It has been two years since executives at NSO Group, the Israeli cyber security business behind the world’s leading spyware, have been able to speak publicly.

Before NSO’s acquisition by its co-founders and London private equity firm Novalpina Capital in 2019, the Tel Aviv cyber mercenary business was blocked from having its own website or speaking to journalists.

Shalev Hulio, the company’s fast-talking chief executive, is keen to make up for lost time. “I truly believe we have nothing to hide,” he says in a Zoom call from his office. “This market is full of misunderstandings and conspiracy theories, full of urban legends about NSO,” he says.

NSO employees say the business is like any other cyber security company that works with law enforcement and governments around the world.

The company’s main product is Pegasus, spyware that lets customers intercept messages using a target’s phone number, leaving them unaware they’re being spied on.

Privacy activists and security researchers allege that some NSO clients used Pegasus to spy on human rights activists and journalists.

The most serious allegation has been that NSO’s software was used to intercept the messages of Jamal Khashoggi, the Saudi Arabian journalist killed in 2018.

Hulio has denied any involvement in Khashoggi’s death, telling US television: “We had nothing to do with this horrible murder.”

Concerns about the spyware have created a rare alliance of some of the world’s largest technology companies, with businesses including Google and Microsoft filing a motion to support an ongoing legal battle by WhatsApp against NSO.

Hulio hopes to usher in a new era of cooperation with his critics. “I’m willing to speak with anyone,” he says. “Any human rights organisation, any NGO, any research organisation, any university that’s willing to speak to us.”

NSO’s attempt to cultivate a friendlier image involves expanding into less controversial fields such as counter-drone software and search and rescue systems.

One week earlier, Hulio addressed a room of his employees celebrating a return to the office after more than 90pc of them were vaccinated. As Hulio welcomed employees back, three of them sat in a conference room giving a demonstration of Eclipse, NSO’s anti-drone system that can detect drones in sensitive areas and bring them safely to the ground.

On-screen, a satellite image showed an unnamed European power plant that has placed NSO sensors around its site. If a drone strays into the plant’s airspace, NSO’s system hijacks its controls and flies it towards a landing area.

“Off the shelf drones pose the greatest amount of threat,” says Itamar Azuri, an NSO employee who sells the software to governments, power plants and prisons.

Across from him, NSO’s anti-drone head Gilad Sahar checks his two smartphones. Sahar, a veteran of Israel’s elite Unit 8200 intelligence squad, joined NSO when it bought his anti-drone company Convexum for $60m (£43.5m) in 2020.

Sahar holds a whispered conversation with an NSO employee when asked if the anti-drone system uses the same technology as Pegasus. “I would say it’s very similar in spirit,” he says. “It’s not the same technology that was copied from one solution to the other.”

Concerns of misuse

NSO says that Pegasus has become a vital tool of governments that would otherwise be unable to intercept the messages of terrorists. But groups including Amnesty International and Citizen Lab, a Toronto-based academic laboratory, claim to have uncovered evidence showing misuse of the tool.

In December, Citizen Lab alleged that 36 Al Jazeera journalists had been hacked using Pegasus.

An NSO insider said the business is investigating the matter. Insiders say NSO investigates allegations of misuse of its tools and regularly turns away countries that attempt to buy access to Pegasus.

In January, the business told The Telegraph that it had recently blocked customers that had been found to have misused Pegasus spyware.

NSO faces an ongoing US lawsuit from WhatsApp, which claimed that 1,400 of its users were hacked by NSO in a two-week period in 2019.

Lawyers working for NSO have said in legal filings that NSO should be immune from prosecution because “NSO invents cyber solutions that NSO itself does not use; the only users of these products are NSO’s customers – foreign sovereign states”.

Beyond Pegasus

NSO hopes that focusing on products other than Pegasus will help improve its image. One of these is technology to track smartphones following earthquakes.

Yochay Manoff, an NSO vice-president, is also the commander of an Israeli search and rescue unit. “Shalev ordered that there will be an on-call team of employees available 24/7 for any search and rescue operation,” he says in a video call.

Manoff says NSO has developed a tool that can be used to find people trapped in rubble by measuring the strength of their smartphone signal.

“The technology works by imitating a public antenna,” he says.

Citizen Lab has claimed that Circles, NSO’s search and rescue technology, is actually a surveillance system that can locate smartphones around the world. NSO has denied this.

NSO’s attempt to soften its public image by focusing on search and rescue efforts as well as initiatives such as an NSO-branded truck that drove around Israel collecting items to donate to charity have not impressed activists.

“As long as the company continues to seek growth, the harms that it causes will grow apace,” says John Scott-Railton, a senior researcher at Citizen Lab. “They don’t seem to be willing to directly tackle that problem and so instead are trying to rebrand and say ‘Hey, look over here,’ pointing anywhere but their direct problem.”

Danna Ingleton, of Amnesty International, shares his concerns. “It really does seem like lip service to try and better their image rather than actual attempts to clean up their operations and the industry,” she says.

The continued scrutiny from activists could be a problem for NSO’s plan to attract investors for a float in either Tel Aviv or New York in the coming years with a valuation that could reach as high as $2bn.

Hulio’s wish is now to engage with campaigners to form rules on how cyber mercenary businesses such as NSO should function. He says: “The best thing they can do is to come to a conversation and create global standards for how cyber intelligence should work … Everybody would benefit from this.”

If Hulio gets his way, NSO could emerge from its secretive past to become a global cyber security company that could attract a blockbuster valuation. But the debate over NSO is far from over.