How Washington power brokers gained from NSO’s spyware ambitions

The company’s attempts to secure U.S. contracts appear to have been unsuccessful, with federal and local law enforcement agency representatives saying in emails and interviews that they balked at its Pegasus spyware tool’s million-dollar price tag.

But an influential network of Washington consultants, lawyers, lobbyists and other prominent personalities have earned money from the company, its parent company or its founders, a Washington Post review of government and company filings shows. Those beneficiaries include some of the most powerful members of the Obama, Trump and Biden administrations.

Among those who’ve received payments from NSO or related companies are former chiefs of the Homeland Security and Justice departments, as well as Washington’s most prestigious law and public-relations firms, the public filings show.

These political heavyweights have defended NSO’s spy tool as an invaluable weapon against terrorists and human traffickers, and they have worked to soften the public image of a company accused in a federal lawsuit of helping spy on allies of Washington Post contributing columnist Jamal Khashoggi before his grisly murder in 2018. Reuters reported last year that FBI agents were investigating NSO’s role in targeting Americans, though the FBI has not confirmed that report. The agency declined to comment for this article.

In a statement to The Post, NSO said it had retained “top U.S. counsels” to help support its “life-saving mission” but declined to name its government customers or answer questions about its pursuit of contracts inside the United States.

The company said its “products, sold to vetted foreign governments, cannot be used to conduct cybersurveillance within the United States, and no foreign customer has ever been granted technology that would enable them to access phones with U.S. numbers.”

NSO, however, continues to look for opportunities in the United States. In Justice Department foreign-agent filings last month, the law firm Pillsbury Winthrop Shaw Pittman said it had signed a six-month contract, at $75,000 a month, to advise NSO on “potential business partners,” “U.S. government procurement regulations” and “assistance with education of government officials about NSO’s technology.” Two law firm employees on the account, Brian Finch and Nicole Steinberg, advise clients on the Safety Act, a DHS program offering “liability protections to sellers of qualified anti-terrorism technologies.” The firm and the two attorneys did not respond to requests for comment.

NSO began pitching U.S. intelligence and police officials on its hacking tool as early as 2014, launching a side company, Westbridge Technologies, with filings in Delaware, Maryland and Virginia, state business records and internal emails show.

How Pegasus works

Target: Someone sends what’s known as a trap link to a smartphone that persuades the victim to tap and activate — or activates itself without any input, as in the most sophisticated “zero-click” hacks.

Infect: The spyware captures and copies the phone’s most basic functions, NSO marketing materials show, recording from the cameras and microphone and collecting location data, call logs and contacts.

Track: The implant secretly reports that information to an operative who can use it to map out sensitive details of the victim’s life.

Read more about why it’s hard to protect yourself from hacks.

An early pitch, by company co-founder Omri Lavie, was made in June 2014 to the Drug Enforcement Administration, according to emails revealed through a Freedom of Information Act request and first reported by the tech news site Motherboard. The DEA found it too expensive, and records searches show no contract was signed. The agency declined to comment.

In the years afterward, Westbridge crossed the country in hopes of striking deals with the San Diego and Los Angeles police departments, pitching demos and sending brochures that said it could secretly turn smartphones into an “intelligence gold mine.”

A San Diego police sergeant told the company in a 2016 email that while it sounded “awesome,” the department couldn’t afford “such a large-scale project.” Officials at that agency and the LAPD told The Post that the tool was never purchased or used.

NSO had better luck recruiting major U.S. political figures to help secure contracts.

Between 2015 and 2017, NSO’s parent company, OSY Technologies, and a previous owner, Francisco Partners, paid roughly $100,000 to Michael Flynn, the former director of the Defense Intelligence Agency and future national security adviser to Donald Trump, for what Flynn said was “consulting” work in financial disclosure forms he filed with the Office of Government Ethics in 2017. The filings offered no other details of the work, and NSO did not respond to a question about Flynn’s work. Flynn did not respond to requests for comment.

In late 2018, Lavie paid $170,000 to another member of Trump’s orbit, Jeff Miller, to lobby members of Congress on “immigration and naturalization” issues, a federal disclosure filing shows. The Republican operative was paid by Lavie Management Co., which is also named on the deed for Lavie’s $4 million New Jersey mansion. NSO did not respond to a question about the payment, and Miller did not respond to requests for comment.

In 2019, after a Saudi dissident filed a lawsuit in Israel accusing NSO of helping surveil Khashoggi before his death, the company embarked on a VIP spending spree in hopes of cleaning up its reputation, announcing it had hired three senior advisers to help the company “continue its work to assist governments in fighting serious crime and terrorism”: Tom Ridge, the United States’ first homeland security secretary; Gérard Araud, France’s former ambassador to the United States; and Juliette Kayyem, a Department of Homeland Security official under President Barack Obama.

Criticism over that role led Kayyem, now a CNN national security analyst, to back out as a contributor to The Post’s opinion section. Kayyem said she had worked to help ensure NSO’s spy tool “protected and respected” human rights and told The Post this month that she only served as an adviser on company policies and conducted no government work. (All three no longer work with the company, citing short-term contracts.) Ridge and Araud did not respond to requests for comment.

The company also hired SKDK, a public relations firm widely used in Democratic campaigns, to defend its “commitment to an ethical business framework.” The firm’s co-founder, Anita Dunn, was a communications director for Obama’s White House and now works as a senior adviser to President Biden. The firm, which worked with NSO for less than a year in 2019, declined to comment. The White House did not respond to requests for comment.

NSO’s parent, OSY, which is headquartered in Luxembourg, also paid Obama’s homeland security secretary, Jeh Johnson, to review the company’s new Human Rights Policy. Johnson, a partner at the elite law firm Paul, Weiss, gave his stamp of approval, saying it appeared to be “substantially aligned” with United Nations principles. An official U.N. expert was less celebratory, saying it did not address the “legacy of harm perpetuated as a result of NSO Group’s failure to ensure that its technology is used responsibly.” Johnson declined to comment.

When WhatsApp sued NSO on accusations that it had helped hack 1,400 of the messaging app’s users, NSO enlisted another influential law firm, King & Spalding, to lead its legal defense. Among the company’s advisers: Rod J. Rosenstein, Trump’s deputy attorney general from 2017 to 2019, during which he decried the “lawless” attack on Khashoggi and oversaw the FBI. Rosenstein did not respond to requests for comment.

Q Cyber Technologies, which NSO says it is a subsidiary of, has also benefited from the legal services of Dan Jacobson, whom the Biden administration in March named general counsel for the Office of Administration, financial disclosure filings show. A White House official said Jacobson has no current involvement with the company. The White House and the law firm did not respond to requests for comment.

Q Cyber also signed a $120,000-a-month contract in late 2019 with Mercury Public Affairs, a firm that employs former members of Congress as lobbyists for companies such as the U.S. subsidiary of Hikvision, a Chinese surveillance giant the Biden administration has accused of supporting China’s military.

In Justice Department filings in January, Mercury said it provided Q Cyber “strategic consulting” and “crisis management” services related to ongoing or future litigation or regulatory action. Mercury listed dozens of NSO-related emails and interviews with journalists in the last half of 2020, including from Ian McCaleb, a Mercury managing director who once worked for the Justice Department’s criminal division. Mercury and McCaleb did not respond to requests for comment.

Westbridge is registered as an active U.S. federal contractor, though no contracts can be found in government spending data. Its Maryland branch was dissolved in 2019, and its Virginia branch has only one name on its business filing: Adam Hanasky, a lawyer who said he is no longer associated with the firm.

Much about NSO’s U.S. presence, however, remains a mystery. NSO’s parent OSY said Westbridge lost $30,000 in 2016 and 2017 but made a total of $700,000 in profit in 2018 and 2019, according to business records in Luxembourg. The filings could not be independently confirmed and do not say where the money came from.

NSO said in a statement that Westbridge is “part of the NSO group.” But Stephen Rodriguez, who said he joined Westbridge as chairman of the board last month, said the company has no current involvement with NSO and works with other companies owned by Novalpina Capital, the London-based private equity firm that owns a majority stake in NSO.

Westbridge and NSO, he said, are both subsidiaries of OSY but operate as separate companies. Westbridge, he said, is now used to “support Novalpina business development in North and South America” around cybersecurity, public safety and defense contracts.

The Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 news organizations coordinated by Forbidden Stories with the technical support of Amnesty International’s Security Lab. Read more about this project.