In recent months, a team of executives from an American military contractor made several covert trips to Israel to try to carry out a bold but risky plan: buying NSO Group, the notorious but technologically advanced cyber hacking company.
The team from L3Harris, an American company with experience in spyware technology, encountered significant obstacles. They began with the unsettling fact that NSO had been placed on a blacklist by the US government just a few months prior as a result of other governments using the Israeli company’s spyware, known as Pegasus, to hack into the phones of journalists, human rights activists, and political figures.
Without requiring the user to click on a phishing link to grant it remote access, Pegasus is a “zero-click” hacking tool that can remotely extract everything from a target’s mobile phone, including messages, contacts, photos, and videos. Additionally, it can make the phone into a tracking and recording tool.
The Biden administration declared NSO to be “contrary to the national security or foreign policy interests of the United States” and barred American companies from doing business with the Israeli company as a result of the blacklisting in November.
However, according to five people with knowledge of the talks, the L3Harris team brought with them a startling message that made a deal seem feasible. They claimed that American intelligence officials had been quietly supportive of its plans to acquire NSO, a company whose technology has long been of great interest to numerous international intelligence and law enforcement organizations, including the F.B.I. and the C.I.A.
The negotiations went on in secrecy up until last month, when word of a potential sale of NSO leaked and caused a panic among the parties. Officials from the White House expressed outrage at learning about the negotiations and warned that any attempt by American defense firms to acquire a blacklisted company would face fierce opposition.
According to three U.S. government officials, L3Harris, which is heavily dependent on government contracts, informed the Biden administration that it had abandoned its plans to buy NSO a few days later, despite attempts to revive the negotiations, according to several people familiar with the situation.
Questions remain regarding whether the U.S. government, with or without the knowledge of the White House, seized the chance to attempt to seize control of NSO’s potent spyware under American control despite the administration’s very public stance against the Israeli company. These questions are still being asked in Washington, other ally capitals, and Jerusalem.
The future of NSO, whose technology has been a tool of Israeli foreign policy despite the company coming under harsh criticism for the ways its spyware is used by governments against their citizens, was also left in limbo.
The incident revealed some of the challenges faced by a coalition of nations, including the United States under the Biden administration, as it attempts to control a lucrative global market for sophisticated commercial spyware. It was the most recent skirmish in a long-running conflict between nations to gain control of some of the most potent cyberweapons.
L3Harris and NSO spokesmen declined to comment on the talks taking place between the two businesses. Director of national intelligence Avril Haines’ spokeswoman declined to comment on whether any American intelligence officials gave the discussions their tacit approval. A spokesman for the Commerce Department declined to provide further details regarding any negotiations with L3 Harris regarding the acquisition of NSO.
Both the Israeli prime minister’s spokeswoman and the defense ministry’s spokeswoman declined to comment.
After years of revelations about how governments had used Pegasus, NSO’s top hacking tool, as a tool for domestic surveillance, the Biden administration decided to add NSO to a Commerce Department blacklist. However, Pegasus has also been bought, tested, and used by the US itself.
The F.B.I. purchased Pegasus software in 2019, and The New York Times reported in January that government lawyers at the F.B.I. and the Justice Department had discussed whether to use the spyware in domestic law enforcement investigations. The Times also revealed that despite Djibouti’s history of torturing political opponents and imprisoning journalists, in 2018 the C.I.A. bought Pegasus for the government to use in counterterrorism operations.
If L3 chose to end the acquisition negotiations, NSO’s future would be in limbo. After receiving a blacklisting from the Commerce Department that severely damaged its business, the company saw a deal with the American defense contractor as a possible lifeline. Under penalty of sanctions, American businesses are prohibited from doing business with organizations on the blacklist.
NSO has been unable to purchase any American technology, including Dell servers and Amazon cloud storage, in order to maintain its operations. The Israeli company has been hoping that being sold to a US company will result in the sanctions being lifted.
Israel has treated NSO as a de facto extension of the state for more than ten years, issuing Pegasus licenses to a wide range of nations, including Saudi Arabia, Hungary, and India, with whom the Israeli government hoped to develop closer security and diplomatic ties.
Israel, however, has also declined Pegasus to other nations for diplomatic reasons. Israel refused the Ukrainian government’s request to buy Pegasus last year so that it could use it against Russian targets out of concern that the sale would sour its relations with the Kremlin.
For its own intelligence and law enforcement needs, the Israeli government also makes extensive use of Pegasus and other locally produced cyber tools, which gives it even more motivation to find a way for NSO to withstand the American sanctions.
The L3 Harris representatives claimed that they had been given permission by the US government to negotiate with NSO despite the company being on the American blacklist during the discussions about the potential sale of NSO to L3 Harris. These discussions included at least one meeting with Amir Eshel, the director general of the Israeli defense ministry, who would have to approve any deal.
Five people with knowledge of the conversations claim that L3 Harris’ representatives informed the Israelis that the U.S. intelligence community supported the acquisition provided a few requirements were satisfied.
One of the requirements, according to those people, was that the United States’ partners in the so-called Five Eyes intelligence-sharing partnership could purchase all of NSO’s stockpile of “zero days,” the computer source code flaws that enable Pegasus to hack into mobile phones. Britain, Canada, Australia, and New Zealand are the other partners. In response to inquiries about the extent of British intelligence’s knowledge of a potential agreement between L3 and NSO, a senior British diplomat declined to comment.
Had the plan been implemented, it would have been highly unusual because the Five Eyes nations typically only buy intelligence goods created and produced in those nations.
Officials from the Israeli defense ministry were amenable to this plan. The Israeli government refused to grant NSO’s request that the Five Eyes nations be given access to the computer source code for Pegasus, which enables it to exploit the flaws in the phones it targets, due to intense pressure from the Israeli intelligence community. They also refused, at least initially, to allow L3’s cyber specialists to visit Israel and collaborate with NSO’s development teams at the business’ headquarters north of Tel Aviv.
Defense ministry representatives insisted that Israel maintain its right to issue export licenses for NSO’s goods, but they indicated that they were open to negotiating which nations received the spyware.
There were many topics covered during the discussions that would have required the US government’s approval. According to those familiar with the discussions, L3Harris representatives claimed to have discussed the issues with American officials, who had in principle agreed.
L3Harris hired a powerful Israeli attorney with strong ties to Israel’s defense establishment to assist in the sale of NSO. Former Israeli Military Prosecutor’s Office head of the International Law Division Daniel Reisner served as special advisor to former Prime Minister Benjamin Netanyahu on the Middle East peace process.
The Commerce Department in Washington sent NSO and another Israeli hacking firm that had been blacklisted at the same time a list of questions about how the spyware works, who it targets, and whether the company has any control over how its nation-state clients deploy the hacking tools in the months following the Biden administration’s announcement of the blacklist in November. At the same time, the Israeli government pressed for a way to prevent NSO from going under.
The list, which The Times reviewed, included inquiries about NSO’s “positive control over its products” and whether Americans abroad were shielded from NSO’s products being used against them.
Whether NSO would “shut down access to its products if the U.S. government informs them that there is an unacceptable risk of the tool being used for human rights abuses by a particular customer” was a question posed by another.
Separate from the proposed merger of NSO and L3 Harris, Israeli officials attempted to have NSO removed from the American blacklist in advance of President Biden’s visit to Israel the following week but were unsuccessful.
Last month, news of L3Harris’ discussions to buy NSO appeared to catch White House officials off guard. After the website Intelligence Online reported on the potential sale, a top White House official stated that the administration would work to prevent the deal from taking place because it would present “serious counterintelligence and security concerns for the U.S. government.”
According to the official, any transaction “would prompt intensive review to examine whether the transaction process poses a counterintelligence threat to the U.S., government and its systems and information,” and an American company, particularly a defense contractor, should have known this.
Another U.S. official stated last week that no part of the American government had approved L3’s acquisition of NSO in response to inquiries from The Times and that “after learning about the potential sale, the IC did an analysis that raised concerns about the sale’s implications and informed the administration’s position.”
Although L3Harris is not a household name in the defense sector like Lockheed Martin or Raytheon, it still receives billions in annual revenue from federal and state government contracts in the United States. In fiscal year 2021, various U.S. government contracts accounted for more than 70% of the company’s revenue, according to the most recent annual report.
The Defense Department is L3Harris’ largest government client, according to USAspending.gov, a website that tracks government spending.
The F.B.I. and local American police forces utilized the company’s Stingray surveillance system, which it once produced before ceasing production. Azimuth Security and Linchpin Labs, two Australian cyber companies that Vice claimed sold zero day exploits to the Five Eyes nations, were acquired by the company in 2018.
According to a Washington Post report, the F.B.I. used Azimuth in 2016 to assist in hacking into the Apple phone of a terrorist who had committed a deadly shooting in San Bernardino, California, that left more than a dozen people dead.
The F.B.I. and Apple were in a standoff until Azimuth’s assistance, as Apple had adamantly refused to assist the bureau in unlocking the phone in the San Bernardino case. The tech giant claimed it lacked a backdoor to give the F.B.I. access to the phone and was reluctant to create one because it would compromise the security features that it advertises to customers as being present on the iPhone.
