NSO Stuck in the Eye of the Tornado Pointing the Finger to Its Clients

Last updated September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

The “Pegasus” spyware revelations that came to confirm what was long suspected around the unethical deployment of NSO’s tools have marked the beginning of the end of impunity for companies of this kind, and the Israeli firm isn’t happy about it. After the name of France’s President Emmanuel Macron was found among the list of targets from the alleged leaked data, the French prosecutor’s office decided to open a probe against the NSO group, and more countries are expected to follow soon.

The spyware creator has dismissed the validity of the Amnesty International and ‘Forbidden Stories’ reports since the first moment those saw the light and continues along the same line. The Israeli company has released the following statement in response to a deluge of media requests on the scandal:

Enough is enough! In light of the recent planned and well-orchestrated media campaign lead by Forbidden Stories and pushed by special interest groups, and due to the complete disregard of the facts, NSO is announcing it will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.

We will state again: The list is not a list of targets or potential targets of Pegasus. The numbers in the list are not related to the NSO Group. Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false.

In the same statement, the NSO reminds the public that it does not operate surveillance infrastructure, has no visibility over what its customers do with its spyware tools, and if anyone abuses access or breaches the terms of use, it is their fault. NSO maintains that it cannot be held accountable for cases of abuse because, simply put, it is in no position to even confirm these cases. This is like admitting that they sell access to spyware without putting any limits around ethical deployment, confirming that they cannot be trusted.

On the matter of the list, NSO denied that President E. Macron was ever a target and also added that the 50,000 victims presented in the supposed leaked data couldn’t even represent all the targets of its clientele since the beginning of its operation. On the topic of the source of the leak, which is rumored to be a Cyprus-based server, the company responded by saying they have no servers in Cyprus at all. And finally, a spokesman stated that since NSO operates no central surveillance system, there can be no database counting 50,000 entries unless all of their clients collaborated and exchanged information somewhere else, which is overly far-fetched.

‘Forbidden Stories’ actually analyzed the devices of 67 people in the leaked list and indeed found “Pegasus” on 37 of them. NSO, which previously maintained that none of these phones were targets, explained the existence of their malware on the devices as a coincidence.

In the meantime, Amnesty International has requested an Israeli court to stop the NSO Group from exporting any surveillance tools to other countries. Still, the Tel Aviv District Court judge dismissed the request saying that the human rights protection organization didn’t produce enough evidence to support having NSO’s export license revoked. Amnesty responded to this, saying that the judge ignored a mountain of evidence and characterized the court as “a rubber stamp to the Defence Ministry’s impunity to human rights violations.”



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: