Israel secretly authorized a group of cyber-surveillance firms to work for the government of Saudi Arabia despite international condemnation of the kingdom’s abuse of surveillance software to crush dissent, even after the Saudi killing of journalist Jamal Khashoggi, government officials and others familiar with the contracts said.
After the murder of Khashoggi in 2018, one of the firms, NSO Group, canceled its contracts with Saudi Arabia amid accusations that its hacking tools were being misused to abet heinous crimes.
But the Israeli government encouraged NSO and two other companies to continue working with Saudi Arabia, and issued a new license for a fourth to do similar work, overriding any concerns about human rights abuses, according to one senior Israeli official and three people affiliated with the companies.
Since then, Saudi Arabia has continued to use the spyware to monitor dissidents and political opponents.
The fact that Israel’s government has encouraged its private companies to do security work for the kingdom — one of its historic adversaries and a nation that still does not formally recognize Israel — is yet more evidence of the reordering of traditional alliances in the region and the strategy by Israel and several Persian Gulf countries to join forces to isolate Iran.
NSO is by far the best known of the Israeli firms, largely because of revelations in the past few years that its Pegasus program was used by numerous governments to spy on, and eventually imprison, human rights activists.
NSO sold Pegasus to Saudi Arabia in 2017. The kingdom used the spyware as part of a ruthless campaign to crush dissent inside the kingdom and to hunt down Saudi dissidents abroad.
It is not publicly known whether Saudi Arabia used Pegasus or other Israeli-made spyware in the plot to kill Khashoggi. NSO has denied that its software was used.
Israel’s Ministry of Defense also licensed for Saudi work a company called Candiru, which Microsoft accused last week of helping its government clients spy on more than 100 journalists, politicians, dissidents and human rights advocates around the world.
Microsoft, which conducted its investigation in tandem with Citizen Lab, a research institute at the University of Toronto, said Candiru had used malware to exploit a vulnerability in Microsoft products, enabling its government clients to spy on perceived enemies.
Candiru has had at least one contract with Saudi Arabia since 2018.
Israel has also granted licenses to at least two other firms, Verint, which was licensed before the Khashoggi killing, and Quadream, which signed a contract with Saudi Arabia after the killing.
A fifth company, Cellebrite, which manufactures physical hacking systems for mobile phones, has also sold its services to the Saudi government, but without ministry approval, according to the newspaper Haaretz.
Israel insists that if any Israeli spyware were used to violate civil rights that it would revoke the company’s license.
If the Defense Ministry “discovers that the purchased item is being used in contravention of the terms of the license, especially after any violation of human rights, a procedure of cancellation of the defense export license or of enforcing its terms is initiated,” the ministry said in a statement in response to questions from The New York Times.
The ministry declined to respond to specific questions about the licenses it gave to the Israeli firms, but said that “a wide range of security, diplomatic and strategic considerations are taken into account” when considering whether to grant a license to export offensive cyber technology.
Revelations about the abuses of NSO products led the company to hire a group of outside consultants in 2018 to provide advice about which new clients NSO should take on and which to avoid. The group included Daniel Shapiro, the former Obama administration ambassador to Israel, and Beacon Global Strategies, a Washington strategic consulting firm.
Beacon is led by Jeremy Bash, a former CIA and Pentagon chief of staff; Michael Allen, a former staff director for the House Intelligence Committee; and Andrew Shapiro, a former top State Department official.
While the group’s mandate was to vet potential new clients, the international outrage over Khashoggi’s killing in October 2018 led the group to advise NSO to cancel its Saudi contracts and shut down NSO systems in the kingdom.
Separately, NSO conducted an internal investigation into whether any of its tools were used by Saudi officials for the Khashoggi operation and concluded that they were not. However a lawsuit against NSO by a friend of Khashoggi’s claims that his phone had been hacked by Saudi Arabia using Pegasus, and that hack gave Saudi officials access to his conversations with Khashoggi, including communications about opposition projects.
Over several days in late 2018, executives both of NSO and the private equity firm that owned it at the time, Francisco Partners, met in Washington with the advisory group.
According to several people familiar with the meetings, the NSO executives argued that the Israeli government was strongly encouraging the company to weather the storm and continue its work in Saudi Arabia. They also said that Israeli officials had indicated to them that the Trump administration also wanted NSO’s work with Saudi Arabia to continue.
In the end, NSO management heeded the advice of the outside group and canceled its contracts with Saudi Arabia in late 2018. Shapiro, the former ambassador to Israel, ended his work for the company shortly afterward.
Months later, however, after another private equity firm bought NSO, the company was once again doing business with Saudi Arabia.
NSO’s new owner, Novalpina, rejected the advice of the outside advisory group and NSO resumed its work in Saudi Arabia in mid-2019. Around that time, Beacon ended its work with NSO.
The new contract with the Saudis came with some restrictions. For example, NSO set up its system to block any attempts by Saudi officials to hack European telephone numbers, according to a person familiar with the programming.
But it is clear that Saudi Arabia has continued to use NSO software to spy on perceived opponents abroad.
In one case that has come to light, three dozen phones belonging to journalists at Al-Jazeera, which Saudi Arabia considers a threat, were hacked using NSO’s Pegasus software last year, according to Citizen Lab. Citizen Lab traced 18 of the attacks back to Saudi intelligence.
After the revelation of the attack on Al-Jazeera journalists, NSO recently shut down the system, and at a meeting in early July, the company’s board decided to declare new deals with Saudi Arabia off limits, according to a person familiar with the decision.
Israel’s defense ministry is currently fighting lawsuits by Israeli rights activists demanding that it release details about its process for granting the licenses.
The Israeli government also imposes strict secrecy on the companies that receive the licenses, threatening to revoke them if the companies speak publicly about the identity of their clients.
An NSO statement said the company could not discuss the identity of its government customers, but added: “As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi. This includes listening, monitoring, tracking or collecting information.”
Officials with Candiru, Verint and the government of Saudi Arabia declined to comment. Officials with Quadream could not be reached.
These business ties came as Israel was quietly building relationships directly with the Saudi government.
Benjamin Netanyahu, then Israel’s prime minister, met several times with Saudi Arabia’s day-to-day ruler, Crown Prince Mohammed bin Salman, and military and intelligence leaders of the two countries meet frequently.
While Saudi Arabia was not officially party to the Abraham Accords — the diplomatic initiatives during the end of the Trump administration normalizing relations between Israel and several Arab countries — Saudi leaders worked behind the scenes to help broker the deals.