NSO tried to buy access to cell networks for “bags of cash,“ whistleblower says
A whistleblower has accused Pegasus spyware-maker NSO Group of offering “bags of cash” to security company Mobileum in exchange for access to cellular networks in 2017. According to reports yesterday by The Guardian and The Washington Post, former Mobileum VP Gary Miller made his allegations in a complaint to the US Department of Justice and in an interview with news organizations that are part of the Pegasus Project consortium.
Miller alleged that, during the Mobileum/NSO Group meeting, “a member of his own company’s leadership at Mobileum asked what NSO believed the ‘business model’ was of working with Mobileum, since Mobileum did not sell access to the global signalling networks as a product,” The Guardian wrote. “According to Miller, and a written disclosure he later made to federal authorities, the response allegedly made by [NSO co-founder Omri] Lavie was ‘we drop bags of cash at your office.'”
NSO Group, an Israeli company that was recently blacklisted by the US government, was allegedly seeking access to the SS7 network. Mobileum’s various security products include an SS7 firewall, and the company’s website warns that “modestly priced access to the SS7 network is now available to hackers on a modest budget.”
Goal was to “conduct surveillance of cellphone users”
But Mobileum, which is based in California, says it doesn’t sell SS7 access. Mobileum CEO Bobby Srinivasan told the Pegasus Project news organizations that “Mobileum does not have—and has never had—any business relationship with NSO Group.” Mobileum also said it “does not have any direct access to the customer’s network and is unable to provide any kind of access, including SS7 access, to any third party.”
In the interview with news organizations, Miller alleged that “NSO officials made clear in the call that they wanted access to SS7 so NSO’s clients could conduct surveillance of cellphone users to investigate crimes,” the Post wrote. Miller further said that “the NSO Group was specifically interested in the mobile networks… They stated explicitly that their product was designed for surveillance and it was designed to surveil not the good guys but the bad guys.”
In the alleged meeting, NSO officials “stated multiple times that their work was authorized by government agencies,” Miller said, according to The Guardian. “They didn’t get in the details of who those government agencies were.”
The US in November blacklisted the NSO Group, saying the company “developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
Lavie: “No recollection” of saying “bags of cash”
Lavie’s denial of Miller’s account allowed for the possibility that he used the phrase “bags of cash” as a joke, The Guardian wrote:
In a statement to the Guardian, Lavie’s spokesperson said: “No business was undertaken with Mobileum. Mr. Lavie has no recollection of using the phrase ‘bags of cash,’ and believes he did not do so. However, if those words were used they will have been entirely in jest.”
A representative for Lavie also said in an email to the Guardian that Lavie “strongly denies having suggested any action that was unethical or illegal.”
NSO issued a statement saying that it had “never done any business with” Mobileum, that it “does not do business using cash as a form of payment,” and that “any suggestion otherwise demonstrates a profound lack of understanding about our company.”
“It just looks really fishy”
Miller also reported his allegations to US Rep. Ted Lieu (D-Calif.), who referred them to the Department of Justice. “Having such access would allow the NSO to spy on vast numbers of cellphones in the United States and foreign countries,” Lieu wrote in his referral, according to the Post.
The “bags of cash” quote is suspicious even if it isn’t direct evidence of a crime, Lieu told the Post. “I’m a former prosecutor, and you would do cash transactions because you want to hide it,” Lieu said. “When you have telecom companies and you have software companies, normally they don’t engage in cash transactions… It just looks really fishy, and it doesn’t smell right, and that’s why I want the Department of Justice to investigate.”
The Guardian wrote that the Justice Department is already investigating NSO Group for a range of allegations. “The Guardian and media partners have separately learned that NSO is the subject of an active criminal investigation by the Department of Justice, according to four people familiar with the investigation. The investigation, they claim, is focused on allegations of unauthorized intrusions into networks and mobile devices,” the news organization wrote.
“We are not aware of any DOJ investigation,” the NSO Group said.
Miller worked at Mobileum between 2014 and 2020, first as a senior technical director and later as vice president of network security and client solutions. He is now a mobile-security researcher for Citizen Lab at the University of Toronto.
https://arstechnica.com/?p=1831276