An Israeli cyber-security company whose owner bought a Maltese passport and was arrested in the US soon after has sparked controversy through its new monitoring software on the spread of COVID-19, which it is marketing to governments worldwide. 

NSO Group, known for creating surveillance software, including what Forbes called “the world’s most invasive mobile spy kit”, known as Pegasus, is linked to Maltese “citizen” and alleged financial fraudster Anatoly Hurgin, who also owns an Israeli surveillance firm called Ability Inc.

Hurgin obtained Maltese citizenship through the golden passport scheme and is now facing charges of fraud, smuggling, and money laundering in Israel, as well as five violations of US federal law for defrauding shareholders of a Florida-based company.

Assassinated journalist Daphne Caruana Galizia had first raised the alarm about Hurgin when she wrote how he was previously a member of the Israeli Defence forces and that his companies Ability Inc, Ability Computers, Software industries Ltd and Active Intelligence Labs Ltd specialise in “phone hacking and cutting edge surveillance technology.”

Among other criminal charges faced by Hurgin, Israeli authorities had arrested a number of employees from Ability Inc in September on suspicion of committing “offences of fraud, smuggling, and money laundering on a significant scale” while carrying out their business activities.

A spokesperson for NSO Group said the software was created “to solve a global pandemic”. The software would work best if a government asked local mobile phone operators to provide the records of every subscriber in the country. Some governments are already testing the software, the BBC reported .

Through the spyware, the movements of people infected with coronavirus could be tracked and plotted on a map – including people they met and places they visited.

John Scott Railton, from privacy watchdog Citizen Lab, said governments would be foolish to use the system. “The last thing that we need is a secretive company claiming to solve a pandemic while refusing to say who its clients are,” he said.

In a Tweet, Lebanese digital communications specialist and activist Abir Ghattas raised concerns about how the tool will be used once the COVID-19 outbreak passes.

https://twitter.com/AbirGhattas/status/1244560014846689280

Last year, WhatsApp filed a lawsuit against the NSO Group for conducting cyber-attacks that infected devices of journalists and activists with malicious software. WhatsApp accused the company of sending spyware to some 1,400 mobile phones with the purpose of surveillance. NSO Group denied the allegations.

In the same year, NSO Group was also sued after being accused of supplying ‘Pegasus’, an invasive spyware kit, to the Saudi government to spy on journalist Jamal Khashoggi before he was killed. The Shift had also reported that allegations were raised regarding the involvement of the Saudi Crown Prince in the phone hacking of Jeff Bezos, owner of The Washington Post.

Citizen Lab had previously investigated NSO’s Pegasus software and found evidence that it had been secretly installed on the phones of journalists and dissidents in countries from Mexico to the Middle East.

“NSO has shown that it is uniquely capable of damaging public trust,” Railton told the BBC. “I can’t think of a better brand name to make citizens nervous about a governmental tracking effort.”