Prospect Illustration/Photo by U.S. Embassy Tel Aviv
Dan Shapiro, who is under consideration to be the president’s Middle East envoy, advised NSO.
A new investigation by The Washington Post and a consortium of 16 international news outlets reveals that software from an Israeli company named NSO Group has spied on hundreds of journalists, activists, executives, and government officials. Its infamous product Pegasus can crack into encrypted phones without a trace and is used by autocrats. The findings are part of the Pegasus Project, which has already presented evidence of the spyware being used to hack the slain Mexican journalist Cecilio Pineda Birto as well as two people close to the journalist Jamal Khashoggi.
But NSO Group has been deflecting from its relationship with authoritarian governments for years. After its surveillance tech was caught being used to target dissidents, the notorious Israeli company sought the assistance of WestExec Advisors, the consultancy founded by now–Secretary of State Tony Blinken and staffed by prominent national-security experts from the Obama administration.
WestExec turned the company down, but NSO was persistent. It was investing heavily in a revamp of its global reputation in response to accusations of its spyware’s abuse, especially in the hands of Saudi Arabia. NSO must have sensed just how influential Blinken’s tight-knit group of former policymakers was, though the client didn’t align with WestExec’s stated principles.
The consulting group stood firm, but NSO had actually already recruited one of its members. Dan Shapiro, a WestExec consultant based in Israel and Obama’s former ambassador to the country, had already been working for NSO.
Shapiro began independently advising NSO in mid-2017, months before WestExec was established. He counseled NSO on how to prevent the misuse of its technology and advised the company to stop selling its hacking tools to Saudi Arabia, according to The New York Times. Initially, NSO heeded. But then, under new ownership—and with the encouragement of the Israeli government and the Trump administration—NSO once again sold its powerful software to Saudi Arabia.
Many Washington operators were willing to do lucrative business for the NSO Group, and it hasn’t necessarily hurt their careers.
Shapiro advised NSO through the end of 2018 and participated in Biden campaign strategy calls in 2020. He is now under consideration to be President Biden’s special envoy to the Middle East.
That a consulting firm specializing in national-security tech like WestExec Advisors rejected NSO Group’s entreaties, while advising other defense contractors and tech companies, shows just how beyond the pale NSO’s products are. Working for Israeli hackers, WestExec consultants may have thought, would hurt their chances of re-entering government. (It’s a decision validated by Biden appointing more than 15 members of the boutique firm to the administration.)
Still, many Washington operators were willing to do lucrative business for the NSO Group, and it hasn’t necessarily hurt their careers. Shapiro has been floated for a State Department appointment to continue Trump’s policy of securing accords between Israel and Arab states. Shapiro declined to comment on the record.
The list of Washington operators who have benefited directly from working with NSO is long, and they don’t want to talk about it. The consultancy Beacon Global Strategies—founded by longtime Hillary Clinton adviser Andrew Shapiro, former CIA and Pentagon official Jeremy Bash, and former House aide Michael Allen—quietly provided advice to NSO until mid-2019. Attorney Dan Jacobson provided legal services to NSO’s parent company and joined the Biden administration this spring as general counsel for the Office of Administration. Rod Rosenstein, after two years as deputy attorney general, advised NSO in a lawsuit the Facebook affiliate WhatsApp had brought against it. Jeh Johnson, Obama’s homeland security secretary who was in the running to be Biden’s defense secretary, signed off on NSO’s human rights policy. Obama homeland security official Juliette Kayyem advised the hacking group.
The company’s PR is currently being done by Mercury Public Affairs, where retired Sen. Barbara Boxer is a co-chair and former Los Angeles Mayor Antonio Villaraigosa is a partner. Mercury, which receives $120,000 monthly to represent NSO, did not respond to a request for comment.
The list possibly includes one current White House official. Anita Dunn took a leave of absence from her consulting firm SKDKnickerbocker and joined the Biden White House in January as a senior adviser. Her firm advised NSO Group in 2019. It’s unclear whether she personally worked for the company. Dunn has circumvented federal ethics rules that require disclosures of income, assets, and clients by serving as a temporary employee in the executive branch and taking a salary just below a threshold that would require public filings. She says she plans to leave the White House soon.
Dunn’s firm defended NSO on the record. Even if she may have not been directly working for NSO, Dunn was willing to lend her name—hers is the D in SKDK—to repair the company’s image. “What sets NSO apart from many other cyber technology firms is its commitment to an ethical business framework that relies on the expertise of people with national security and intelligence backgrounds from around the world to evaluate potential customers and review current customers,” Dunn’s firm told The Intercept in 2019. SKDK declined to comment to the Prospect.
The experts counseling NSO have hardly helped bring it closer toward ethical behavior; in fact, as the Pegasus Project trickles out new reporting, what’s clear is that Washington consultants have lent a veneer of principle to a company whose malicious software has hacked more than 180 journalists and 14 world leaders.
The NSO Group’s co-founder says that its spyware is designed to target “bad guys,” and is only sold to states that comply with its protocol. But its first annual Transparency and Responsibility Report, released last month, is not all that transparent about its clients. There’s much more insight into the company—its high regard for itself, its Silicon Valley vibes—on NSO’s active LinkedIn page, with posts celebrating Pride Month or Earth Day, and photos of a rave in the desert it hosted for employees to toast the end of Israel’s coronavirus lockdown.
Without any irony, the company celebrated World Data Privacy Day in January on social media. “At NSO Group, we have committed ourselves to high ethical business standards by embedding human rights protections throughout all aspects of our work,” it posted, above an image of a padlock set against neon-colored zeroes and ones. Amid damning revelations about its spyware, not even the best consultants can rebrand NSO.