The secret Uganda deal that has brought NSO to the brink of collapse



A man walks by the building entrance of NSO Group at one of its branches in the Arava Desert.

An Israeli woman sat across from the son of Uganda's president in February and asked if he would want to hack any phone in the world.

Two people familiar with the sales pitch said that Lieutenant General Muhoozi Kainerugaba, in charge of his father's security and a long-whispered successor to Yoweri Museveni, was keen.

Middle East dictators and autocratic regimes have been paying tens of millions of dollars for a piece of software called "Peg", which was pitched to him by a woman with ties to Israeli intelligence.

The dalliance into east Africa would be the moment that NSO crossed a red line and caused a chain of events that would see it blacklisted by the commerce department and driven to the verge of extinction.

Two people familiar with NSO's east Africa business say that NSO's chief executive, Shalev Hulio, landed in Uganda a few months after the initial approach. In real time, the Israeli government allowed Hulio to demonstrate how it could hack a brand new, boxed, iPhone.

The business was small for NSO. A person familiar with the transaction said it brought in between $10 million and $20 million, a fraction of the $243 million that Moody's estimated the privately owned NSO made in revenues in 2020.

Two US officials said that someone tried to hack the phones of 11 American diplomats and employees of the US embassy in Uganda after the sales pitch, but that Apple discovered a flaw in its operating system and closed it.

It's not clear who tried to hack the US citizens. The revelation that Uganda's neighbour, Rwanda, had been using the same technology to hack phones shocked the US. US phone numbers are off-limits to NSO's customers. The targets were using Ugandan numbers, but had Apple logins, according to the two US officials.

Advertisement

NSO shut down the hacking systems for customers relevant to this case. A person familiar with the company said it no longer has business in Africa.

The minister of information for the Ugandan government did not reply to a request for comment. A person close to Museveni said they were not allowed to speak about it.

Israeli and US officials were unwilling to confirm that the Ugandan hack caused the decision to blacklist NSO. One US official who discussed the issue with Israel's defense ministry said: "Look at the entire sequence of events here." He said that putting NSO on a US blacklist was meant to punish and isolate the company.

The blacklisting means that NSO cannot buy any equipment, service or intellectual property from US-based companies without approval, which means that a company whose terminals ran on server from Dell and Intel, and whose desktop computers run on Windows operating systems, will be crippled.

One person familiar with the matter said that Intel asked all of its employees to stop doing business with NSO. Intel said in a statement that it complies with all applicable US laws.

Two weeks into his new job, the new CEO of Partner Communications, Itzik Benbenisti, quit. While the company tried to cheer up its employees with a Hanukkah party in the beach resort of Eilat, the retook reins after Benbenisti stepped down, was less sanguine in a recent phone call with an old business associate.

According to a person familiar with the conversation, he told the friend that some clients had asked to shift their contracts to lesser-known rivals.

A foreign ministry official who asked for anonymity said that NSO is an irritant in relations between Israel and the US because of its use of foreign policy bandwidth to talk about Iran.

NSO used to be a diplomatic calling card for Benjamin Netanyahu, who used it to negotiate with countries that did not have official relations with Israel.

Advertisement

The damage to Israel's reputation has made it difficult to hire the most promising graduates of Israel's elite signals intelligence units, who have the skills to repeatedly outwit the defenses of both Android phones and iPhones.

For example, when the hack used against American diplomats in Uganda was reverse- engineered, they found an elegant, tiny piece of code that adapted software from 1990s Xerox machines to fit a Turing machine.

At the same time, said the engineers, it was pretty terrifying. Wow. The professor of computer science at Columbia University,Yaniv Erlich, wrote that it was just wow.

John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab, said that there are many teams in the world that could create something like that.

The company has hired 30 new employees in the last few weeks. There is a wide gap between media reports and reality among our employees.

NSO has become a target of Silicon Valley after hacking into Apple and Meta.

A person familiar with the matter said that Apple's two-pronged approach to notifying the targets of NSO's hacks, while suing the company in US courts, sent a shock wave through the industry.

A former senior executive at an Israeli tech group said that Apple and Citizen Lab shared NSO's technical secrets, which made other companies afraid to use other software because of the risk of being caught in Apple's dragnet.

He said that high-level Israeli employees of NSO and other similar firms are staying in Israel to avoid being questioned by the US and its allies.

The US pressure left NSO with few options. NSO's free cash flow turned negative in 2020 and is expected to remain negative this year, as Moody's has lowered the company's debt. Moody's said that there is a high risk that NSO might not be in compliance with the covenant on the $500 million in loans it took in 2019.

Moelis & Co., a NY-based investment bank, has been hired to see if it can sell off parts of the company to raise cash, even if that means changing the name of the product to a defensive one.

18 US senators wrote to the secretary of state and the treasury secretary to sanction NSO under the Magnitsky Act, along with a number of other firms.

If the US acted on that request, NSO would be cut off from the US banking system and its employees would be barred from travelling to the US.

The Financial Times is a division of The Financial Times. All rights are not to be redistributed, copied or modified.