Reuters reported on Jan. 30 that the FBI has been investigating Israeli spyware firm NSO Group since 2017. The revelation comes after Sen. Chris Murphy and UN Special Rapporteur Agnes Callamard called on the U.S. to investigate the apparent hacking of Amazon CEO Jeff Bezos's phone by Saudi Crown Prince Mohammed bin Salman. In its statement, the UN identified NSO Group as a likely source of the malware.
The investigation is not specifically connected to the Bezos hack, but was prompted by the suspicion in 2017 that NSO obtained code from American hackers to build its tools. The probe involved more interviews with technologists last October when Facebook filed suit against NSO for exploiting vulnerabilities in Facebook-owned WhatsApp.
The probe is likely based on suspected violations of the Computer Fraud and Abuse Act or the Wiretap Act, which raises difficult questions rooted in the dearth of international laws covering state-sponsored hacking. American intelligence and law enforcement have hacked phones and other devices inside and outside the United States. NSO Group, which only sells its hacking tools to governments, may claim that the work foreign governments do with its tools is no different.
The fundamental conflict is over targets the U.S. sees as inappropriate that those other governments do not: journalists and political dissidents. NSO Group claims that its tools are intended to be used only to combat terrorism and serious crimes like human trafficking. But some governments NSO does business with classify political organizations like the Muslim Brotherhood and even the Washington, DC-based Council on American-Islamic Relations as terrorist organizations. In such a heightened security culture, the privacy of investigative journalists and trenchant dissidents may not be so sacrosanct.
In 2015, the United States reached an agreement with China to not engage in industrial cyber espionage targeting each other's private sectors, so the prospect of an agreement to limit the use of hacking tools like NSO Group's may not be so farfetched in theory. The governments most involved — Saudi Arabia, Israel, and to a lesser degree the UAE — are all U.S. allies, and presumably would be easier to find leverage with than China.
The Trump administration, however, does not appear to be discouraging the excessive use of tools like NSO's among its allies. And as Israel draws closer to Sunni Arab countries in an informal alliance against Iran, America's leverage on the issue may be dwindling regardless.
Michael Sexton is a Fellow and the Director of MEI's Cyber Program.
Photo by JACK GUEZ/AFP via Getty Images
The Middle East Institute (MEI) is an independent, non-partisan, non-for-profit, educational organization. It does not engage in advocacy and its scholars’ opinions are their own. MEI welcomes financial donations, but retains sole editorial control over its work and its publications reflect only the authors’ views. For a listing of MEI donors, please click here.