Covert ways of NSO: Spy games as usual

Project Pegasus: The Israeli spyware, revealed to have been used to target hundreds of phones in India, and can infect a device without the target’s engagement or knowledge

By Chaim Levinson

The offensive spyware company NSO is operating a consulting firm called Realmode Labs, whose employees – former members of IDF technology units – are experts in finding security vulnerabilities in computing services, as illustrated by the recent break-in at Amazon servers. Realmode Labs was established early last year. It is registered in Petah Tikva but has its offices in Tel Aviv. Heading the company is Ariel Tempelhof, a graduate of the Psagot program, the most prestigious IDF program for training soldiers in technology. According to his LinkedIn profile, Tempelhof was a researcher and team lead doing security-related work while in the army. He then worked for “the State of Israel,” later heading up Realmode in January 2020. According to the company’s website, its employees are “top-notch researchers and developers of security-related products, graduates of the IDF, government agencies and leading companies in this industry.” Realmode first operated as a consulting service, and large organizations hired it for locating breaches in their security systems. “We offer research and development services to local and international clients,” says the company’s website, which notes the company’s wide experience in a variety of software systems. The website further notes that “our expertise is in contending with difficult problems in new areas and solving them quickly.” Realmode’s “product” is its employees, since people who can find vulnerabilities are in high demand in the cyber world. An example of the company’s capabilities may be found in an article published in January by one of its employees, Yuval Bar-On. Bar-On found a breach in the book-reading service Kindle, which allowed hackers to obtain the credit card information of its users and make purchases on Amazon. The breach was closed and Amazon paid Bar-On $18,000 for finding it.

Realmode’s abilities, as exemplified in this case, could open new avenues for NSO operations. NSO has expertise in breaking into Apple and Google systems and in hacking mobile phones. In recent years it has offered additional services, such as Big Data systems, which would allow its customers to analyse huge amounts of information obtained from hacked phones.

Earlier this year, NSO and Realmode signed a deal. Officially, Realmode remains independent, but it maintains very few operations of its own, and its employees are currently engaged in a covert project for NSO. The profiles of these employees on social media do not mention a connection to NSO. NSO recently ran into trouble when the U.S. Department of Commerce placed it on its blacklist, asserting that NSO operations were harmful to American interests. After this decision, NSO’s director Itzik Benbenisti resigned, having assumed office only two weeks earlier. The announcement came in the wake of news related to the misuse of NSO’s flagship Pegasus software, with lawsuits filed against the company by Facebook and Apple. The company’s founder, Shalev Hulio, recently said in a closed meeting that these reports are making it difficult to recruit new employees, and that the company will face obstacles in developing its products under current circumstances. Despite this, NSO is trying to project a sense of business as usual. This week the company’s account on LinkedIn showed a photo from a Hanukkah party for its employees, held in Eilat.

Realmode responded to this story, saying that “Realmode Labs offers consultation services in diverse areas to many technology companies. As we publish from time to time, our employees collaborate with other companies in improving the security of their products.” NSO said it had no comment.

(This article first appeared on Haaretz)