Public investors in the private equity firm that owns a majority stake in Israeli spyware company NSO Group are in talks to transfer management of that fund to Berkeley Research Group, a US consulting firm.
A person familiar with the matter told The Guardian that the talks, which are in an early stage, followed an internal dispute between the co-founders of Novalpina Capital, whose fund was taken over by NSO Group in 2019.
NSO Group has been at the center of a mass surveillance scandal following the publication of the Pegasus project, an investigation into NSO by 17 media organizations. The core of the investigation was the leak of tens of thousands of phone numbers of people, including journalists, activists, lawyers and heads of state, believed to have been listed as persons of concern for possible surveillance by clients of the NSO government.
The publication of the investigation by The Guardian and other media organizations came as the three Novalpina co-founders were already embroiled in a long-running dispute over the future of the fund.
This week, Sky News and the Financial Times reported that Novalpina was stripped of control of its own fund as a result of the internal dispute, prompting outside investors in the fund to take control.
The intervention left the ownership of NSO and an Estonian gambling company called Olympic Entertainment Group, as well as other assets, in the balance.
The FT reported that outside investors in the fund, including public pension funds in the US and UK, had until August 6 to decide whether to liquidate the fund with a consumer sale of assets or appoint a third to take care of him.
A person close to the matter told The Guardian that the fund’s largest investor, the Oregon public pension fund, was leading a push to transfer management of the Novalpina fund to the US-based BRG.
Novalpina declined to comment. NSO declined to comment. BRG did not immediately respond to a request for comment.
The deal has yet to be closed. The Israeli government, which has close oversight over NSO and the export of its surveillance technology, will likely have a say in transferring the management of the fund that owns NSO to another company.
According to its website, BRG is a global consulting firm that “helps organizations advance in three key areas”: disputes and investigations, corporate finance and performance improvement.
If the deal goes through, the California-based company would take over the fund that NSO owns at a difficult time for the Israeli company. The French government has called for an investigation into allegations that NSO clients listed key government officials, including most of Emmanuel Macron’s cabinet, as persons of concern. In the US, a senior Biden administration official involved in national security has also raised concerns about the Pegusus project disclosures to an Israeli official.
The Pegasus project was organized by Forbidden Stories, a French media organization.
Forensic analysis of dozens of phones by Amnesty International’s security lab, a technical partner of the Pegasus project, found that many of the phones analyzed and included in the leaked list had been infected by NSO’s spyware, called Pegasus, or that Infections had been attempted.
When NSO’s Pegasus spyware infects a phone, government customers using it can gain access to a person’s phone conversations, messages, photos, and location, as well as turn the phone into a portable listening device by tampering with its tape recorder.
The leak contains a list of more than 50,000 phone numbers that NSO customers are believed to have identified as persons of interest since 2016.
The appearance of a number in the leaked list does not mean that it was the subject of a hacking attempt or a successful hacking. NSO said that President Macron was not a “target” of any of his clients, which means the company denies that there was any attempted or successful Pegasus infection on its phone.
NSO has also said the data is “irrelevant” to the company, and has dismissed the Pegasus project report as “full of flawed assumptions and unsubstantiated theories.” He denied that the leaked data represented those who were being monitored by the Pegasus software. NSO has called the 50,000 number overkill and said it was too large to represent Pegasus’ target people.