democratic, human-rights-respecting governments to spy on terrorists. Their extreme secrecy helps them sell this tale, but thanks to a group of academic human rights researchers, we know better.

For years, the University of Toronto’s Citizen Lab — a group of tech-savvy human rights defenders — have helped civil society groups defend themselves against cyber-threats from oppressive states. Don’t let the “cyber-threats” part fool you: digital surveillance is the prelude to mass arrests, disappearances, torture, and murder. It’s thanks to Citizen Lab that we know the truth about the NSO Group.

The truth, then: NSO isn’t in the counter-terrorism business. Its signature weapon, a devastating surveillance tool called Pegasus, has been used in at least 45 countries, including some of the world’s most brutal autocracies.