Police surveillance company seeks to acquire notorious Israeli NSO Group

L3 Harris, which provided police departments with cell phone tracking tech, may acquire a company which produces powerful spyware

By: - June 15, 2022 7:00 am
Police block a road during the October Wauwatosa curfew, after having just shot rubber bullets and tear gas at protesters and their cars. (Photo | Isiah Holmes)

Police block a road during the October Wauwatosa curfew, after having just shot rubber bullets and tear gas at protesters and their cars. (Photo | Isiah Holmes)

L3 Harris, an American defense contractor that sold its Stingray surveillance technology to police departments is making yet another business venture. As reported by IntelligenceOnline, L3 Harris is moving towards a deal to acquire the Israeli-based NSO Group, whose products have been abused by organizations around the world. Privacy and telecommunications experts fear that the acquisition could act as a pipeline streaming these technologies into local police departments.

L3 Harris has been a behemoth in the defense and law enforcement community for years. Generating over $17 billion annually in revenue, it handles a variety of products from radios to robotics, night vision binoculars, technology used in fighter jets and drones, and more. Police departments across the country also enjoy a robust customer-supplier relationship with Harris. The Milwaukee Police Department (MPD), for instance, uses many Harris products including several kinds of radios and other forms of mobile communications technology. For years, MPD also made use of the company’s Stingray devices.

A surveillance van or "critical response vehicle" which was used by MPD during Wauwatosa's curfew. (Photo by Isiah Holmes)
A surveillance van or “critical response vehicle” which was used by MPD during Wauwatosa’s October 2020 curfew. (Photo | Isiah Holmes)

“Stingray” is a specific brand of Harris-produced cell site simulator technology. Harris’ devices are so commonly used that eventually the term “Stingray” became shorthand for all cell site simulators. Generally speaking, by producing signals that mimic a cell tower, the devices trick mobile phones into connecting to them rather than a real tower. This allows law enforcement to gather phone numbers and other information unique to each specific phone, including its exact location. With the right software, cell site simulators can also intercept calls and text messages, send fake short messages and are able to disrupt the service and operation of target phones. Like many kinds of equipment used by law enforcement including armored vehicles and tactical gear, Harris’s devices were first used overseas in military operations in Afghanistan, Iraq and elsewhere.

For years, the Federal Bureau of Investigation (FBI) acted as a sort of gatekeeper between local law enforcement and Harris-produced Stingrays. To get their own Stingray, local police departments were required to sign non-disclosure agreements with the FBI, which would oversee the transaction. The profound confidentiality surrounding these devices eventually led to civil liberties concerns in Milwaukee in 2016. The American Civil Liberties Union (ACLU) of Wisconsin found that MPD had hidden its use of Stingrays from judges and defense attorneys. Many police departments across the country found themselves in a similar position, leading Harris to regress to only selling its Stingray-type products to federal agencies. When cell phone technology moved to 4G and 5G networks, the software on the devices Harris sold to local departments, which worked on 2G and 3G, appeared to go obsolete. In 2019, MPD bought a new system from a different company, Tactical Support Equipment, for $498,900.

The role of the police in our society has been under a microscope since the killing of George Floyd by the Minneapolis Police Department in May, 2020. Local Policing is an ongoing series analyzing the culture, tactics and actions of departments big and small across Wisconsin. If you have a story to share about your local police, reach out to reporters Isiah Holmes and Henry Redman at [email protected] and [email protected]

Last September, wiretap and telecommunications expert Ben Levitan made a prediction about what would happen to the Stingray industry. An engineer with 30 years experience working with phone companies, Levitan actually helped design the conventional wiretap system which is intended to be used by law enforcement. In his work as an expert witness in court cases, Levitan has also seen numerous cases of police using cell site simulators to circumvent laws restricting the use of wiretaps and pen registers. He predicted that either 4G and 5G would kill the Stingray market, “or, what will more likely happen is the guys who designed Stingrays will find a way to beat the system.”

The NSO Group’s Pegasus spyware product made news after it was linked to murders and other abuses around the world. Once inside a target device, Pegasus allows a hacker to essentially own the phone. The spyware can gather calls and text messages, read encrypted messages in apps like Signal, turn on the phone’s microphone to listen to conversations in a room, turn on the camera, take screenshots, track location, and much more. Pegasus works entirely without input by a service provider, completely circumventing how wiretaps traditionally work in the U.S.

Work by the Toronto-based Citizen Lab revealed that Pegasus had numerous ways of getting into smart phones like the iPhone. At times, it sent a text message instructing the target to click on a link, which would immediately infect the phone. That’s what happened to human rights workers investigating the 2014 disappearance of 43 students in Mexico, some of whom later sued the Mexican government for violating their rights by targeting them with the spyware. Later, it was discovered that Pegasus could infect phones with an extremely rare zero-click, zero-day exploit. That means the spyware exploited a vulnerability in iPhones which was unknown to Apple, meaning there were “zero days” of protection. Furthermore, this new exploit didn’t require the target to click on anything to infect the phone. A flaw in Apple’s iMessage application was being exploited by the spyware.

Apple was forced to issue an emergency security update to every iPhone user worldwide in September 2021 to fix the vulnerability. Apple also released a free program called iMazing which has a feature to detect traces of Pegasus and other spyware. As news mounted about the abuse of Pegasus spyware, the NSO Group was blacklisted by the U.S. government last year. Apple has also filed a lawsuit against the NSO Group.

A Milwaukee police squad in front of the Municipal Court downtown. (Photo | Isiah Holmes)
A Milwaukee police squad in front of the Municipal Court downtown. (Photo | Isiah Holmes)

Pegasus spyware has also been linked to the murder of Washington Post and Middle East Eye writer and Saudi dissident Jamal Khashoggi by a apparent Saudi government hit team. Murdered Mexican journalists are also suspected to have been targeted by Pegasus spyware, as well as lawyers, activists, and politicians the world over, including US State Department officials. The NSO Group has rejected the reports, stating it only sells its products to governments for criminal, terrorism and national security investigations. In February of this year, the FBI admitted that it tested NSO’s spyware. Meanwhile, NSO pitched its spyware to American law enforcement under the shell company Westbridge Technologies, calling the spyware “Phantom.” The NSO Group is known for regularly changing its name.

With the company still blacklisted, some suspect L3 Harris acquiring the NSO Group would act to make its products available in the U.S. Levitan called the news “frustrating and scary.” He told Wisconsin Examiner that “Harris is already the premier designer of ‘fake cell towers’ for government use. It seems that they have seen that their cell phone surveillance is a profitable area, and as such, believe that owning the Israeli company’s Pegasus software would be a tremendous asset. Like many more government contracts and sales.” In many regards, Levitan understands the business move. “It’s what a good engineering company would do, and as an engineer working for them, I’d do the same.”

Ben Levitan (Photo | Linkedin)
Ben Levitan (Photo | Linkedin)

Nevertheless, Levitan fears the legality issues he’s seen with Stingray will only be amplified by something like Pegasus. He told Wisconsin Examiner, “I have no problem with law enforcement having all the tools they need. I have a problem when I see law enforcement using Stingray and other technology to circumvent the law. It’s a real arrogance to have government think there are a different set of laws for themselves.”

John Scott-Raiton, a senior researcher at the Citizen Lab, tweeted about the Harris acquisition with alarm. “Bad for NatSec & CI”, he tweeted, referencing national security and counter-intelligence. “Atrocious for human rights. If admin lets it happen would be own-goal against @POTUS democracy agenda,” he added, tweeting directly at President Joe Biden.

Mike Katz-Lacabe, director of research at the Center for Human Rights and Privacy, finds the news “quite disturbing.” Katz-Lacabe, who obtained the first example of a log of Stingray use by MPD back in 2016, stressed the NSO’s already documented abuses. “NSO Group has already been sanctioned by the U.S. government because its products were being abused by its clients. That said, the products it sells are designed to exploit vulnerabilities in products used by millions of people and represent an inherent danger to the privacy and security of those same millions of people.” He adds, “NSO Group either failed or was unable to control how its products were used. It is unclear how or if new ownership would impact that lack of control.”

Protesters gather outside of the Milwaukee Safety Building waiting for the Cole family to come out with DA Chisholm's decision. (Photo by: Isiah Holmes)
Protesters gather outside of the Milwaukee Safety Building waiting for the Cole family to come out with DA Chisholm’s decision. (Photo by: Isiah Holmes)

Questions continue to linger regarding the surveillance of Black Lives Matter protesters in Wisconsin during 2020 and 2021. Many protesters and the families of people who had experienced police violence reported what they felt was electronic surveillance targeting their phones and social media accounts. During the curfews in Milwaukee, Wauwatosa and Kenosha, law enforcement demonstrated an interest in seizing and accessing the phones of protesters and legal observers.

In Wauwatosa, the phone belonging to Taleavia Cole, the sister of  teenager Alvin Cole, who was killed in early 2020, was kept for 22 days by officers after being taken during a curfew arrest. While it was at Wauwatosa PD, Taleavia’s Facebook and Instagram accounts disappeared, and her iCloud had been tampered with, according to an ongoing civil lawsuit. A list that included protesters, lawyers, Democratic state representatives, and a Wisconsin Examiner journalist was compiled by law enforcement during 2020 and 2021. The FBI, and Milwaukee’s intelligence fusion center were also involved in surveillance during the 2020 protests. The fusion center operates MPD’s cell site simulators, using a team known as the “Confidential Source Team,” and works alongside the FBI’s Joint Terrorism Task Force through Milwaukee’s Southeastern Threat Analysis Center (STAC). Nevertheless, MPD has denied that fusion utilizes spyware or malware.

The Milwaukee Police Administration Building downtown. A surveillance van, or "critical response vehicle" is in the background. (Photo | Isiah Holmes)
The Milwaukee Police Administration Building downtown. A surveillance van, or “critical response vehicle” is in the background. (Photo | Isiah Holmes)

Katz-Lacabe isn’t put at ease by the possibility that NSO’s technology will be restricted to federal agencies. “Even if sales were restricted to law enforcement,” he told Wisconsin Examiner, “law enforcement has been known to abuse the surveillance tools to which they have access and it is not difficult to expect that law enforcement armed with NSO Group products would use it to target protesters, critics, former or future love interests, journalists, activists, etc. Given the secrecy around cell site simulators sold by L3 Harris, one would expect a similar lack of transparency about under what circumstances such tools from NSO Group were used, how frequently and against which targets.”

GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX

Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics.

Isiah Holmes
Isiah Holmes

Isiah Holmes is a journalist and videographer, and a lifelong resident of Milwaukee, Wisconsin. Holmes' video work dates back to his high school days at Wauwatosa East High, when he made a documentary about the local police department. Since then, his writing has been featured in Urban Milwaukee, Isthmus, Milwaukee Stories, Milwaukee Neighborhood News Services, Pontiac Tribune, the Progressive Magazine, Al Jazeera, and other outlets. He was also featured in the 2018 documentary The Chase Key, and was the recipient of the Sierra Club Great Waters Group 2021 Environmental Hero of the Year award. The Wisconsin Freedom of Information Council also awarded Holmes its 2021-2022 Media Openness Award for using the open records laws for investigative journalism. Holmes was also a finalist in the 2021 Milwaukee Press Club Excellence in Journalism Awards alongside the rest of the Wisconsin Examiner's staff. The Silver, or second place, award for Best Online Coverage of News was awarded to Holmes and his colleague Henry Redman for an investigative series into how police responded to the civil unrest and protests in Kenosha during 2020. Holmes was also awarded the Press Club's Silver (second-place) award for Public Service Journalism for articles focusing on police surveillance in Wisconsin.

MORE FROM AUTHOR