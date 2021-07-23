While working at the NSO, a French ex-diplomat noticed the ‘potential for misuse.’

The ultra-secretive world of NSO Group, the Israeli creator of the Pegasus malware at the center of a global phone hacking controversy, is only accessible to a select few outsiders. One of them is Gerard Araud, a former French ambassador.

Soon after standing down as France’s ambassador to Washington during Donald Trump’s turbulent presidency, the recently retired diplomat joined NSO as a consultant in 2019, advising on human rights.

“I accepted the role because it piqued my attention. It was a whole new universe for me,” said Araud, who was also the French ambassador to Israel in the early 2000s.

He found something approximating a classic tech start-up at NSO’s offices: teams of programmers “all between 25 and 30 years old, wearing flip-flops and black t-shirts, all with PhDs in computer science…”

His one-year mission, which began in September 2019, was to look at how the company could improve its human rights record in the wake of a slew of unfavorable news reports. He was joined by two other external consultants from the United States.

Earlier that year, the group’s equipment was publicly linked to Saudi Arabian security agencies eavesdropping or attempting to spy on the slain Saudi journalist Jamal Khashoggi, which the group disputed.

Novalpina, a London-based private equity firm, bought the company in 2019, and recruited Araud to offer methods to make the company’s protection measures “more rigorous and a little more methodical,” he added.

Since Monday, a group of news organizations, including The Washington Post, The Guardian, and France’s Le Monde, has highlighted allegations of how those ostensibly safeguarded safeguards were disregarded between 2016 and 2021.

The publications have revealed how human rights activists, journalists, opposition politicians, and even international leaders appear on the list, based on what they claim is a database of 50,000 phones that were identified for prospective hacking using Pegasus.

The NSO Group has disputed the existence of such a list.

Pegasus is thought to be one of the most sophisticated mobile phone hacking programs on the market, allowing clients to secretly read all of a target’s messages, monitor their whereabouts, and even control their camera and microphone from afar.

Its export is regulated “like a weapons sale,” according to Araud, which means NSO must first obtain Israeli government approval before selling it, and state clients must then sign a lengthy commercial contract stating how the product would be used.

They’re supposed to use Pegasus solely to fight organized crime or terrorism, according to the company’s marketing, but Araud added, “you could.” Brief News from Washington Newsday.