Defense firm said US spies backed its bid for Pegasus spyware maker

A team of executives from a U.S. military contractor quietly visited Israel numerous times in recent months to try to carry out a bold but risky plan: purchasing NSO Group, the cyber-hacking firm that is as notorious as it is technologically accomplished.
The impediments were substantial for the team from the American company, L3Harris, which also had experience with spyware technology. They started with the uncomfortable fact that the U.S. government had put NSO on a blackl just months earlier because the Israeli firm’s spyware, called Pegasus, had been used other governments to penetrate the phones of political leaders, human rights activs and journals.
Pegasus is a “zero-click” hacking tool that can remotely extract everything from a target’s mobile phone, including messages, contacts, photos and videos without the user having to click on a phishing link to give it remote access. It can also turn the mobile phone into a tracking and recording device.
NSO had acted “contrary to the national security or foreign policy interests of the United States,” the Biden adminration said in announcing the blackling in November, barring American companies from doing business with the Israeli firm.
But five people familiar with the negotiations said the L3Harris team had brought with them a surprising message that made a deal seem possible. American intelligence officials, they said, quietly supported its plans to purchase NSO, whose technology over the years has been of intense interest to many intelligence and law enforcement agencies around the world, including the FBI and CIA.
The talks continued in secret until last month, when word of NSO’s possible sale leaked and sent all the parties scrambling. White House officials said they were outraged to learn about the negotiations, and that any attempt American defense firms to purchase a blackled company would be met serious resance.
Days later, L3Harris, which is heavily reliant on government contracts, notified the Biden adminration that it had scuttled its plans to purchase NSO, according to three U.S. government officials, although several people familiar with the talks said there have been attempts to resuscitate the negotiations.
Left in place are questions in Washington, other allied capitals and Jerusalem about whether parts of the U.S. government — with or without the knowledge of the White House — had seized an opportunity to try to bring control of NSO’s powerful spyware under U.S. authority, despite the adminration’s very public stance against the Israeli firm.
It also left unsettled the fate of NSO, whose technology has been a tool of Israeli foreign policy even as the firm has become a target of intense criticism for the ways its spyware is used governments against their citizens.
The episode was the latest skirmish in an ongoing battle among nations to gain control of some of the world’s most powerful cyberweapons, and it reveals some of the headwinds faced a coalition of nations — including the United States under the Biden adminration — as it tries to rein in a lucrative global market for sophicated commercial spyware.
Spokespeople for L3Harris and NSO declined to comment about the negotiations between the companies. A spokesperson for Avril Haines, the director of national intelligence, declined to comment on whether any American intelligence officials quietly blessed the discussions. A spokesperson for the Commerce Department declined to give specifics about any discussions with L3 Harris about purchasing NSO.
A spokesperson for the Israeli Defense Minry declined to comment, as did a spokesperson for the Israeli prime miner.
The Biden adminration’s decision to put NSO on a Commerce Department blackl came after years of revelations about how governments had used Pegasus, NSO’s premier hacking tool, as an instrument of domestic surveillance. But the United States itself has also purchased, tested and deployed Pegasus.
In January, The New York Times revealed that the FBI had purchased Pegasus software in 2019, and that government lawyers at the FBI and Justice Department had debated whether to deploy the spyware for use in domestic law enforcement investigations. The Times also reported that in 2018 the CIA had purchased Pegasus for the government of Djibouti to conduct counterterrorism operations, despite that country’s record of torturing political opposition figures and imprisoning journals.
A decision L3 to terminate the acquisition talks would leave NSO’s future in doubt. The company had seen a deal with the American defense contractor as a potential lifeline after being blackled the Commerce Department, which has crippled its business. American firms are not allowed to do business with companies on the blackl, under penalty of sanctions.
As a result, NSO cannot buy any American technology to sustain its operations — whether it be Dell servers or Amazon cloud storage — and the Israeli firm has been hoping that being sold to a company in the United States could lead to the sanctions being lifted.
For more than a decade, Israel has treated NSO as a de facto arm of the state, granting licenses for Pegasus to numerous countries — including Saudi Arabia, Hungary and India — with which the Israeli government hoped to nurture stronger security and diplomatic ties.
But Israel has also denied Pegasus to countries for reasons of diplomacy. Last year, Israel rejected a request the government of Ukraine to purchase Pegasus to use against targets in Russia, fearing that the sale would damage Israel’s relations with the Kremlin.
The Israeli government also makes extensive use of Pegasus and other locally made cyber tools for its own intelligence and law enforcement purposes, giving it further incentive to find a way for NSO to survive the U.S. sanctions.
During the discussions about the possible sale of NSO to L3Harris — which included at least one meeting with Amir Eshel, director-general of the Israeli Defense Minry, who would have to approve any deal — the L3Harris representatives said they had received permission from the U.S. government to negotiate with NSO, despite the company’s presence on the American blackl.
L3Harris’ representatives told the Israelis that U.S. intelligence agencies supported the acquisition as long as certain conditions were met, according to five people familiar with the discussions.
One of the conditions, those people said, was that NSO’s arsenal of “zero days” — the vulnerabilities in computer source code that allow Pegasus to hack into mobile phones — could be sold to all of the United States’ partners in the so-called Five Eyes intelligence sharing relationship. The other partners are Britain, Canada, Australia and New Zealand. A senior British diplomat declined to comment on questions about the degree of knowledge British intelligence had about a possible deal between L3 and NSO.
Such a plan would have been highly unusual had it been finalized, since the Five Eyes countries usually only purchase intelligence products that have been developed and manufactured within those countries.
Israeli Defense Minry officials were open to this arrangement. But after heavy pressure from the Israeli intelligence community, it balked at another request: that the Israeli government allow NSO to share the computer source code for Pegasus — which allows it to exploit the vulnerabilities in the phones it targets — with the Five Eyes countries. They also did not agree, at least not in the first phase, to allow L3’s cyber experts to come to Israel and join NSO’s development teams at the company’s headquarters north of Tel Aviv.
Representatives of the Defense Minry also insed that Israel retain its authority to grant export licenses for NSO’s products, but said they were willing to negotiate over which countries received the spyware.
Over the course of the discussions, there were numerous issues that would have required the approval of the U.S. government. L3Harris representatives said they had discussed the issues with American officials, who had agreed in principle, according to the people familiar with the discussions.
To help negotiate the sale of NSO, L3Harris hired an influential lawyer in Israel with deep ties to Israel’s defense establishment. The lawyer, Daniel Reisner, is the former head of the International Law Department at the Israeli Military Prosecutor’s Office and acted as a special adviser on the Middle East peace process to former Prime Miner Benjamin Netanyahu.
In the months since the Biden adminration announced the blackl in November, and as the Israeli government pressed for a way to keep NSO from going under, the Commerce Department in Washington sent a l of questions to NSO and another Israeli hacking firm that had been blackled at the same time, about how the spyware works, who it targets and whether the company has any control over how its nation-state clients deploy the hacking tools.
The l, reviewed the Times, asked whether NSO maintained “positive control over its products” and whether Americans overseas were protected from having NSO’s products deployed against them.
Another asked if NSO would “shut down access to its products if the U.S. government informs them that there is an unacceptable risk of the tool being used for human rights abuses a particular customer?”
Separately from the proposed NSO and L3 Harris deal, Israeli officials negotiated unsuccessfully with the Commerce Department about getting NSO removed from the U.S. blackl in advance of President Joe Biden’s trip to Israel in the coming week.
News last month of L3Harris’ talks to purchase NSO seemed to blindside White House officials. After the website Intelligence Online reported on the possible sale, a top White House official said such a transaction would pose “serious counterintelligence and security concerns for the U.S. government” and that the adminration would work to ensure that the deal did not happen.
The official said an American company, particularly a defense contractor, should have been aware that any transaction “would spur intensive review to examine whether the transaction process poses a counterintelligence threat to the U.S., government and its systems and information.”
Last week, in response to questions from the Times, another U.S. official said “after learning about the potential sale, the IC did an analysis that raised concerns about the sale’s implications and informed the adminration’s position.”
While not a household defense industry name like Lockheed Martin or Raytheon, L3Harris earns billions each year from U.S. government contracts at both the federal and state level. According to the company’s most recent annual report, more than 70% of the company’s revenue in fiscal year 2021 came from various U.S. government contracts.
USAspending.gov, a website that tracks government contracts, indicates that the Defense Department is L3Harris’ biggest government client.
The company once produced a surveillance system called Stingray that was used the FBI and local American police forces until the company discontinued production. In 2018, the company purchased Azimuth Security and Linchpin Labs, two Australian cyber firms that Vice reported had sold “zero day” exploits to the Five Eyes countries.
In 2016, the FBI enled Azimuth to help break into the Apple phone of a terror who had carried out a deadly shooting in San Bernardino, California, killing more than a dozen people, according to a report in The Washington Post.
Azimuth’s work for the FBI ended a standoff between the bureau and Apple, which had pointedly refused to help the FBI unlock the phone in the San Bernardino case. The tech giant argued it had no backdoor to allow the FBI access to the phone, and were loathe to create one because it would weaken the iPhone’s security features it promotes to its customers.