WASHINGTON ― While serving as a top campaign aide to Donald Trump, former national security adviser Michael Flynn made tens of thousands of dollars on the side advising a company that sold surveillance technology that repressive governments used to monitor activists and journalists.
Flynn, who resigned in February after mischaracterizing his conversations with the Russian ambassador to the U.S., has already come under scrutiny for taking money from foreign outfits. Federal investigators began probing Flynn’s lobbying efforts on behalf of a Dutch company led by a businessman with ties to the Turkish government earlier this year. Flynn’s moonlighting wasn’t typical: Most people at the top level of major presidential campaigns do not simultaneously lobby for any entity, especially not foreign governments. It’s also unusual for former U.S. intelligence officials to work with foreign cybersecurity outfits.
Nor was Flynn’s work with foreign entities while he was advising Trump limited to his Ankara deal. He earned nearly $1.5 million last year as a consultant, adviser, board member, or speaker for more than three dozen companies and individuals, according to financial disclosure forms released earlier this year.
Two of those entities are directly linked to NSO Group, a secretive Israeli cyberweapons dealer founded by Omri Lavie and Shalev Hulio, who are rumored to have served in Unit 8200, the Israeli equivalent of the National Security Agency.
Flynn received $40,280 last year as an advisory board member for OSY Technologies, an NSO Group offshoot based in Luxembourg, a favorite tax haven for major corporations. OSY Technologies is part of a corporate structure that runs from Israel, where NSO Group is located, through Luxembourg, the Cayman Islands, the British Virgin Islands, and the U.S.
Flynn also worked as a consultant last year for Francisco Partners, a U.S.-based private equity firm that owns NSO Group, but he did not disclose how much he was paid. At least two Francisco Partners executives have sat on OSY’s board.
Flynn’s financial disclosure forms do not specify the work he did for companies linked to NSO Group, and his lawyer did not respond to requests for comment. Former colleagues at Flynn’s consulting firm declined to discuss Flynn’s work with NSO Group. Executives at Francisco Partners who also sit on the OSY Technologies board did not respond to emails. Lavie, the NSO Group co-founder, told HuffPost he is “not interested in speaking to the press” and referred questions to a spokesman, who did not respond to queries.
Many government and military officials have moved through the revolving door between government agencies and private cybersecurity companies. The major players in the cybersecurity contracting world ― SAIC, Booz Allen Hamilton, CACI Federal and KeyW Corporation ― all have former top government officials in leadership roles or on their boards, or have former top executives working in government.
But it’s less common for former U.S. intelligence officials to work with foreign cybersecurity outfits. “There is a lot of opportunity in the U.S. to do this kind of work,” said Ben Johnson, a former NSA employee and the co-founder of Obsidian Security. “It’s a little bit unexpected going overseas, especially when you combine that with the fact that they’re doing things that might end up in hands of enemies of the U.S. government. It does seem questionable.”
What is clear is that during the time Flynn was working for NSO’s Luxembourg affiliate, one of the company’s main products — a spy software sold exclusively to governments and marketed as a tool for law enforcement officials to monitor suspected criminals and terrorists — was being used to surveil political dissidents, reporters, activists, and government officials. The software, called Pegasus, allowed users to remotely break into a target’s cellular phone if the target responded to a text message.
Last year, several people targeted by the spyware contacted Citizen Lab, a cybersecurity research team based out of the University of Toronto. With the help of experts at the computer security firm Lookout, Citizen Lab researchers were able to trace the spyware hidden in the texts back to NSO Group spyware. After Citizen Lab publicized its findings, Apple introduced patches to fix the vulnerability. It is not known how many activists in other countries were targeted and failed to report it to experts.
NSO Group told Forbes in a statement last year that it complies with strict export control laws and only sells to authorized government agencies. “The company does NOT operate any of its systems; it is strictly a technology company,” NSO Group told Forbes.
But once a sale is complete, foreign governments are free to do what they like with the technology.
“The government buys [the technology] and can use it however they want,” Bill Marczak, one of the Citizen Lab researchers, told HuffPost. “They’re basically digital arms merchants.”
The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc., in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting.
“When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would “open up doors that they wouldn’t have had access to,” Johnson said.
Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel Group. In addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”)
“It’s a little bit unexpected going overseas, especially when you combine that with the fact that they’re doing things that might end up in hands of enemies of the U.S. government.”
Prominent human rights activists and political dissidents have reported being targeted by NSO’s technology. On August 10, 2016, Ahmed Mansoor, an internationally recognized Emirati human rights activist, received a text message prompting him to click a link to read “new secrets” about detainees abused in UAE prisons. He got a similar text the next day. But Mansoor, who had already been repeatedly targeted by hackers, knew better than to click the links. Instead, he forwarded the messages to Citizen Lab.
Citizen Lab soon determined that NSO Group’s malware exploited an undisclosed mobile phone vulnerability, known as a zero-day exploit, that enabled its customers ― that is, foreign governments ― to surveil a target’s phone after the target clicked the link included in the phishing text message. If Mansoor had clicked that link, his “phone would have become a digital spy in his pocket, capable of employing his phone camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote in a report.
Across the globe in Mexico, where Coca-Cola and PepsiCo were working to repeal a tax on sodas imposed in 2014, two activists and a government-employed scientist, all of whom supported the soda tax, received a series of suspicious text messages. The texts, which became increasingly aggressive and threatening, came as the scientist and the activists were preparing a public relations campaign in support of raising the soda tax and promoting awareness of the health risks linked to sugary beverages.
Dr. Simón Barquera, researcher at Mexico’s National Institute for Public Health, received a text on July 11, 2016, inviting him to click a link the sender said would lead him to a detailed investigation of his clinic. When Barquera didn’t follow through, the texts escalated. On the 12th, he got a text with a link to a purported court document, which the sender claimed mentioned Barquera by name. On the 13th, yet another text included a link that supposedly contained information about a funeral. The day after that, the sender wrote, “You are an asshole Simon, while you are working I’m fucking your old lady here is a photo.” The final text Barquera received in August said that his daughter was in “grave condition” after an accident, and included a link that would supposedly tell him where she was being treated.
Alejandro Calvillo, director of the consumer rights nonprofit El Poder del Consumidor, received a text with a link claiming to be from a man who wanted to know if Calvillo could attend the man’s father’s funeral. Another text sent to Calvillo included a link that the sender said was a viral news story that mentioned him. The final target, Luis Encarnación, a coordinator for the obesity prevention group Coalicion ContraPESO, also received a text with a link claiming that he was named in a news article.
The targets quickly got in touch with Citizen Lab and forwarded their text messages to the researchers. In February 2017, Citizen Lab released a new report linking NSO Group’s technology to the phishing attempts targeting the pro-soda tax campaigners.
Citizen Lab researchers have also identified texts sent last summer to Mexican journalist Rafael Cabrera that they believe were an attempt to infect his phone with NSO Group’s Pegasus spyware. Cabrera, who now works for BuzzFeed Mexico, was targeted by hackers after he broke a story revealing a potential conflict of interest with the Mexican first family and a Chinese company.
Citizen Lab believes NSO Group may have also sold its mobile phone spying technology to many governments, including those of Kenya, Mozambique, Yemen, Qatar, Turkey, Saudi Arabia, Uzbekistan, Thailand, Morocco, Hungary, Nigeria and Bahrain.
Working with repressive regimes is standard practice in the cyberweapons industry. The Italian surveillance malware firm Hacking Team has worked with dozens of countries known to jail dissidents, according to emails uploaded to WikiLeaks. The FBI and the Drug Enforcement Agency were among the company’s customers, according to the documents.
Despite recent scrutiny over Mansoor’s case, NSO Group’s value has exploded in recent years. Francisco Partners bought the cyberweapons dealer in 2014 for $120 million. It is now reportedly valued at over $1 billion.
The human rights activists targeted with the company’s software haven’t fared as well. Mansoor was arrested in the UAE in March after he signed a letter calling for the release of political prisoners. He remains behind bars.
This story has been updated to include a statement from Adobe.
CORRECTION: A previous version of this story said that Ahmed Mansoor is a human rights attorney. He is a human rights activist.