Private spies. Zero-click spyware. Multiple lawsuits, including one involving slain Saudi journalist Jamal Khashoggi.
London-based private equity firm and a New York investment bank are facing a crescendo of questions after helping the cofounders of the Israeli spyware firm NSO Group arrange to buy the company back from a U.S.-based equity firm.
NSO makes Pegasus, a sophisticated tool that can hack into smartphones and is intended, the company says, to help governments stop criminals and terrorists.
But Pegasus has also been implicated in attacks on members of civil society. Targets of the software have included at least two dozen activists, journalists, and lawyers in the Middle East, Mexico, Asia, and Europe, according to extensive analysis by Citizen Lab, a digital watchdog at the University of Toronto.
One of Pegasus’s targets, Emirati human rights defender Ahmed Mansoor, has been in prison in the United Arab Emirates since March 2017. Canada-based Saudi dissident Omar Abdelaziz filed a lawsuit in December claiming that his communications with Khashoggi were intercepted by the software in the months leading up to the journalist’s murder in the Saudi embassy in Istanbul. NSO faces two other lawsuits brought by a Qatari citizen and a group of Mexican journalists and activists.
Novalpina Capital, which is helping to buy NSO, and Jefferies Financial Group, which is assisting in the sale, are now gauging interest in a $500 million loan to finance the buyback, Debtwire reported last week. But some loan investors are concerned by the “reputational risks” that come with the cyber-intelligence company, according to sources who spoke with the publication.
Novalpina’s founder resigns from NGO
Those risks have already taken a toll. Two days after the deal was announced, Novalpina founder Stephen Peel wrote in a letter that he was resigning from the board of Global Witness, a leading anti-corruption and human rights watchdog, “so not to be considered as compromising Global Witness’ work.”
In a statement, NGO’s board chair Mark Stephens did not specify the reason for the resignation, but said that Global Witness was concerned about the potential for the abuse of surveillance technology.
“The misuse of this kind of technology can have a damaging effect on the work of NGOs and individuals and in the hands of repressive regimes, it can be used to deadly effect,” he wrote. “Given this technology exists I would prefer it is run by someone, such as Mr Peel, who is committed to the UN Guiding Principles on Business and Human Rights.”
Peel, a former partner at Goldman Sachs, left private equity in 2014 “to pursue a second career, likely in public service,” the Wall Street Journal reported at the time. He currently serves on the boards of a number of policy groups and foundations, including the Trilateral Commission, the Jackson Institute of Global Affairs at Yale University, the transparency-focused Open Contracting Partnership, and the peace-building Tujenge Africa Foundation.
Peel returned to private equity in 2017, launching Novalpina in London with a focus on buyout investments. Among the fund’s largest existing limited partners is Oregon’s public pension system, which invested $232 million in Novalpina’s flagship fund in 2017. That year, Oregon’s fund also put $250 million in a fund operated by Francisco Partners, the U.S.-based private equity firm that purchased NSO in 2014.
The controversy surrounding NSO hasn’t only involved cyberattacks.
NSO and Francisco Partners earned scrutiny last year for their links to former White House national security adviser Lieut. General Michael Flynn. During his work for the Trump campaign in 2016, Flynn’s consulting gigs included work for Francisco and for an NSO offshoot, OSY Technologies. Flynn, who pled guilty to lying to the FBI about his conversations with the Russian government, was paid a total of about $140,000 for his work.
In recent months, six lawyers and researchers investigating the company have also found themselves targeted by undercover operatives, including a former Israeli security official, as part of an apparent effort to undermine their research, according to investigations by Reuters and the New York Times.
Israel’s Channel 12 reported in January that the operation was managed by Black Cube, the controversial Tel Aviv-based intelligence company that that once used similar tactics against women who had accused Harvey Weinstein of sexual misconduct.
Black Cube and NSO have denied any role in the operation. In an interview with Channel 12, an NSO founder alleged that the three lawsuits against NSO are part of a Qatari-backed conspiracy to destroy their company name.
An NSO spokesperson told Fast Company in January that the lawsuits were “nothing more than an empty PR stunt to continue the propaganda drumbeat against NSO’s work helping intelligence agencies fight crime and terrorism around the globe.” However, “because of a gag order imposed by the courts, we will have nothing more to say.”
Pledges and dismissals
In a letter following last month’s announcement, Peel sought to assure Citizen Lab and other NGOs that the fund did “extensive due diligence” before agreeing to buy NSO, and concluded that the Israeli company “operates with the highest degree of integrity and caution.” Peel also committed to greater transparency around NSO and called for a dialogue with “broader groups of interest.”
Peel declined to comment. In a statement sent to Fast Company, a Novalpina spokesperson said the company is a signatory to the UN Principles on Responsible Investing, and that “we also believe that NSO Group should be—and can be—operated in accordance with the United Nations Guiding Principles on Business and Human Rights.”
Peel’s pledges regarding NSO raised fresh questions among human rights groups, including Amnesty International, whose own researchers have been targeted by NSO’s spyware in the Middle East. Peel also did not address the recent undercover spy operation, which attempted to ensnare two of Citizen Lab’s researchers.
“Their claim to have undertaken due diligence is dubious because they didn’t bother to reach out to the one organization that’s done investigations into the abuse prior to the acquisition,” Ron Deibert, director of Citizen Lab, tells Fast Company. “How do you undertake due diligence without communicating with the very organization that has produced numerous reports of abuse?”
“Indeed, the only outreach [Citizen Lab] received was a clandestine, underhanded attempt to undermine our organization,” he adds, cautioning, “although we don’t know who was behind it.”
In an open letter, Amnesty and other rights groups demanded that Novalpina disclose more information about its due diligence process, commit to engaging in investigations into the abuse of Pegasus, and condemn the spying operation.
In a follow-up letter on March 1, Peel described Novalpina’s four-week due diligence process and outlined the internal ethics reviews and export controls that govern every Pegasus sale.
“For the avoidance of doubt,” the Novalpina founder wrote, “we abhor any abuse of human rights of any kind, including any instance in which it were proven that human rights abuse was facilitated by the misuse of NSO’s technology.”
Peel’s letter did not mention the spying operation. It also cast doubt on Citizen Lab’s findings, noting the technical difficulties with assigning attribution to cyberattacks.
“NSO is not the only company in the cybersecurity industry providing device-level capabilities to intelligence agencies and law enforcement,” he wrote. “Nor is it necessarily the only company that makes use of a particular technique in designing such capabilities.”
In a March 6 letter, Deibert bristled at Peel’s dismissal.
“Without Novalpina Capital—or the parties that you hired to conduct due diligence—concluding that Citizen Lab reporting is flawed and providing a substantiated basis to prove such a finding, it remains the case that you are purchasing a company implicated in serious human rights abuses and have decided to simply ignore this fact,” Deibert wrote.
“It also remains the case that, without meaningful engagement with our research, your due diligence process will appear to many as nothing more than a superficial effort to check boxes and appease stakeholders concerned by NSO Group.”
‘Targeted and proportionate’ weaponry
In his letter, Peel also makes a strident argument for tools like Pegasus, which, he said, allow law enforcement to protect the public in a “targeted and proportionate” way without weakening the fundamental security of end-to-end encryption. NSO’s software had proved helpful to law enforcement investigations around the world, he wrote, including in “the disruption of plans for a terrorist attack at a crowded stadium in Europe” and “in the search for the remains of people” killed in a recent dam collapse in Brazil and in an earthquake in Mexico in 2017.
In a statement to Fast Company, NSO said that their software “is intended to be used exclusively for the investigation and prevention of crime and terrorism” and that any other use violate their contracts and policies. The firm investigates allegations of misuse and suspends or terminates contracts accordingly, NSO said.
In his letter, Peel wrote that Novalpina “identified three investigations over the last three years that led to NSO deciding to terminate a contract.”
In a submission last month to the UN’s special rapporteur on human rights, Citizen Lab said that NSO and other cyber-intelligence companies including Cyberbit, FinFisher, and Hacking Team defend their sales to repressive governments by citing internal policies and reviews.
The watchdog has also questioned the limits that NSO Group places on its weapons. In a statement to Motherboard in September 2018, NSO said that Pegasus cannot work in the United States. But Citizen Lab’s research suggests otherwise. Emilio Aristegui, son of journalist Carmen Aristegui, was at a U.S. boarding school when he received a message targeting him with a Pegasus deployment. Citizen Lab reporting indicated multiple NSO clients had active infections in the U.S. in 2018.
Deibert, Citizen Lab’s director, said he welcomes Novalpina’s stated commitments to human rights and transparency. But he finds it troubling that the watchdog’s research into NSO Group continues to be cast as allegation.
“What we’ve created is really rigorous evidence-based research,” he says. “This is not speculation. These are facts.”
—with Alex Pasternack
Contact this reporter via Signal or WhatsApp at +1 (323) 317-4511, email at djpangburn at protonmail.com, or Twitter DM at @djpangburn.