PE-backed NSO Group embroiled in WhatsApp hacking scandal – PitchBook News & Analysis
Earlier this week, popular messaging app
revealed it had been hacked. And an Israeli company backed by a private equity firm might be to blame, as first reported by the Financial Times.
It’s the latest controversy for
NSO Group, a cyber-surveillance business that
Francisco Partners sold to UK-based
Novalpina Capital and the company’s management team in February at a reported valuation of $1 billion. Using WhatsApp’s calling feature, hackers used code developed by NSO to plant surveillance software on both iPhones and Androids, according to reports; in an attempted fix, the company issued a software update on Monday to its roughly 1.5 billion users. WhatApp is owned by Facebook, which bought the unit for $19 billion in 2014.
While WhatsApp didn’t directly accuse NSO, a statement issued to media outlets certainly suggested as much.
“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp said. “We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society.”
Founded by Shalev Hulio and Omri Lavie in 2010, NSO makes tech that allows governments and law enforcement to surveil, monitor and investigate individuals accused of terrorism or other crimes, with its Pegasus spyware product reportedly used to help capture infamous Mexican drug lord Joaquín Guzmán, aka El Chapo, by tapping the phones of his colleagues. The company generated $250 million in 2018 revenue, and it’s part of a cybersecurity sector that drew
144 private equity investments in 2018, per the PitchBook Platform, continuing a decade-long climb in activity. In an interview with CBS in March, Hulio claimed Pegasus had saved “tens of thousands” of lives.
But there are allegations that NSO’s software has been used for more nefarious means, such as spying on human rights activists and other private citizens. The business reportedly sold Pegasus access to Saudi Arabia for $55 million in 2017, and the kingdom allegedly used Pegasus to monitor Jamal Khashoggi before murdering the Washington Post journalist last year. Earlier this week, Amnesty International threw its support behind a lawsuit that could block NSO from exporting its software outside Israel, the latest in a series of legal challenges for the company. In a statement, NSO reportedly vowed to look into any threats of misuse it deems “credible.”
NSO has a long history with private equity. Francisco Partners purchased the company for a reported $120 million in 2014. Three years later,
Blackstone showed interest in buying a 40% stake in the business for around $400 million, but ultimately pulled out of negotiations. Talks for a potential sale to
Verint Systems met a similar fate last year. Instead, Novalpina and the company’s management took control of NSO from Francisco Partners three months ago.
Featured image via Traitov/iStock/Getty Images Plus
Related read: Saudi crisis raises big questions in Silicon Valley