“The man who built a spyware empire says it’s time to come out of the shadows”
MIT Technology Review, August 19, 2020
by Patrick Howell O’Neill
“Shalev Hulio, co-founder and CEO of NSO, says his industry is full of companies trying to avoid scrutiny.”
Shalev Hulio wants to explain himself.
Normally, silence and secrecy are inherent in the spy business. For nine full years, Hulio never talked publicly about his billion-dollar hacking company—even when his hacking tools were linked to scandal or he was accused of being complicit in human rights abuses around the world. Lately, though, he’s speaking up.
“People don’t understand how intelligence works,” Hulio tells me over a video call from Tel Aviv. “It’s not easy. It’s not pleasant. Intelligence is a shitty business full of ethical dilemmas.”
The business he leads, NSO Group, is the world’s most notorious spyware company. It’s at the center of a booming international industry in which high-tech firms find software vulnerabilities, develop exploits, and sell malware to governments. The Israeli-headquartered company has been linked to high-profile incidents including the murder of Jamal Khashoggi and spying against politicians in Spain.
Ten years after founding the company, he made the rare decision to speak about NSO Group, the intelligence industry, and what transparency could look like for spyware companies. This, he says, is the most important thing the industry can do now: “We’ve been accused, with good reason, of not being transparent enough.”
Culture of silence
Formerly a search-and-rescue commander in Israel’s military and then an entrepreneur focused on technology that remotely accessed smartphones, Hulio has said he founded NSO Group in 2010 at the urging of European intelligence agencies. Back then, NSO marketed itself as a state-of-the-art cyberwarfare firm.
It entered the global spotlight in 2016 when Ahmed Mansoor, a human rights activist in the United Arab Emirates, received what’s been called the most famous text message of all time. Researchers say it was a sophisticated phishing lure sent by a government; it contained a link that, if clicked, would have taken over Mansoor’s phone with spyware. Experts at Citizen Lab, a research group at the University of Toronto, analyzed the link and pointed to Pegasus, NSO’s flagship product. The revelation led to a great deal of scrutiny of the company, but NSO remained silent. (Mansoor is currently serving a decade-long prison sentence for insulting the monarchy—a dictator’s description of his work to further human rights.)
About the Author:
Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. He covers national security, election security and integrity, geopolitics, and personal security: How is cyber changing the world? Before joining the publication, he worked at the Aspen Institute and CyberScoop covering cybersecurity from Silicon Valley and Washington DC.
See also in Internet Salmagundi:
- The Million Dollar Dissident NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender, Munk School of Global Affairs and Public Policy, August 24, 2016.