WhatsApp Inc. et al v. NSO Group Technologies Limited et al
Filing
1
COMPLAINT against NSO Group Technologies Limited, Q Cyber Technologies Limited ( Filing fee $ 400, receipt number 0971-13834740.). Filed byFacebook Inc., WhatsApp Inc.. (Attachments: #1 Exhibit 1 through 11, #2 Civil Cover Sheet)(LeBlanc, Travis) (Filed on 10/29/2019)
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 1 of 111
EXHIBIT 1
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 2 of 111
Ministry of Justice
[emblem]
Registrar of Companies
State of Israel
Companies Law, 5760-1999
Company Incorporation Certificate
This is to certify that
N.S.O. GROUP TECHNOLOGIES LTD
[bilingual text]
got incorporated and registered according to the Companies Law as a Limited Liability Company
25/01/2010
10th of Sh’vat, 5770
Company no. 514395409
[stamp:]
Ministry of Justice
Registrar of Companies
[emblem:] State of Israel
[signature]
Einat Messika, Adv.
Registrar of Companies
[stamp:]
[logo]
Corporations Authority
A confirmation that this document has
been signed electronically, it is a copy of
the document (original or copy) that is in
the file of the Corporations Authority on
the day of the signature
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 3 of 111
[emblem:] State of Israel
Ministry of Justice
This document is a copy scanned in its entirety on the indicated day and hour, via
trusted digital scanning of the document found in the file, in accordance to the
inspection regulation at the Ministry of Justice.
Signed by
Ministry of Justice (institutional signature).
[stamp:]
[logo]
Corporations Authority
A confirmation that this document has
been signed electronically, it is a copy of
the document (original or copy) that is in
the file of the Corporations Authority on
the day of the signature
PUBLIC0637849
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 4 of 111
EXHIBIT 2
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 5 of 111
09/25/2019 - Screenshot from https://www.documentcloud.org/documents/6401851-NSO-Emails-with-DEA.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 6 of 111
EXHIBIT 3
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 7 of 111
09/25/2019 - Screenshot from https://www.documentcloud.org/documents/6401851-NSO-Emails-with-DEA.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 8 of 111
EXHIBIT 4
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 9 of 111
09/23/2019 - Screenshot of https://www.franciscopartners.com/news/nso-group-acquired-by-its-management
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 10 of 111
09/23/2019 - Screenshot of https://www.franciscopartners.com/news/nso-group-acquired-by-its-management
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 11 of 111
EXHIBIT 5
[emblem:]
State of Israel
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 12 of 111
[logo:]
[text cut off]
[barcode:] 17042-905
State of Israel
Ministry of Justice
Corporations Authority
Registrar of Companies
Private Company Annual Report
(Section 141 of the Companies Law 5759-1999 (hereinafter: “the Law”))
The data can be typed in or filled out in clear handwriting without using black ink.
Company name
NSO Group Technologies Ltd.
Address of the registered office1
22 Galgalei Haplada, Hertsliya, Israel 4672222
Company number
514395409
Telephone
Company Email (if any)
The report is updated as of (state the date of signing the
report in order to submit it to the Registrar of
Companies)
[hw:] 7/1/19
Annual meeting was conducted on the day2
7.1.2019
Share Capital Distribution
Total registered capital of the company
Share name and its set value
(for shares with set value)
Ordinary, set value – 0.01
Ordinary A, set value – 0.01
Preferred A, set value – 0.01
Ordinary
Ordinary A
Preferred A
Number of shares in the registered capital
Number of allotted shares
Share value
Ordinary – 548,940
Ordinary A – 26,290
Preferred A – 424,770
Ordinary – 185,716
Ordinary A – 8,936
Preferred A – 295,170
0.01
10,000
Share type
Shareholders and their shares
Shareholder name
ID number3
Q Cyber Technologies Ltd
514971522
Type of shares
Ordinary
Ordinary A
Preferred A
Number of shares
118,263
8,936
295,170
Shareholder name
ID number3
NSO Group Technologies Ltd.
514395409
Type of shares
Ordinary
Number of shares
67,453
Address (city, street, house no., zip code)
22 Galgalei Haplada, Hertsliya, Israel Zip Code
4672222
Unpaid amount in exchange for the shares
Address (city, street, house no., zip code)
22 Galgalei Haplada, Hertsliya, Israel Zip Code
4672222
Unpaid amount in exchange for the shares
_____________________
1 Listing a P.O. Box as the company’s address is not enough.
2
The last date on which the annual meeting was conducted, indicate below in the appropriate place whether the company is exempt from conducting
annual meetings according to Section 61 of the Law.
[stamp:]
3
A non-holder of the Israeli ID shall indicate his passport number and the country it was issued in, and in the first report of[logo]
this person, a copy shall
be attached, as stated in Regulation 16 of the Companies Regulations (reporting, registration details and forms), 5760-1999. If the shareholder is a
Corporations Authority
corporation, a registration number of the corporation shall be indicated, and if it is a foreign corporation, the copy of incorporation certificate and the
A confirmation that this document has
required certificates as stated in Regulation 16, shall be attached in the first report of the corporation.
been signed electronically, it is a copy of
the document (original or copy) that is in
the file of the Corporations Authority on
the day of the signature
Case 3:19-cv-07123 State of Israel
Document 1-1 Filed 10/29/19 Page 13 of 111
[emblem:]
[logo:]
State of Israel
Ministry of Justice
Corporations Authority
Corporations Authority
Registrar of Companies
Bearer Shares for the period
* Fill out if bearer shares have been issued before 17.09.2016, and the update has not been performed as stated below:
In accordance with the Amendment no. 28 to the Companies Law 5759-1999, which came into force on 17.09.2016, bearer shares can
be no longer issued. A holder of bearer shares issued on the eve of the law coming into force shall be entitled to return the banknote to
the company, and the company shall cancel it and issue a share for him that is registered in the Registry of Shareholders of the
Company. A bearer share that is not returned as stated shall become a frozen share, as stated in Section 308 of the Law, and it shall not
grant him rights until the date stated on the share, which will be recorded in the Registry of Shareholders of the Company.
Total bearer shares for the period
No. of shares in each note
Note no.
Details of active directors
Director name
Q Cyber Technologies Ltd
ID number
514971522
Starting date as a director (year, month, day)
19/3/2014
Address (city, street, house no., zip code)
22 Galgalei Haplada, Hertsliya, Israel 4672222
Details of directors who stopped their activity (since the date of the previous annual report)
Director name
ID number
End date as a director (year, month, day)
Director name
ID number
End date as a director (year, month, day)
Director name
ID number
End date as a director (year, month, day)
Director name
ID number
End date as a director (year, month, day)
Mark the appropriate option with X:
No change has occurred in the details that were reported regarding the foreign directors according to Regulation 16 from the mentioned
regulations.
Change has occurred in the details that were reported regarding the foreign directors, and the documents required under Regulation 16 have been
attached to the annual report.
Authorized party to report to the registrar on behalf of the company, according to Section 39 of the Law
Filling out the details of the authorized party to report according to Section 39 in this Form will allow the party whose details are entered
here to relay updates about the company in a digital manner.
For more information, see: http://www.justice.gov.il/Units/RasutHataagidim/units/RashamHachvarot/TfasimNew/Pages/Online.aspx
Full name
[hw:] [illegible] Idisis
ID number
032063521
Position in the company
Financial director
[stamp:]
[logo]
Corporations Authority
A confirmation that this document has
been signed electronically, it is a copy of
the document (original or copy) that is in
the file of the Corporations Authority on
the day of the signature
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 14 of 111
EXHIBIT 6
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 15 of 111
[emblem:]
State of Israel
State of Israel
Ministry of Justice – Corporations Authority
Registrar of Companies and Partnerships
[logo:]
Corporations Authority
Company Incorporation Certificate
This is to certify that the company:
L.E.G.D. COMPANY LTD
[bilingual text]
whose number is 514971522
got incorporated and registered on 02/12/2013 - 29th of Kislev 5774,
according to the Companies Law, 5760-1999, as a Limited Liability Company.
Issued in Jerusalem on:
02/12/2013
29th of Kislev 5774
[signature]
Zohar Horan
Corporations Authority
Registrar of Companies and Partnerships
[stamp:]
Ministry of Justice
Registrar of Companies
[stamp:]
and Partnerships
[logo]
[emblem:] State of Israel
Corporations Authority
A confirmation that this document has
been signed electronically, it is a copy of
the document (original or copy) that is in
the file of the Corporations Authority on
the day of the signature
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 16 of 111
[emblem:] State of Israel
Ministry of Justice
This document is a copy scanned in its entirety on the indicated day and hour, via
trusted digital scanning of the document found in the file, in accordance to the
inspection regulation at the Ministry of Justice.
Signed by
Ministry of Justice (institutional signature).
[stamp:]
[logo]
Corporations Authority
A confirmation that this document has
been signed electronically, it is a copy of
the document (original or copy) that is in
the file of the Corporations Authority on
the day of the signature
PUBLIC0637849
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 17 of 111
EXHIBIT 7
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 18 of 111
[stamp:]
[emblem:]
State of Israel
Document Start
State of Israel
Ministry of Justice – Corporations Authority
Registrar of Companies and Partnerships
[logo:]
Corporations Authority
Company Name Change Certificate
This is to certify that the company
L.E.G.D. COMPANY LTD
[bilingual text]
whose number is 514971522
has changed its name, and it shall be called from now on
Q CYBER TECHNOLOGIES LTD
[bilingual text]
Issued in Jerusalem on
29/05/2016
21st of Iyyar, 5776
[stamp:]
[emblem:] State of Israel
Ministry of Justice
Registrar of Companies and
Partnerships
[signature]
Eyal Globus, Adv.
Registrar of Companies and Partnerships
Head of Corporations Authority
Issued by Eyal Goldring
[stamp:]
[logo]
Corporations Authority
A confirmation that this document has
been signed electronically, it is a copy of
the document (original or copy) that is in
the file of the Corporations Authority on
the day of the signature
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 19 of 111
EXHIBIT 8
06/26/19 - web.archive.org screenshot of nsogroup.com
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 20 of 111
9102 guA 13 - 1102 naJ 5
Helping Governments Maintain Public Safety
NSO Group, a Q Cyber Technologies company, develops best-in-class technology to help government
agencies detect and prevent a wide-range of local and global threats.
Our products help government intelligence and law-enforcement agencies use technology to meet the
challenges of encryption to prevent and investigate terror and crime.
NSO technology is designed by telecommunications and intelligence experts who, positioned at the
forefront of their fields, are dedicated to keeping pace with the ever-changing cyber world.
LEARN MORE
26
2012 2019
0202
TECHNOLOGY
👤
▾
⍰❎
f 🐦
erutpac siht tuobA
/moc.puorgosn.www//:sptth
OUR
oG
100 captures
MAY JUN JUL
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 21 of 111
EXHIBIT 9
[emblem:]
State of Israel
[logo:]
Case 3:19-cv-07123 State of Israel
Document 1-1 Filed 10/29/19 Page 22 of 111
[text cut off]
[barcode:] 17903-560
Ministry of Justice
Corporations Authority
Registrar of Companies
Private Company Annual Report
(Section 141 of the Companies Law 5759-1999 (hereinafter: “the Law”))
The data can be typed in or filled out in clear handwriting without using black ink.
Company name
Q Cyber Technologies Ltd
Address of the registered office1
22 Galgalei Haplada, Hertsliya, Israel 4672222
Company number
514971522
Telephone
Company Email (if any)
The report is updated as of (state the date of signing the
report in order to submit it to the Registrar of
Companies)
[hw:] 16/6/19
Annual meeting was conducted on the day2
7.1.2019
Share Capital Distribution
Total registered capital of the company
Share name and its set value
(for shares with set value)
Share type
100,000
Ordinary, set value – 0.01
Ordinary
Number of shares in the registered capital
Number of allotted shares
Share value
Ordinary – 10,000,000
Ordinary – 100,000
0.01
Shareholders and their shares
Shareholder name
ID number3
Address (city, street, house no., zip code)
OSY TECHNOLOGIES S.A.R.L.
B184226
Luxembourg
Type of shares
Ordinary
Number of shares
100,000
Unpaid amount in exchange for the shares
Bearer Shares for the period*
* Fill out if bearer shares have been issued before 17.09.2016, and the update has not been performed as stated below:
In accordance with the Amendment no. 28 to the Companies Law 5759-1999, which came into force on 17.09.2016, bearer shares can
be no longer issued. A holder of bearer shares issued on the eve of the law coming into force shall be entitled to return the banknote to
the company, and the company shall cancel it and issue a share for him that is registered in the Registry of Shareholders of the
Company. A bearer share that is not returned as stated shall become a frozen share, as stated in Section 308 of the Law, and it shall not
grant him rights until the date stated on the share, which will be recorded in the Registry of Shareholders of the Company.
_____________________
[stamp:]
1 Listing a P.O. Box as the company’s address is not enough.
[logo]
2 The last date on which the annual meeting was conducted, indicate below in the appropriate place whether the company is exempt from conducting
Corporations Authority
annual meetings according to Section 61 of the Law.
A confirmation that this a copy shall
3 A non-holder of the Israeli ID shall indicate his passport number and the country it was issued in, and in the first report of this person,document has
been 5760-1999. If the shareholderais a of
be attached, as stated in Regulation 16 of the Companies Regulations (reporting, registration details and forms), signed electronically, it is copy
the document (original or copy) that is
corporation, a registration number of the corporation shall be indicated, and if it is a foreign corporation, the copy of incorporation certificate and the in
required certificates as stated in Regulation 16, shall be attached in the first report of the corporation.
the file of the Corporations Authority on
the day of the signature
[emblem:]
State of Israel
[logo:]
State of Israel
Ministry of Justice Filed 10/29/19 Page 23 of Corporations Authority
Case 3:19-cv-07123 Document 1-1
111
Corporations Authority
Registrar of Companies
Total bearer shares for the period
No. of shares in each note
Note no.
Details of active directors
Director name
OSY TECHNOLOGIES S.A.R.L.
ID number
B184226
Starting date as a director (year, month, day)
17/3/2014
Address (city, street, house no., zip code)
Luxembourg
Details of directors who stopped their activity (since the date of the previous annual report)
Director name
ID number
End date as a director (year, month, day)
Director name
ID number
End date as a director (year, month, day)
Director name
ID number
End date as a director (year, month, day)
Director name
ID number
End date as a director (year, month, day)
Mark the appropriate option with X:
No change has occurred in the details that were reported regarding the foreign directors according to Regulation 16 from the mentioned
regulations.
Change has occurred in the details that were reported regarding the foreign directors, and the documents required under Regulation 16 have been
attached to the annual report.
Authorized party to report to the registrar on behalf of the company, according to Section 39 of the Law
Filling out the details of the authorized party to report according to Section 39 in this Form will allow the party whose details are entered
here to relay updates about the company in a digital manner.
For more information, see: http://www.justice.gov.il/Units/RasutHataagidim/units/RashamHachvarot/TfasimNew/Pages/Online.aspx
Full name
Yifa Idisis
ID number
032063521
Position in the company
Financial director
Fulfillment of the instructions of Section 171 (C) of the Law
The Board of Directors has approved the financial reports __ (mark X if done).
Fulfillment of the instructions of Section 173 of the Law – (mark the appropriate option with X)
The financial documents have been presented at the last annual meeting as required.
If the company is not required to conduct annual meetings according to Section 61 (A) of the Law, indicate whether the financial reports have
been sent to the shareholders according to Section 61 (A) of the Law.
The company is not required to submit financial reports at the annual meeting, as stated in Section 172 (G) of the Law.
Controlling accountant (mark the appropriate option with X).
The company has a controlling accountant, as stated in Section 154 of the Law.
[stamp:]
[logo]
Corporations Authority
A confirmation that this document has
been signed electronically, it is a copy of
the document (original or copy) that is in
the file of the Corporations Authority on
the day of the signature
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 24 of 111
EXHIBIT 10
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 25 of 111
Pegasus – Product Description
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 26 of 111
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 27 of 111
Contents
Introduction ....................................................................................................................... 1
Overcoming Smartphone Interception Challenge ................................................... 1
Standard Interception Solutions Are Not Enough ................................................... 1
Cyber Intelligence for the Mobile World ......................................................................... 3
Benefits of Pegasus ................................................................................................ 3
Technology Highlights ............................................................................................ 3
High Level Architecture ........................................................................................... 4
Agent Installation .............................................................................................................. 6
Agent Purpose ........................................................................................................ 6
Agent Installation Vectors ....................................................................................... 6
Agent Installation Flow ............................................................................................ 7
Supported Operating Systems & Devices .............................................................. 8
Installation Failure ................................................................................................... 8
Remote Installation Benefits ................................................................................... 9
Data Collection ................................................................................................................ 10
Initial Data Extraction ............................................................................................ 11
Passive Monitoring................................................................................................ 11
Active Collection ................................................................................................... 11
Description of Collected Data ............................................................................... 12
Collection Buffer ....................................................................................................15
Data Transmission .......................................................................................................... 16
Data Transmission Security .................................................................................. 17
Pegasus Anonymizing Transmission Network ..................................................... 17
Data Presentation & Analysis ........................................................................................ 18
Rules & Alerts ......................................................................................................21
Data Export ....................................................................................................... ..22
Agent Maintenance ......................................................................................................... 23
Agent Upgrade ...................................................................................................... 23
Agent Settings .......................................................................................................23
Agent Uninstall ...................................................................................................... 23
Solution Architecture ......................................................................................................25
Customer Site ......................................................................................................25
Public Networks .................................................................................................... 26
Target Devices ...................................................................................................... 27
Solution Hardware .......................................................................................................... 28
Operators Terminals ............................................................................................. 28
System Hardware ................................................................................................. 28
System Setup and Training ............................................................................................31
System Prerequisites ............................................................................................ 31
System Setup ......................................................................................................31
Training ............................................................................................................. 31
High Level Deployment Plan ................................................................................ 32
System Acceptance Test (SAT) ............................................................................ 33
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 28 of 111
Maintenance, Support and Upgrades ........................................................................... 34
Maintenance and Support ..................................................................................... 34
Upgrades ............................................................................................................ 34
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 29 of 111
List of Tables
Table 1: Collection Features Description .......................................................................... 12
Table 2: Presentation of Collected Data ........................................................................... 20
Table 3: Pegasus Deployment Plan ................................................................................. 32
List of Figures
Figure 1: Pegasus High Level Architecture ........................................................................ 5
Figure 2: Agent Installation Flow ........................................................................................ 7
Figure 3: Agent Installation Initiation ................................................................................... 8
Figure 4: Collected Data ................................................................................................... 10
Figure 5: Data Transmission Process ............................................................................... 16
Figure 6: Data Transmission Scenarios ............................................................................ 16
Figure 7: Calendar Monitoring .......................................................................................... 18
Figure 8: Call Log & Call Interception ............................................................................... 19
Figure 9: Location Tracking............................................................................................... 19
Figure 10: Solution Architecture ....................................................................................... 25
Figure 11: Pegasus Hardware .......................................................................................... 29
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 30 of 111
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 31 of 111
Introduction
Pegasus is a world-leading cyber intelligence solution that enables law enforcement and
intelligence agencies to remotely and covertly extract valuable intelligence from virtually any
mobile device. This breakthrough solution was developed by veterans of elite intelligence
agencies to provide governments with a way to address the new communications interception
challenges in today's highly dynamic cyber battlefield. By capturing new types of information
from mobile devices, Pegasus bridges a substantial technology gap to deliver the most
accurate and complete intelligence for your security operations.
Overcoming Smartphone Interception Challenge
The rapidly growing and highly dynamic mobile communications market - characterized by
the introduction of new devices, operating systems and applications on virtually a daily basis
– requires a rethinking of the traditional intelligence paradigm. These changes in the
communications landscape pose real challenges and obstacles that must be overcome by
intelligence organizations and law enforcement agencies worldwide:
Encryption: Extensive use of encrypted devices and applications to convey
messages
Abundance of communication applications: Chaotic market of sophisticated
applications, most of which are IP-based and use proprietary protocols
Target outside interception domain: Targets' communications are often outside the
organization's interception domain or otherwise inaccessible (e.g., targets are roaming,
face-to-face meetings, use of private networks, etc.)
Masking: Use of various virtual identities which are almost impossible to track and
trace
SIM replacement: Frequent replacement of SIM cards to avoid any kind of
interception
Data extraction: Most of the information is not sent over the network or shared with
other parties and is only available on the end-user device
Complex and expensive implementation: As communications become increasingly
complex, more network interfaces are needed. Setting up these interfaces with service
providers is a lengthy and expensive process, and requires regulation and
standardization
Standard Interception Solutions Are Not Enough
Until the above mentioned challenges are addressed and resolved, criminal and terrorist
targets are likely "safe" from standard and legacy interception systems, meaning that
valuable intelligence is being lost. These standard solutions (described in the sections below)
deliver only partial intelligence, leaving the organizations with substantial intelligence gaps.
Passive Interception
Passive interception requires very deep and tight relationships with local service providers
(cellular, Internet and PSTN providers) and traditionally has allowed for proper monitoring of
text messages and voice calls. However, most contemporary communications is comprised
of IP-based traffic, which is extremely difficult to monitor with passive interception due to its
use of encryption and proprietary protocols.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 32 of 111
Even when this traffic is intercepted, it typically carries massive amounts of technical data
that is not related to the actual content and metadata being communicated. Not only does this
result in frustrated analysts and wasted time wading through irrelevant data, it also provides a
partial snapshot (at best) of the target's communications. In addition, the number of interfaces
required to cover the relevant service providers broadens the circle of entities exposed to
sensitive information and increases the chance of leakage.
Tactical GSM Interception
Tactical GSM interception solutions effectively monitor voice calls and text messages in GSM
networks. When advanced cellular technologies are deployed (3G and LTE networks), these
solutions become less efficient. In such cases, it is required to violently downgrade the target
to a GSM-based network, which noticeably impacts the user experience and functionality.
These solutions also require a well-trained field tactical team located near the monitored
target. Thus, in the majority of cases where the target location is unknown, these solutions
become irrelevant. In other cases, placing a tactical team close to the target may pose
serious risk both to the team and to the entire intelligence operation.
Malicious Software (Malware)
Malware presumably provides access to the target's mobile device. However, it is not
completely transparent and requires the target's involvement to be installed on their devices.
This type of engagement usually takes the form of multiple confirmations and approvals
before the malware is functional. Most targets are unlikely to be fooled into cooperating with
malware due to their high level of sensitivity for privacy in their communications.
In addition, such malware is likely to be vulnerable to most commercially available anti-virus
and anti-spyware software. As such, they leave traces and are fairly easily detected on the
device.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 33 of 111
Cyber Intelligence for the Mobile World
Pegasus is a world-leading cyber intelligence solution that enables law enforcement and
intelligence agencies to remotely and covertly extract valuable intelligence from virtually any
mobile device. This breakthrough solution was developed by veterans of elite intelligence
agencies to provide governments with a way to address the new communications interception
challenges in today's highly dynamic cyber battlefield.
By capturing new types of information from mobile devices, Pegasus bridges a substantial
technology gap to deliver the most accurate and complete intelligence for your security
operations. This solution is able to penetrate the market's most popular smartphones based
on BlackBerry, Android, iOS and Symbian operating systems.
Pegasus silently deploys invisible software ("agent") on the target device. This agent then
extracts and securely transmits the collected data for analysis. Installation is performed
remotely (over-the-air), does not require any action from or engagement with the target, and
leaves no traces whatsoever on the device.
Benefits of Pegasus
Organizations that deploy Pegasus are able to overcome the challenges mentioned above to
achieve unmatched mobile intelligence collection:
Unlimited access to target's mobile devices: Remotely and covertly collect
information about your target's relationships, location, phone calls, plans and
activities – whenever and wherever they are
Intercept calls: Transparently monitor voice and VoIP calls in real-time
Bridge intelligence gaps: Collect unique and new types of information (e.g., contacts,
files, environmental wiretap, passwords, etc.) to deliver the most accurate and complete
intelligence
Handle encrypted content and devices: Overcome encryption, SSL, proprietary
protocols and any hurdle introduced by the complex communications world
Application monitoring: Monitor a multitude of applications including Skype,
WhatsApp, Viber, Facebook and Blackberry Messenger (BBM)
Pinpoint targets: Track targets and get accurate positioning information using GPS
Service provider independence: No cooperation with local Mobile Network Operators
(MNO) is needed
Discover virtual identities: Constantly monitor the device without worrying about
frequent switching of virtual identities and replacement of SIM cards
Avoid unnecessary risks: Eliminate the need for physical proximity to the target or
device at any phase
Technology Highlights
The Pegasus solution utilizes cutting-edge technology specially developed by veterans of
intelligence and law enforcement agencies. It offers a rich set of advanced features and
sophisticated intelligence collection capabilities not available in standard interception
solutions:
Penetrates Android, BlackBerry, iOS and Symbian based devices
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 34 of 111
Extracts contacts, messages, emails, photos, files, locations, passwords, processes
list and more
Accesses password-protected devices
Totally transparent to the target
Leaves no trace on the device
Minimal battery, memory and data consumption
Self-destruct mechanism in case of exposure risk
Retrieves any file from the device for deeper analysis
High Level Architecture
The Pegasus system is designed in layers. Each layer has its own responsibility forming
together a comprehensive cyber intelligence collection and analysis solution.
The main layers and building blocks of the systems are:
Installations: The Installation layer is in charge of issuing new agent installations,
upgrading and uninstalling existing agents.
Data Collection: The Data Collection layer is in charge of collecting the data from the
installed device. Pegasus offers comprehensive and complete intelligence by employing
four collection methods:
– Data Extraction: Extraction of the entire data that exists on the device upon
agent installation
– Passive Monitoring: Monitor new arrival data to the device
– Active Collection: Activate the camera, microphone, GPS and other elements to
collect real-time data
– Event-based Collection: Define scenarios that automatically triggers specific
data collection
Data Transmission: The Data Transmission layer is in charge of transmitting the
collected data back to the command and control servers, using the most efficient and
safe way.
Presentation & Analysis: The Presentation & Analysis component is a User Interface
that is in charge of presenting the collected data to the operators and analysts, turning
the data into actionable intelligence. This is done using the following modules:
– Real-Time Monitoring: Presents real-time collected data from specific or multiple
targets. This module is highly important when dealing with sensitive targets or during
operational activities, where each piece of information that arrives is crucial for
decision making.
– Offline Analysis: Advanced queries mechanism that allows the analysts to query
and retrieve any piece of information that was collected. The advanced mechanism
provides tools to find hidden connections and information.
– Geo-based Analysis: Presents the collected data on a map and conduct
geo-based queries.
– Rules & Alerts: Define rules that trigger alerts based on specific data that arrives or
event that occurred.
Administration: The administration component is in charge of managing the entire
system permission, security and health:
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 35 of 111
– Permission: The permissions mechanism allows the system administrator to
manage the different users of the system. Provide each one of them the right
access level only to the data they are allowed to. This allows to define groups in the
organization that handle only one or more topics and other groups which handles
different topics.
– Security: The security module monitors the system security level, making sure
the collected data is inserted to the system database clean and safe for future
review.
– Health: The health component of the Pegasus solution monitor the status of all
components making sure everything is working smoothly. It monitors the
communication between the different parts, the system performance, the storage
availability and alerts if something is malfunction.
The system layers and components are shown in Figure 1.
Figure 1: Pegasus High Level Architecture
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 36 of 111
Agent Installation
In order to start collecting data from your target’s smartphone, a software based component
("Agent") must be remotely and covertly installed on their device.
Agent Purpose
The “Agent”, a software based component, resides on the end point devices of the monitored
targets and its purpose is to collect the data it was configured to. The agent is supported on
the most popular operating systems: BlackBerry, Android, iOS (iPhone) and Symbian based
devices.
Each agent is independent and is configured to collect different information from the device
and to transmit it via specific channels in defined timeframes. The data is sent back to the
Pegasus servers in a hidden, compressed and encrypted manner.
The agent continuously collects the information from the device and will transmit it once
reliable internet connection becomes available.
Communications encryption, the use of many applications and other communications
concealing methods are no longer relevant when an agent is installed on the device.
Agent Installation Vectors
Injecting and installing an agent on the device is the most sensitive and important phase of
intelligence operation conducted on the target device. Each installation has to be carefully
planned to ensure it is successful. The Pegasus system supports various installation
methods. The installation methods variety answers the different operational scenarios which
are unique to each customer, resulting in the most comprehensive and flexible solution.
Following are the supported installation vectors:
Remote Installation (range free):
Over-the-Air (OTA): A push message is remotely and covertly sent to the mobile
device. This message triggers the device to download and install the agent on the
device. During the entire installation process no cooperation or engagement of the target
is required (e.g., clicking a link, opening a message) and no indication appears on the
device. The installation is totally silent and invisible and cannot be prevented by the
target. This is NSO uniqueness, which significantly differentiates the Pegasus solution
from any other solution available in the market.
Enhanced Social Engineering Message (ESEM): In cases where OTA installation
method is inapplicable1, the system operator can choose to send a regular text message
(SMS) or an email, luring the target to open it. Single click, either planned or
unintentional, on the link will result in hidden agent installation. The installation is entirely
concealed and although the target clicked the link they will not be aware that software is
being installed on their device.
The chances that the target will click the link are totally dependent on the level of
1 e.g., some devices do not support it; some service providers block push messages; target phone number in unknown.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 37 of 111
content credibility. The Pegasus solution provides a wide range of tools to compose
a tailored and innocent message to lure the target to open the message.
NOTE: Both OTA and ESEM methods require only a phone number or an email address that
is used by the target. Nothing else is needed in order to accomplish a successful installation
of the Pegasus agent on the device.
Close to the target (range limited):
Tactical Network Element: The Pegasus agent can be silently injected once the
number is acquired using tactical network element such as Base Transceiver Station
(BTS). The Pegasus solution leverages the capabilities of such tactical tools to perform a
remote injection and installation of the agent. Taking a position in the area of the target
is, in most cases, sufficient to accomplish the phone number acquisition. Once the
number is available, the installation is done remotely.
Physical: When physical access to the device is an option, the Pegasus agent can be
manually injected and installed in less than five minutes. After agent installation, data
extraction and future data monitoring is done remotely, providing the same features of
any other installation method.
NOTE: Tactical and Physical installations are usually used where no target phone number or
email address are available.
Agent Installation Flow
Remote agent installation flow is shown in Figure 2.
Figure 2: Agent Installation Flow
In order to initiate a new installation, the operator of the Pegasus system should only insert
the target phone number. The rest is done automatically by the system, resulting in most
cases with an agent installed on the target device.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 38 of 111
Agent installation initiation is shown in Figure 3.
Figure 3: Agent Installation Initiation
Supported Operating Systems & Devices
NOTE: Android-based devices are often added to the supported list. An updated list can be
sent upon customer request.
Installation Failure
The installation can sometimes fail due to following reasons:
1. Unsupported device: the target device is not supported by the system (which appears
above).
2. Unsupported OS: the operating system of the target device is not supported by the
system.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 39 of 111
3. Unsupported browser: the default browser of the device was previously replaced by
the target. Installation from browsers other than the device default (and also Chrome for
Android based devices) is not supported by the system.
In any of the above mentioned cases, if the operator initiates a remote installation to a
non-supported device, operating system or browser, the injection will fail and the installation
will be aborted. In these cases the process is finished with an open browser on the target
device pointing and showing the URL page which was defined by the operator prior the
installation.
The device, OS and browser are identified by the system using their HTTP user agent. If by
any reason the user agent was manipulated by the target, the system might fail to correctly
identify the device and OS and provide the wrong installation payload. In such case, the
injection will fail and the installation will be aborted, showing again the above mentioned URL
page.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 40 of 111
Data Collection
Upon successful agent installation, a wide range of data is monitored and collected from the
device:
Textual: Textual information includes text messages (SMS), Emails, calendar
records, call history, instant messaging, contacts list, browsing history and more.
Textual information is usually structured and small in size, therefore easier to
transmit and analyze.
Audio: Audio information includes intercepted calls, environmental sounds
(microphone recording) and other audio recorded files.
Visual: Visual information includes camera snapshots, photos retrieval and screen
capture.
Files: Each mobile device contains hundreds of files, some bear invaluable
intelligence, such as databases, documents, videos and more.
Location: On-going monitoring of the device location (Cell-ID and GPS).
The variety of data that is collected by the Pegasus system is shown in Figure
4.
Figure 4: Collected Data
The data collection is divided into three levels:
Initial data extraction
Passive monitoring
Active collection
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 41 of 111
Initial Data Extraction
Once the agent is successfully injected and installed on the device, the following data that
resides and exists on the device can be extracted and sent to the command and control
center:
SMS records
Contacts details
Call history (call log)
Calendar records
Emails
Instant Messaging
Browsing history
As opposed to other intelligence collection solutions which provide only future monitoring of
partial communications, Pegasus allows the extraction of all existing data on the device. As a
result the organization benefits from accessing historical data about the target, which assists
in building a comprehensive and accurate intelligence picture.
NOTE: Initial data extraction is an option and not a must. If the organization is not allowed to
access historical data of the target, such option can be disabled and only new arrival data will be
monitored by the agent.
Passive Monitoring
From the point the agent was successfully installed it keeps monitoring the device and
retrieves any new record that becomes available in real-time (or at specific condition if
configured differently). Below is the full list of data that is monitored by the agent:
SMS records
Contacts details
Call history (call log)
Calendar records
Emails
Instant Messaging
Browsing history
Location tracking (Cell-ID based)
Active Collection
In addition to passive monitoring, upon successful agent installation a wide set of active
collection features becomes available. Active collection refers to active requests sent by the
operator to collect specific information from the installed device. These set of features are
called active, as they carry their collection upon explicit request of the operator. Active
collection allows the operator to perform real-time actions on the target device, retrieving
unique information from the device and from the surrounding area of the target, including:
Location tracking (GPS based)
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 42 of 111
Voice calls interception
File retrieval
Environmental sound recording (microphone recording)
Photo taking
Screen capturing
Active collection differentiates Pegasus from any other intelligence collection solution, as the
operator controls the information that is collected. Instead of just waiting for information to
arrive, hoping this is the information you were looking for, the operator actively retrieves
important information from the device, getting the exact information he was looking for.
Description of Collected Data
The different types of data available for extraction, passive monitoring and active collection
with their respective features are listed in Table 1.
Table 1: Collection Features Description
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 43 of 111
2 For active collection features, initial data is not extracted before a request is initiated by the user.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 44 of 111
The above mentioned data is the potential data that could be collected by an agent. The
agent will collect the data that is applicable and available on the device. If one or more of the
above mentioned applications does not exist and/or removed from the device, the agent will
operate in the same manner. It will collect the data from the rest of the services and
applications which are in use in the device. Also, all the collected data from the removed
application will still be saved on the servers or at the agent, if it was not yet transmitted back
to the servers.
In addition, the above mentioned data that is collected by the agent covers the most popular
applications used worldwide. Since applications popularity differs from country to country, we
understands that data extraction and monitoring of other applications will be required as time
evolves and new applications are adopted by targets. When such requirement is raised, we
can fairly easily extract the important data from virtually any application upon customer
demand and release it as a new release that will become available to the customer.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 45 of 111
Collection Buffer
The installed agent monitors the data from the device and transmits it to the servers. If
transmission is not possible3 the agent will collect the new available information and transmits
it when connection will become available. The collected data is stored in a hidden and
encrypted buffer. This buffer is set to reach no more than 5% of the free space available on
the device. For example – if the monitored device has 1GB of free space, the buffer can store
up to 50MB. In case the buffer has reached its limit, the oldest data is deleted and new data
is stored (FIFO). Once the data has been transmitted, the buffer content is totally deleted.
.
3 No data channels are available; Device is roaming; Device is shut down.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 46 of 111
Data Transmission
By default, the collected data (initial data extraction, passive monitoring and active collection)
is sent back to the command and control center in real-time. The data is sent via data
channels, where Wi-Fi is the preferred connection to use when it is available. In other cases
data is transmitted via cellular data channels (GPRS, 3G and LTE). Extra thought was put
into compression methods and focusing on textual content transmission whenever possible.
The data footprints are very small and usually take only few hundred bytes. This is to make
sure that the collected data is easily transmitted, ensuring minimal impact on the device and
on the target cellular data plan.
If data channels are not available, the agent will collect the information from the device and
store it in a dedicated buffer, as explained in Data Collection section.
Data transmission is automatically ceased in the following scenarios:
Low battery: When the device battery level is below the defined threshold (5%) all
data transmission processes are immediately ceased until the device is recharged.
Roaming device: When the device is roaming, cellular data channels become pricy,
thus data transmission is done only via Wi-Fi. If Wi-Fi does not exist, transmission will
be ceased.
When no data channels are available, and no indication for communication is coming back
from the device, the user can request the device will communicate and/or send some crucial
data using text messages (SMS).
CAUTION: Communication and/or data transmission via SMS may incur costs by the target
and appear in his billing report thus should be used sparingly.
The communication between the agent and the central servers is indirect (through
anonymizing network), so trace back to the origin is non-feasible.
The Pegasus system data transmission process is shown in Figure 5.
Figure 5: Data Transmission Process
The channels and scenarios for transmitting the collected data are shown in Figure 6.
Figure 6: Data Transmission Scenarios
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 47 of 111
Data Transmission Security
All connections between the agents and the servers are encrypted with strong algorithms and
are mutually authenticated. While data encryption is probably the most urging issue, extra
care was given to ensure minimal data, battery and memory are consumed within the agents
requirements. This is meant to make sure that no concerns are raised by the target.
Detecting an operating agent by the target is almost impossible. The Pegasus agent is
installed at the kernel level of the device, well concealed and is untraceable by antivirus and
antispy software.
The transmitted data is encrypted with symmetric encryption AES 128-bit.
Pegasus Anonymizing Transmission Network
Agent transparency and source security are the guiding principles of the Pegasus solution.
To assure that trace back to the operating organization is impossible, the Pegasus
Anonymizing Transmission Network (PATN), a network of anonymizers is deployed to serve
each customer. The PATN nodes are spread in different locations around the world, allowing
agent connections to be redirected through different paths prior to reaching the Pegasus
servers. This ensures that the identities of both communicating parties are highly obscured.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 48 of 111
Data Presentation & Analysis
Successful data collection from hundreds of targets and devices generates massive amounts
of data for visualization, presentation and analysis. The system provides a set of operational
tools to help the organization to transform data into actionable intelligence. This is to view,
sort, filter, query and analyze the collected data. The tools include:
Geographical analysis: Track target's real-time and historical location, view several
targets on map
Rules and alerts: Define rules to generate alerts upon important data arrival
Favorites: Mark important and favorite events for subsequent review and deeper
analysis
Intelligence dashboard: View highlights and statistics of target's activities
Entity management: Manage targets by groups of interest (e.g., drugs, terror, serious
crime, location, etc.)
Timeline analysis: Review and analyze collected data from a particular time frame
Advanced search: Conduct search for terms, names, code words and numbers to
retrieve specific information
The collected data is organized by groups of interest (e.g., drugs group A, terror group B,
etc.) and each group consists of targets. Each target consists of several devices which some
have installed agents on them.
The collected data is displayed in an easy-to-use intuitive user interface and when applicable
emulates popular display of common applications. The intuitive user interface is designed for
a day-to-day work. Operators can easily customize the system to fit their preferred working
methods, define rules and alerts for specific topics of interest.
The operator can choose to view the entire collected data from specific target or only specific
type of information such as location information, calendar record, emails or instant messages.
Pegasus calendar monitoring screen is shown in Figure 7.
Figure 7: Calendar Monitoring
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 49 of 111
Pegasus call log and call interception screen is shown in Figure 8.
Figure 8: Call Log & Call Interception
Pegasus location tracking screen is shown in Figure 9.
Figure 9: Location Tracking
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 50 of 111
The presentation fields of the collected data are listed in Table 2.
Table 2: Presentation of Collected Data
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 51 of 111
Rules & Alerts
The Rules & Alerts module in the system alerts when important event takes place. Rules
must be defined in advance and they help the operators to review and take actions in
real-time, for example:
Geo-fencing:
o Access hot zone - Alert when target reached an important location
o Leave hot zone - Alert when target left a certain location
Geo-fence alerts are based on a perimeter around a certain location, where the
operator defines the size of the perimeter.
Meeting detection: Alert when two targets meet (share the same location)
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 52 of 111
Connection detection:
o Alert when a message is sent from/to a specific number
o Alert when a phone call is performed from/to a specific number
Content detection: Alert when a defined word/term/code word is used in a message
Data Export
The system is designed as an end-to-end system, providing its users with collection and
analysis tools. However, we understands that there are advanced analysis capabilities and
data fusion requirements from other sources, therefore the system allows the exporting of the
collected information and seamless integration with 3rd party backend or analysis systems
available.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 53 of 111
Agent Maintenance
Once agent is installed on a certain device, it has to be maintained in order to support new
features and change its settings and configurations or to be uninstalled when it is no longer
providing valuable intelligence to the organization.
Agent Upgrade
When agents' updates are released they become available to install. These new agents are
now ready for installation on new targets' devices or as upgrades for existing agents installed
on target's devices. These updates provide new functionalities, bug fixing, support for new
services or improve the agents overall behavior. Such updates are crucial to keep the agent
functional and operational in the endless progress of the communication world and especially
the smartphone arena.
There are two types of agent upgrades:
Optional upgrade: agent upgrade is not mandatory by the system. The user decides
when, if at all, to upgrade the agent.
Mandatory upgrade: agent upgrade is mandatory by the system. The supervisor
must upgrade the agent otherwise no new information will be monitored from the
device.
Upgrade sometimes requires an installation of a new agent and sometimes just a small
update of the existing agent. In both cases the user is the only one to decide when to conduct
the upgrade, and therefore should plan this accordingly.
Once the command for upgrade was sent by the user, the process should take only few
minutes. The process might take longer if the device is turned off or has bad data connection.
In either case, the upgrade will be accomplished once a decent data connection becomes
available.
Agent Settings
Agent settings are set for the first time during its installation. From this point, these settings
serve the agent, but can always be changed if required. The settings include the IP address
for transmitting the collected data, the way commands are sent to the agent, the time until the
agent is automatically uninstall itself (see self-destruct mechanism for more details) and
more.
Agent Uninstall
When the intelligence operation is done or in case where the target is no longer with interest
to the organization, the software based component ("Agent") on the target's device can be
removed and uninstalled. Uninstall is quick, requires a single user request and has no to
minimal effect on the target device. The user issues a request for agent uninstall which is
sent to the device.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 54 of 111
Once agent is uninstalled from a certain device it leaves no traces whatsoever or indications
it was ever existed there4. As long as the agent is operational on the device and a connection
exists between him and the servers it can be easily and remotely uninstalled.
.
Uninstall can always be done remotely no matter what was the method used for installation.
Physical uninstall is also an option, if needed.
Uninstalling an agent does not mean losing the entire collected data – the entire data that
was collected during the time that the agent was installed on the device will be kept in the
servers for future analysis.
Self-Destruct Mechanism
The Pegasus system contains self-destruct mechanism for the installed agents. In general,
we understand that it is more important that the source will not be exposed and the target will
suspect nothing than keeping the agent alive and working. The mechanism is activated in the
following scenarios:
Risk of exposure: In cases where a great probability of exposing the agent exists, a
self-destruct mechanism is automatically being activated and the agent is uninstalled.
Agent can be once again installed at a later time.
Agent is not responding: In cases where the agent is not responding and did not
communicate with the servers for a long time5, the agent will automatically uninstall
itself to prevent being exposed or misused.
4 In some cases, uninstall can result in device reboot. If reboot takes place, it happens once agent removal is done. The
device comes up clean with no agent installed.
5 The default time is 60 days, but can be reconfigured for any period of time required
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 55 of 111
Solution Architecture
The Pegasus system’s major architectural components are shown in Figure 10.
Figure 10: Solution Architecture
Customer Site
NSO is responsible to deploy and configure the Pegasus hardware and software at the
customer premises, making sure the system is working and functioning properly. Below are
the main components installed at the customer site:
WEB Servers
Residing at the customer's premises, the servers are responsible for the following:
Agent installation and monitoring
Agent maintenance: Remotely control, configure and upgrade installed agents
Data transmission: Receive the collected data transmitted from the installed agents
Serve the operators' terminals
Communications Module
The communications module allows interconnectivity and internet connection to the servers.
Cellular Communication Module
The cellular communication module enables remote installation of the Pegasus agent to the
target device using cellular modems and/or SMS gateways.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 56 of 111
Permission Module
The Pegasus permission management module defines and controls the features and
available content allowed for each user based on their role, rank and hierarchy.
Data Storage
The collected data that was extracted and monitored by the agents is stored on an external
storage device. The data is well backed-up and with full resiliency and redundancy to prevent
failures and downtime.
Servers Security
All the servers reside inside the customer's trusted network, behind any security measures it
may deploy as well as security measures that we supply specifically for the system.
Hardware
The system standard hardware is deployed on several servers connected together on couple
of racks. The equipment takes care of advanced load balancing, content compression,
connection management, encryption, advanced routing, and highly configurable server health
monitoring.
Operator Consoles
The operator's end-point terminals (PC) are the main tool which the operators activate the
Pegasus system, initiate installations and commands, and view the collected data.
Pegasus Application
The Pegasus application is the user interface that is installed on the operator terminal. It
provides the operators with range of tools to view, sort, filter, manage and alert to analyze the
large amount of data collected from the targets' agents.
Public Networks
Apart from local hardware and software installation at the customer premises, the Pegasus
system does not require any physical interface with the local mobile network operators.
However, since agent installations and data are transferred over the public networks, we
makes sure it is transferred in the most efficient and secured way, all the way back to the
customer servers:
Anonymizing Network
Pegasus Anonymizing Transmission Network (PATN) is built from anonymizing connectivity
nodes which are spread in different locations around the world, allowing agent connections to
be directed through different paths prior to reaching the Pegasus servers. The anonymized
nodes serve only one customer and can be set up by the customer if required.
See more information in Pegasus Anonymizing Transmission Network section.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 57 of 111
Target Devices
The above mentioned architecture allows the operators to issue new installations, extract,
monitor and actively collect data from targets’ devices. See more details in Supported
Operating Systems & Devices.
NOTE: The Pegasus is an intelligence mission-critical system, therefore it is fully redundant
to avoid malfunctions and failures. The system handles large amounts of data and traffic 24
hours a day and is scalable to support customer growth and future requirements.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 58 of 111
Solution Hardware
The hardware specifications for operating the Pegasus system depends on the number of
concurrent installed agents, the number of working stations, the amount of data stored and
for how long should it be stored.
All the necessary hardware is supplied with the system upon deployment and may require
local customization that has to be handled by the customer based on we directions. If
required, hardware can be purchased by the customer based on the specifications provided
by we.
Operators Terminals
The operator terminals are standard desktop PCs, with the following specifications:
Processor: Core i5
Memory: 3GB RAM
Hard Drive: 320GB
Operating System: Windows 7
System Hardware
To fully support the system infrastructure, the following hardware is required:
Two units of 42U cabinet
Networking hardware
10TB of storage
5 standard servers
UPS
Cellular modems and SIM cards
The system hardware scheme is shown in Figure 11.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 59 of 111
Figure 11: Pegasus Hardware
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 60 of 111
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 61 of 111
System Setup and Training
We are responsible for the system setup and training before its hand-over to the customer.
System Prerequisites
Successful installation of the Pegasus system requires the following preparations of the
servers' room:
Sufficient room to contain two 42U racks cabinet, 5x5x2.5m (LxWxH)
Air conditioned (18°C) room
Access restriction
Routing from end-point terminals to servers room
Reliable cellular network reception (at least -95 dBm)
2 x Electrical outlets (20A) per rack
2 x Symmetric ATM lines from different ISP's. Each line with a bandwidth of 10MB
containing 8 external static IP addresses:
o ISP #1: Fiber optic-based network
o ISP #2: Ethernet category-7 cable-based network
The mission-critical system requires two parallel networks to ensure system
resilience and downtime is kept to an absolute minimum.
2 x E1 PRI connections, each contains 10 extensions (two different service providers is
recommended)
2 x anonymous SIM cards for each local Mobile Network Operator
3rd party services registration as required
System Setup
The solution will be deployed at the customer site by we personnel
Deployment duration usually requires 10-15 working weeks
Operating environment prerequisites must be met
System setup includes hardware and software installation, and in addition integration
to local environment and systems
Support and adaptations to the different local device firmware versions
Training
Upon system installation, we personnel will conduct full training sessions. Training can take
place onsite or in any other location required by the customer, including we headquarters.
Training session includes the following:
Basic system usage
System architecture
Advanced system usage and roles
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 62 of 111
Real-world simulation exercises
The recommended number of attendees is with respect to the number of installed operator
consoles.
High Level Deployment Plan
The process of adapting, installing and testing the system in a new customer site in listed in
Table 3.
Table 3: Pegasus Deployment Plan
Phase 1 – Preparations:
Requirements for an Acceptance Test Procedure (ATP) are defined together with the
customer
Hardware and software acquisition and customization to answer customer
requirements and needs
When required, the Pegasus system is integrated with local infrastructures and
systems
System adaptations to the local mobile networks
Phase 2 – Implementation:
System testing
Hardware installation
System adaptations to local device firmware versions
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 63 of 111
Phase 3 – Training and Completion:
Detailed system training, real-life scenarios practicing and simulation
Customer ATP as defined during phase 1
System Acceptance Test (SAT)
We have gained substantial experience in installing and implementing the Pegasus system.
The following acceptance test plan verifies that the system works as required and validates
that the correct functionality has been delivered. It describes the scope of the work to be
performed and the approach taken to execute the proper tests to validate that the system
functions as mutually agreed with the customer.
The tests are divided into 3 stages:
Functionality tests
Network and providers tests
Customer tailor specific tests
An official system hand-over from we to the customer is done once the system has been
deployed, tested and demonstrated.
https://www.documentcloud.org/documents/4599753-NSO-Pegasus.html
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 64 of 111
Maintenance, Support and Upgrades
We provides, as default, one year of maintenance, support and upgrades services. These
services include:
Maintenance and Support
We provides maintenance services and three-tier level support that includes:
Tier-1: Standard system operations problems
o Email and phone support
Tier-2: Proactive resolving of technical problems
o Dedicated engineers will inspect, examine and resolve common technical
issues, putting their best efforts
o Remote assistance using remote desktop software and a Virtual Private
Network (VPN) where requested
Tier-3: Bug fixing and system updates of substantial system malfunctions
Phone support: In addition to the above mentioned, we provide phone and email
support to any question and problem that is raised.
In addition, the customer will be able to add the following support:
Planned or emergency onsite assistance
Health monitoring system
Upgrades
We have releases major upgrades to the Pegasus system few times a year. Such upgrades
usually include:
New features
New devices/operating system support
Tailored features based on customer requirements
Bugs fix
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 65 of 111
EXHIBIT 11
ia
t.,1
l-t
!.
Ww
"#
re
5
Dl-/
- 11 fiT
l
!
I
c{
I
r:{ d)try
bt
i
Er-tQ
nt,
t
t
rl.t
.)
I
t'
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 66 of 111
i
t
i
I
,l
t't
1
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 67 of 111
b t>z
I
/l
@
-\
,'l
)
I
it
t'
i,,
rl
il
il
'ii
AGREEMENT
This Agreement (the "Agreement") is entered into on Decernber I7'h, 2015 (the "Effective Date")
between Infraloks Development Limited, a company incorporated.urder the.laws of the Republic of
Ghana (company registration number CA-66,115), having its registered offices at HSE number 1 plot 50,
7'' Avenue Extension, North Ridge ACCRA, P.o. Box 30712 KrA, ACCRA (the "Company") and tJre
National Communication Authorify of the Republic of Ghana (the "End-User").
Whereas, the Company is engaged in tbe business of resellilg and supplying cyber intelligence
solutions developed, integrated and supplied by the NSO Group Technologies Ltd. (company regisfration
number 514395409), an Israeli Company, having its registered offices at 9 Hamada St., Herzliya, Israel
(tie "System Provider") which has developed the System (as defined below); and
'Whereas, the End-User is interested to purchase from the Company a License
(as defined below) to
use the System (as defined below), and obtain services related to it, soleiy for the use of the End-User as
further set forth herein, and the Company has agreed to provide a License to use the System and related
services to the End-User; and
Whereas, tlie parties wish to set forth
the terms under which such sale and purchase shall be made.
Now, therefore, in consideration of the foregoing premises and the mutual covenants herein contained,
l,l
and for other good and yaluable consideration, the parties agree as follows:
1.
Definitions and Exhibits
In this Agreemen! unless the context otherwise requires, terms defined in the preamble
and the recitals shall have the same meaning when used elsewhere in this Agreement and
the following terms shall have the meanings ascribed thereto below:
1.1.
il
"Agreement" has the meaning ascribed to it in the preamble.
i1
.
"Approval" has the meaning ascribed to it in Section 5.1.
"Bu-siness Day" rneans a day (other than a Friday, Saturday or Sunday) on which banks
are generally open in Israel and in the Republic of Ghana for normal business.
tl
"Certificate" has the meaning ascribed to it in Section
"Commissioning Notice"
il
5.1
it in Exhibit B.
has the meaning ascribed to
,
"Company" has the meaning ascribed to it in the preamble.
I
"Confidential Informatiotr" means any information provided by the Company to the
and/or the End-User.
"Deployment" has the meaning ascribed to it in Exhibit A.
il
"Effective Date" has the meaning ascribed to it in the preamble.
;l
"Etrd-{Jser" has the meaning ascribed to it in tbe preamble.
il
"X'irst fnstallment" has the meaning ascribed to it in Exhibit B.
"Force Majeure" has the meaning ascribed to it in Section 14.
il
I
"Hardware Equipment"
has the meaning ascribed to
it in Exhibit A.
"fiVlOD'means the Israeli Ministry of Defense,
il
"License" has the meaning ascribed to it in Section 2.1.
I
"Reseller" N/A.
I
t
it
"
Reseller Representative" N/A.
"Reseller Appointment Letter" N/A.
it
ll^- -
_mp
;
i
/r \
Agreement
rc012015
Pagel of
46
/
Nt
tal
L5
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 68 of 111
I
!
st
I
t-
)
)
j
:
I
)
"Reseller Appointment Letter" N/A,
l,i
ri
"End-User Responsibilities" has the meaning ascribed to it in Section 4.
1",,1
"Services" has the meaning ascribed to it in Exhibit A.
rl
ii
"SLAU has the meaning ascribed to in Section 6.2
"support Period"
has the meaning ascribed to
"Support Period Consideration"
"support Services"
.
i:
"Training"
"'Warranfi/"
i{
tl
it in Exhibit B
in Section 6.
"System" has the meaning ascribed to it in Exhibit A.
"system Provider"
il
has the meaning ascribed to
has the meaning ascribed to it
"system Considerafion"
'
it in Section 6.1.
has the meaning ascribed to
has the meaning ascribed to
it
it in Exhibit B.
at the preamble.
has the meaning ascribed to it in.Exhibit A.
has the meaning ascribed to
it in Exhibit A.
"Warrant5r Period" has the meaning ascribed to it in Exhibit A.
1.2.
't
t.l
The following are the exhibits in this Agreement;
Exhibit A
ri
-
Description of System and Services
Exhibit A- I
- Features and Capabilities
Exhibit A-2 - List of Hardware Equipment
Exhibit B - Consideration
Exhibit C - Installation Requirements
ii
il
rl
I
ii
ll
i
and Software
Exhibit D - Service Level Agreement
2
Provision of License and Services.
I
j
2-1.
Subject to the terms of this Agreement and the payment of the System Consideration in
full, the System Provider shall provide the End-User a limited, exclusive, nontransferable, non.pledgeable and non-assignabte license to use the System solely for the
End-User's internal use, and for the purpose that it is intended for (the "License"),
2.2.
Subject to provisions of Sections 2.3 and 5.2 below, within one-hundred (100) Business
Days following the occurrenoe of the later of (i) receipt by the System Provider of the
Approval, (ii) the completion of the Due-Diligence Process, and (iii) the receipt by the
ll
rl
t
Company
r
I
I
I
i
i
i
T
I
t
il
it
of the First Installmen! in full, the System Provider shall
complete the
Deployment and shall conduot the Training.
2.3.
.
The provision of the Systern, the License and the Services by the System Provider in
accordance with the time schedule set forth in Section 2.2 above and the performance by
the Company of all its obligations under this Agteement is conditioned upon (i) the
fulfillment by the End-User of all of the End-User Responsibilities when due, and (ii) the
actual receipt by the Company of each payment of the System Consideration rvhen due,
in tull.
It is hereby clarified that the Company shall not be held responsible or liable for any
delay in the provis.ion of the System, the License and/orthe Services, if such delay was
due to any miss-performance or delay in the fulfillment of any of the End-User
Responsibilities and/or payment obligations and/or due to a delay in the performance or
achievement of the pre-requisite conditions set fbrth in Section 5 below. In the event of a
delay in the performance of any of rhe End-User Responsibilities and/or payment
ubl.igul,ious uul/ur [hu purlunrrullue ur uchieventeut of the pre requisitc conditions set
f-l
[,\)"
il
I
I
Agreement 100/2015
Page 2 of 46
Lnt
g l-l-t
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 69 of 111
,(
't
lr
i
,ii
,'l
forth in Section 5 below, the Company's obligations shall be postponed by such number
of days equal to number of days by which the time schedule was delayed due to acts or
I
,t
rl
.il
l,
omissions caused by the End-User.
)
t.
I
2.4.
I'
i;l
ji,
If any sum payable pursuant
to this Agreement shall not have been paid to the Company
by its due date, then, without prejudice to any other right or remedy available to the
Company in accordance with the terms of this Agreement or by law, the End-User shail
pay interest thereon at a daily rate of 0.04yo, accumulated on a daily basis, in respect of
the period starting on the due date of the delayed payment and ending on the date of the
actual payment. In addition, the Company reserves the right to suspend contractual
performance or the use of the System or the Services until the End-User has made
payment of the overdue amount together with interest that has accrued thereupon, in full.
ir
il
t;
I
l
2.5,
il
lt
Consideration; Payment Terms
J
I
So long as the System Consideration is not received by the Company, in full, and so long
as the Company has not provided the Commissioning Notice, the End-User shall not be
entitled to use the System and no license to use the System shall be deemed granted.
3.1
.
In consideration for the provision of the License, the System and the Services, the EndUser shall pay the Company the System Consideration 6s set forth in Exhibit B.
I
3.2.
3.3.
il
The System Consideration shall be paid by the End-User to the Company in instaliments
as set forth in Exhibit B.
The System Consideration, the Support Period Consideration and any other payments
made to the Company under this Agreement are exciusive of all state, provincial,
municipal or other government, excise, use, sales, VAT or iike taxes, tariffs, duties or
surcharges, now in force or as may be enacted in the future, which shall be bome by the
I
I
,
Company, provided, however that the Company shall bear all income taxes imposed on
li
the Company in connection with this Agreement. Each payment under this Agreement
i1
shall be paid by the End-User against an invoice to be issued by the Company.
3.4.
Any and all amounts paid to the Company under this Agreement
are non-refundable, and
may not be claimed or reclaimed by the End-User.
4.
ii
The End-User's Reqponsibilitie!. The End-User undertakes to perform
obligations in a timely manner (the "End-User Responsibilities"):
all of the following
4.1.
4.2.
tl
obtainment and maintenance of all permits and approvals required to be obtained from
any regulatory and governmental authority relating.to the End-User, under any and all
applicable legal requirements for the performance of this Agreement;
4.3.
4.4,
I
I
fulfillment of all of the technical and installation requirements listed in Exhibit C at the
End-User's site, prior to the delivery of the Hardware Equipment;
delivery of the Certificate to the Company;
4.5.
I
It
l
[l
I
I
il
I
I
provision of any and all applicable information and documents required by the System
Provider for the performance of the Due-Diligence Process, on a timely manner; and
provision of any and all additional required conditions to enable the performance of the
Company's obligations under this Agreernent when due, including without limitation,
(if required) and assuring availability
personnel for participation in the Training.
the End-User's
release of the Hardware Equipment from custom
5
of
Pre-Conditions,
5.1
The provision of the License. the System and the Scrviccs and the performance by the
Company of its obligations under this Agreement arc subject to (i) the receipt by the
Syntcrl Proyidcr of thc originol certificote indicating the ldentity nf tht: Enrl-Ilscr. irt
accordance with the requirements of the IMOD (the "Certificate"), (ii) the receipt by the
Systom Providor of tho approval of the IMOD forthc provision of thc I.iccnsc, Systcm
i
|.]
I
I
t,
I
I
I
,l
It$"
Agreoment 100/2015
Page 3
of46
6sr
/
/)
\i
:l
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 70 of 111
-
'
, i
?l
(---> (
->
.;
r
:
.:
,1
btEb
t'
/'
t!
':,1
t,
'|
i,
and the Services as set forth herein (the "Approval"), (iii) the completion of a duediligence process to the Company by the System Provider (the "Due-Diligence
ijl
Process").
5.2.
I
!j
tl
I
ll
,
For the avoidance of any doubt, no products, Iicenses, equipment or services shall be
provided by the Company under this Agreement until the Certificate is delivered to the
System Provider and the Approval is obtained. In the event that the Certificate is not
received by the System Provider andJor the Approvai is not obtained within six (6)
months as ofthe date hereof, or in the event that the System Provider receives, earlier, a
formal notice from the IMOD that the application for the Approval is denied, or in the
event that the Approval is canceled, terminated or suspended, the Company shall have
the right to terminate this Agreement by providing the End-User a written notice, and
such termination shall not be considered a breach of this Agreement, and the Company
shal1 not be held responsible or liable in connection with such tennination. Fulther, the
Company hereby acknowledges and agrees that the actual performance of the activities
contemplated herein is conditioned upon the completion of the Due Diligence Process to
the System Provider's fuli satisfaction which otherwise may terminate this Agreement at
its sole discretion, by providing the Company a written notice, and such termination shall
not be considered a breach of this Agreemen! and the Company. shall not be held
responsible or liable in connection with such termination.
lr
ll
Itl
ir
tl
it
6.
lr
li
Technical Support and Maintenance Services. F ollowing the expiration of the Waranty Period,
the End-User shall be entitled to purchase technical support and maintenance services (the
"support Services") under the following terms:
rl
ti
11
6.1.
rl
6.2.
The Support Services shall be provided in accordance with the System Provide/s
standard services level agreement, as may be amended from time to time. A copy of the
System Provider's current service level agreement is aftached hereto as Exhibit D (the
'sLA").
6,3.
The consideration for the Support Services for each Support Period and the payment
The End-User may purchase Support Services for periods of twelve (12) month each
(each such period
ir
i,
I
il
ii
,l
i,l
-
a "Support Period").
terms of such consideration are as set forth in Exhibit B.
i1
7
:i
il
! ,--' l
{
it
il
1l
]l
8
l
ll
-t
l
l
,.1
1t
rl
I
i
it
1l
il
I
i
t
I,I
I
I
i
I
I
tl
Intellectual Property Rights. All the rights pertaining to the System, the Services and the License,
including, but not limited to, all patents, trademarks, copyrights, service matks, trade names,
technology, know how, moral rights and trade secrets, al1 applications for any of the foregoing,
and all permits, grants and licenses or other rights relating to the System and the Services are and
shall remain the sole properry of the System Provider,
The End-User hereby acknowledges that, other than as set forth in Section 2.1, no title to the
System (including the software embedded therein) is transferred to it under this Agreement or in
connection hereoi and it is not granted any right in the System, including without limitation,
intellectual property right'
direcrlv either by themselves
The End-User shall not, whether directiy or indirectly eirher hv rhems or through any olrher
person, reproduce, modify, disassemble or reverse-engineer the System (including any software
contained therein).
r-1
rl
Additional Remedy. tn the event a breach has occurred, in addition to the Company's rights and
remedies under applicable law and this Agreemen! the Company may suspend or cancel the
License or the provision of any ofthe Services, or take such actions necessary to prevent access
to the System unti-l such time as it has received confirmation to its satisfaction that such breach
was cured. The Company shall not be liable towards the End-User for any claim, losses or
damages whatsoever related to its decision to suspend or cancel the provision of any of the
Services, the License, or to prevent access to the System under this section.
9
Conficlentiality. The Encl-User undertakes to keep thc Confidcntial information in strict
confldence ond not to disclose it to any third partv withor.it thc prinr writtcn connent of the
r-l
1
AE eernent 1 00/20
1
5
Page 4 of 46
*r
a-r
f'*'
:'-'
€
g )zL
i'
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 71 of 111
I
l: , ,'
4f
i'l
l.e-l
t
)
)
System Provider; provided, however, that the End-User may disclose such information to its
respective employees and consultants having a need to know such information in order to carry
out the provisions of this Agxeement. The End-User warrants that any such employees and
consultants to which Confidential Information is disclosed will be bound and will abide by terms
no less onerous than those contained herein and shall be responsible for any breach of
:.i
ti
ij
confidentiality by such employees and consultants.
Foliowing the termination of this Agreement for any reason, or upon the Company's first written
demand, the End-User shall retum to the Company atl Confidential Information, including all
records, products and samples received, and any copies thereof whether in its possession or
under its controi, and shall erase all electronic records thereof, and shall so certify to the
Company in writing
10.
Limited Warrarfy It should be noted that the System Provider does not warrant that the License,
the System and the Services provided hereunder will be uninterrupted, error-free, or completely
secure. The System Provider does not make, and hereby disclaims, any and all implied
warranties, including impiied warranties of merchantability, fitness for a particular purpose ald
non-infringement. Except as otherwise expressly set forth in this Agreement (including any
exhibits), the System Provider does not make and hereby disclaim's all express warranties. All
products, the System and Services provided pursuant to this Agreement are provided or
performed on an "as is", "as available" basis.
ii
Limitation of Liabilitv. In no event shall the Company be liable for any consequential, incidental,
special, indirect or exemplary damages whatsoever, including lost profits, loss of business, Ioss
of revenues, or any other type of damages, whether arising under tort, contract or law. The
ii
ii
il
1t
Company's aggregate liability under this Agreement shall be limited to the consideration actually
received by the Company under this Agreement.
{l
I
1.)
ii
il
Governing Law and Jurisdiction. This Agreement shall be governed, construed and enforced in
accordance with the laws of the Republic of Ghana.
Any controversy or claim arising under, out of or in connection with this Agreemenl its validity,
its i-nterpretation, its execution or any breach or claimed breach thereof, are hereby submitted to
the sole and exclusive jurisdiction of the competent courts in the Republic of Ghana.
t3
tl
Assignment. This Agreement and the rights and obligations hereunder are not ffansferable,
pledgeable or assignable, by either party without the prior written consent of the other party.
However, the System Provider may assign its rights and obiigations to a parent, affiliate or
subsidiary company and, in the case of a merger or acquisition, to a successor company upon
notice to the Company, and provided that the rights of the Company shall not be derogated
pursuant to such assignment.
it
14
i]
I
Force Maieure. The System Provider and the Company shall not be liable for any failure to
perform its obligations under this Agreement due to any action beyond its conffol, including
without limiktion: (i) acts of God, such as fires, floods, electrical storms, unusualiy severe
weather and natural catastrophes; (ii) civil disturbances, such as strikes and riots; (iii) acts of
aggression, such as explosions, wars, and terrorism; (iv) acts of government, including, without
limitation, the actions of regulatory bodies which significantly inhibits or prohibits the System
[l
Provider and the Company from performing its obligations under this Agreement (each, a "Force
l
Majeure").
In the event of a Force Majeure, the performance of the Company's obligations shall be
suspended dwing the period of existence of such Force Majeure as well as the period reasonably
i
I
il
required thereafter to resume the performance of the obligation.
I
i]
15
I
I
No Third Party Beneficiary, This Agreement shall not confer any rights or remedies upon any
person other than the parties to this Agreement and their respective successors and permitted
assigns.
i
{
tl
16.
Comnlete Agreement. This Agreement ancl the Exhihjts hereto constitute the full and entire
with regard to the subject malters hereof and
uurderstanding and agreement befween the parties
i
l
I
ll
L-\-
Agreement 10012015
Page 5 of46
U'
i
Gt"7
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 72 of 111
(f
i "Ii.
I
'1
)
thereof and any other written or oral agreernent relating to the subject matter hereof existing
between the parties is expressly canceled.
i:
17
ti
Representations. N/A.
18.
No Set-Off. Not*ithstanding any right available to the End-User under law, the End-User shall
not be entitled to set-off any amounts due to the Company under this Agreement'
']
19
ii
20
,l
:i
tl
i\
21
:t
ll
ll
Severabitity. Should any court of competent jurisdiction declare any term of this Agreement void
or unenforceable, such declaration shail have no effect on the remaining terms hereof'
Interpretation. The titles and headings of the various sections and paragraphs in this Agreement
are intended solely for reference and are not intended for any other purpose whatsoever or to
explain, modify, or place any construction on any of the provisions of this Agreement.
No Waiver. The failure of either parfy to enforce any rights granted hereunder or to take action
by that
Auiott tf," other parly in the evenl of any breach hereunder shall not be deemed a waiver
puny as to subsiquent enforcement of rights or subsequent actions in the event of future
breaches.
il
lt
li
li
i)
it
rl
il,
ll
'22
notices and demands hereunder shall be in writing and shall be served by personal
r"rui." o. by mail at the address of the .receiving party set forth in this Agreement (or at such
different address as may be designated by such party by written notice to the other pa(y). A11
notices or demands by mail shail be certified or registered mail, return receipt requested, by
Notices.
All
nationally-recognized private express courier,
or sent by
electronic transmission, with
confirmation received, to the telecopy numbered specified below, and shall be deemed complete
upon receipt,
il
(t
ll
l1
ir
tl
tt
l
l)
it
ll
t"l
tl
il
il
i--
t
1t
il
:l
ti
{l
I
f-t
tt
l
I
i
l]
]l
ll
]
I
I
l
tl
i
I
I
t
il
Agreement 100/2015
Page 6 of 46
[J
i
&tLz
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 73 of 111
ir
j :"
')
,4
!ti
i "J
1
i
.:
i.. ;
fn
,t
lt
I
Witness Whereof, the parties hereto have executed this Agreement the day and year first above
wriften.
,.
t'A -asS
1
I
ii
,
!
17
i, i
Development Limited
r'i
ij
t'l
iI
-i.''?at {
National Com munication Agency
By:
By:
Mr. George Dgreffippong
Mr. William Tevie
Position: Di'rector, Business Development
Position: Director General
,//
ii
i1
lt
tl
il
ii
il
t.l
il
l'l
il
Ll
it
il
tl
ll
t.l
ir
rl
;-l
rl
i-1
il
i-l
il
Ii
I
I
;t
ll
ll
n
ll
I
I
i
J
i't
II
I]
-l
t
I
I
Agreement
100/2015
Dl
PageT of 46
l:
:.:r
::i :it
lr,: ,:.r
,*-
{Ll c-7
,I
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 74 of 111
' (,t
)
(? i.:i
,,
iil
,11
rii
rll
I
I
Exhibit A
I
Description of the System and Services
i_:
(i
;i
ii
ij
ii
l(
ti
ii
'll
ll
il
ii
The System;
The System Provider's Pegasus system is comprised of the
following (the ,,system,,):
(a) the features and capabilities detailed in the table atlached
hereto
as Exhibit A-i. operational with
of Ghana mobile numbers (residing in the Republic of Ghana), using the
System Provider's supported devices running the Sysiem Provider's
certified versions of
Blackberry, Android and ios operating systems,incluaing zs
concurrent targets; and
respect fo the Republic
(b) the hardware equipment (the "flardware Equipment") and software
which are required for the
installation of the System, including s confolitaiions, as listed
in &dibit A-2 attachedherero.
The Services:
The services related to the system include the following (the ,'services,'):
.
(a) Depl6yment of the System at the End-User's site for use with respect
to the Republic of Ghana
mobile numbers residing in the Republic of Ghana (as set forifr in
Section'(a) above) (the
"Deployment,');
(b) Two (2) week training course and one (1) week on-site handover, which
shalt be held in English
(the "Training,,);
(c)
il
12 months warranty (the "Warranty Period") commencing at the
date of the provision
Commissioning Notice, which shall be provided in accordanc-e with
the Company,s SLA.
i1
No warranty is provided by the System Provider with respect to the hardware
components of the
li
il
of the
System' To the extent permissible, Hardware Equipment warranty
will be provided ty tne System
Provider back to back with the warranty provided by the suppliers of
the Hardware Equipment.
i't
il
i/
r-l
it
lt
ll
tl
I
I
I
n
ll
-l
I
I
I
I
C\!)\
Agrcr:rrrcnl 10012015
Page
I of46
r
','[
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 75 of 111
)
i
\
'i.-.
\-/i
Exhib it A-1
Features and Capabilities
Supported OS:
ios
7.x-9"1
Safari
. Clicking on
Android
BlackBerry
4.x-5
5.x - 7.1
a
link will always result in Safari browser
. Native browser (Webkit
based)
. Chrome versions lg up
to 45 (excl. 1g.0.1025.166)
. Focus mainly on Samsung
Galaxy devices
Native browser
(w
L\
based)
N
e
2\
o(\
\
'u'
Agre=ment 100/2015
Page 9
of46
i1
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 76 of 111
:::
:-
f=: r-::
r"**1
C\
g*\
i-
\_./,
Insta llation:
;t::,r.
Remote Installation
Push Message
,,l..ll
device.
This rnethod does not require the
l:....:r
applications)
.'.'.'
:::t:,,
.tu:..
V
V
devices (OS a.x). Depends on rhe
local ROM settings
\/
The message content and link lure
the target to click (only once) and
browse to an innocent website.
Clicking the link triggers a silent
installation which runs in the
c(
(F
:
Infcction Assisting Tools
MMS
Fingerprint
..:..ti
ii
. Works on most BlackBerry
devices
. Works on a variety of
Android
Crafted Message An innocent message is sent to
the
(SMS, Email and target device which
contains text
other 3rd party and link.
:,,.r:
:....
Infection is done by silently
pushing an installation to the
Reveal the target device and OS
version by sending an MMS to the
device.
No user interactiorl
ti;
engagement
or message opening is required to
receive the device
.l:r,
Sender ID
Spoofing
.'..
Set an
alphanumeric sender
identification for SMS and MMS.
This fearure may be blocked by the
local mobile network operator.
V
V
Feature implementation subjects to
site survey results.
Note: MMS content appears on the
device.
This feature may be blocked by the
local mobile network operator.
V
V
\/
V
Feature implementation subjects to
site stwey results.
.:::::.
Control tink URL
Set any DNS to be used as the
installation link
......
Domains to be defined and purchased
the customer
V
rc
.-.s
i-
::ti.i -1
Agreement 100/2015
Page 10
of46
i\,
.
.,1
-\
.+\
t-.
l-.-:l
.--l
.-l
i..-,.- i
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 77 of 111
_-"-l -.--t
--. -l
---]
',.,...,i
1,...,..r
l... .,
i.
-.I -^i.r
:nc
..,
,
.1
(,.
-_!-a:r.44:r
Agent Sun'ivability
1,.._.'
Pcrsistency
The installed collection
Factory Reset
,,
" :;,".:t:.:cohil- ,c.ilB,,,
rr.1ri. ,,.,:
l-
:.,
Blackllerrw
tool
a
Device reboot refers to
. Device restart
. Device tum off
. Device battery drain
survives device reboot.
.
ili..,
The agent collection tool endures
device factory reset.
V
Factory reset, also known as m€$ter
reset, restores the device original
manufacturer settings resulting in
perrnanent erasing all ofthe
:,.i
informafion stored on the device.
Blocking OS
Upgrade
The agent collection tool blocks
the user from upgrading the OS
version.
Agent Uninstall
Uninstall
Permanently remove
the agent
collection tool
The device acts like it has the latest
OS version or is not allowed to
perform off-the-air OS upgrade.
Note: Physical OS upgrade is still
Done remotely without any us€r
V
G
(,"
V
):
V
a
_-9
d
tU
1
Agreement 10012015
Page 11
of46
,:,,no
i::t
,m:_]
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 78 of 111
r:
r:
r-::l
! -
.i
j
=-l
---=r-_)
Y
7
x
an
Collection:
()
6r
2
e
g
v,
m
7
s
E
(t
i,r
-i
I:
StriD,
i
rl
f{istorical
I
Contact details
Data
Extraction:
Extract all
existing data
from the
device.
Gain access to
SMS
Extraction is done for all available
(non-empty) fields.
Extracts all incoming and
outgoing text messages (sMS)
:Android
ios
V
V
V
V
V
the device
iMessage
historical data.
Extracts
all
incoming
outgoing iMessages from
6r
=
BlackBerrv
Extracts all contacts available on
the device including their
and
the
Messages sent
only between
iOS
devices
device
[,mails
Extracts all emails that exist on
the device
g
c
Extracts only from the device slock
application and Gmail application.
Emails are presented in HTML
4
V
N
(r
format.
Call Log
H
Extracts
the history of
incoming/outgoing
=,
calls
all
made
V
V
to/from the device
WhatsApp Call Log
Extracts
the history of
incoming/outgoing
calls
to/fiom the device
Skype Call Log
Extracts
the
history
incoming/outgoing calls
all
made
V
using
of
all
made
V
to/from the device
I Due
to some limitations and restrictions of the operating
system, certain devices might not support all listed features.
Agreement 100/2015
Page 12
+
of46
-,-i,,-;
J.
---."
i
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 79i.".* 111 i::_i
of i
r_:
.-
r::l
i-r
--.<
'e-,
-
!-:-i
{_)
RlrcLIlhi^,
Calendar
Extracts all calendar records that
BBM
l.zqLnDur
w
Viber
r Jr
Extract the entire list of browsed
websites that exists on the device
urcns€Illlel
ios
V
exist on the device
Browsing History
Android
Extracts only from the device native
browser
ication
Extracts all existing incoming
and outgoing instant messages
Extracts only instant messages (text)
from the device, including
V
V
V
personal and group chat
S
Facebook
V
Kakao Talk
t-
V
TF
V
;
Line
V
Odnoklassniki
V
WeChat
V
fa
V
VKontakte
V
NIail.Ru
Data
Monitoriug:
Real-time
monitor ofnelv
Contact details
SMS
arrives/sent
V
Monitors addition, deletion and
editin of contacts on the device
V
Monitors incoming and outgoing
text mes
data that
iMessage
to/from rhe
Monitors incoming and outgoing
Messages sent
devices
\)
O
Agreemert 10012015
V
Page 13
of46
only between
iOS
_S
P
t ;:
l_
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 80 of 111
ffii
(:= ffi:
,t
tr\
.e'
r.,T:
-
I
d
device
.
Emails
, : ..
':.
,
Monitors incoming and outgoing
emails
Monitors only the device stock
application and Gmail application.
Emails are presented in gfUI.
format.
Call Log
Monitors incoming and outgoing
call records
WhatsApp Call Log
Monitors incoming and outgoing
call records of
V
WhatsApp
on
Skype CatI Log
Monitors lncomlng and outgoi ng
call records
Calendar
of
ication
Mon itors addifi on and editing
calendar records on the device
Browsing History
t-?
T,N
of
Monitors new browsed websites
V
V
u\l
Monitors only the device nati ve
\li
browser
BBM
Monitors incoming and outgoing
lnstant messages, including
personal and group chat
Vilrcr
only instant messages
(text). Indication for file transier
I_vlon]tors
appear and their retrieval is possible
using file retrieval feature.
v
V
f
V
V
Iiakao Talk
V
\/
V
Line
V
V
Odnoklass nihi
V
WeChat
(>
V
a
_s
|.."
V
*:"
Agreement 100i2015
Page 14
of46
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 81 of 111
L-/
:
.::,
tii'r II
t|lii$
.
l,t''-:'
inl
{:r.
.
Tango
V
VKontakte
V
Mail.Ru
V
sures
USSD
Monitors incoming
V
network
V
messages from the device
Call
recording
interception)
(call
Record incoming and outgoing
Calls are recorded locally on the
voice calls made to/from thi device and then sent
to the system
device
Device Information
V
V
V
V
servers.
Monitors general details about
the device, network and
V
connection
Cell-ID Location
Monitors the device cell_ID
within every connection to the
V
command and control servers
Keystroke logging
Monitors keystroke typing by the
regular keyboard
in
unsupported applications and even
User raluest's
real-:ime
actions on
target device
and
sensitive accounts.
Front Camera Snapshot
Take a snapshot using the device
front
Back Camera Snapshot
camera
rear cantera
Screenshot capturing
Capture
a
device
File System listing
Retrieve a
No indication appears on the device
V
screenshot
of
the
full list of files and
Page 15
of46
V
No indication appears on the device
and flash is never used.
(--
Agreement 100/2015
passwords for
and flash is never used.
Take a snapshot using the device
bJ
-q-
Helps monitoring texting
usernames
Active Data
Collection:
6
\
V
V
-E
-..__.-..,..i i..,.".,..-/_, i,.....,.,",,,J t*,.....,..J ,.... .)
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 82 of 111
.l
_---r
r\
A\
t-
,r
i ,-
t''
Y
,r,i,lli
!
'!ll:
--BlackBerrv.
folder in target device
File retrieval
Retrieve any file from the target
device including
docum
GPS Location
photos,
audio and video
File retrieval is allowed from
the
device intemal storage and SD card.
Locate device using the device
V
GPS
Room Tap
(environmental
sound recording)
Tum on the microphone
listen in real-time to
surrounding sounds of
and
the
the
V
Tuming on the microphone is done
by issuing an incoming silent call to
the device. No indication of
V
V
V
V
the
on the device at any point.
,:.iOS
The
device. The surrounding sounds
are recorded and saved for later
recording or the silent call appears
playback and analysis.
quality of the recording depends on
the device's microphone sensitivity,
t-
the surrounding noise and the device
:
model.
\A
;l
H
I
-5
V1
E
Agreement 100/2015
Page 16 of 46
i)
[
,.]
t-----
L,..-,- -.l
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 83 of 111
t''
--_)
i
:'-=l]
t.--,-.
li
I
I
C\)
\g;
Q_/
Data Transmission:
'lii . [sac:re'
Data
GPRSruTMS/LTE
Transmission:
exfiltratethe
orted in
Transmit collected
.il.+u r.!Jrtr
data
uslng
cellular data channels
Channels used to
co[ected da-a back
to the command
and control servers
l:
wi-ri
Transmit collected data using Wi_Fi
Data is sent in very small packets. This
has very small impact on target's data
Has no impact on target's data plan at
all.
V
V
V
V
H
[,\
v
-l
M
s
o\
C'
q
Agreement 10012015
Page 17
of46
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 84 of 111
--l
A\
---r
..
.-t
.-
i
'I
(-:
Presentation:
Contact details
Entire values stored in the contact entry including
photo
available
SMS
. Type (SMS /USSD)
. Direction (incoming,
outgoing)
. Contact name
. Phone number
. Message content
USSD
iMessage
G
. From
a,Olll*
HTML presentation (emulates popular email
clients)
. Direction
. Contact name
. Phone number
. Duration
. Date & Time
. Grid
. Meeting subject
. Location
'
tA
. Grid
.Iull
. Subject
. Folder
. Account
. Message content
. Date & Time
. Grid
. Monthly calendar view (emulates
popular calendar
Event date and start time
clients)
a
L
Agreement 100,201S
Contact card with the entire details
. Grid
.To
.CC
Calendar
. Grid
.
. Date & Time
Emails
Call
(Cellular catts, WhatsOOO,
if
Page 18
of46
-b
+
!.,-.,,.--i
i - --_-,
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 85 of 111
u.-..
.--i
L -..J
,
L.-,..
.*l
i
"l
i --
jj i--
._
(\
g
Browsing History
. Website name (as saved by the targe!
usually the default
website name)
. Website URL address
BBM
. Type of application
Viber
'Chat participants Qrlames & phones)
. Conversation content
. Date & Time
. List
. Grid
. Conversation rnode
. Attachments metadata (without
the attachment)
Facebook
Kakao Talk
T
Line
Odnoklass niki
In
?r
WeChat
{-
Tango
\rKontakte
Mail.Ru
sures
Call recording
(call interception)
. Direction
. Contact name
. Phone number
. Grid
. Playback interface
. Duration
& Tirne
J
Do
C
L
,F'
Agreement -00/201S
,']
Page 19
of46
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 86:"-:: :l,l
of 111
i:-
i::
i+
+)
ii
:_
l
,. -.'.- -- r_-
G1
(/
Deyice and Network Information
. Battery level
. Last location
. Connection type (e.g., 3G, WiFi)
. MSISDN
. Dashboard
.IMEI
.IMSI
. Device Manufacturer
. Device model
. Operating System version
. Installation type (remote, physical or
other)
. Installation date
. Last communication time
. Next communication expected
. Device current country
. Device home country
. Serving network
. Home serving network
GPS/Cell-ID Location
. Data source (GPS/Cell-ID)
. I,atitude
. Longitude
. Enter Tirne & Date
. Leave Time & Date
Text
Front Camera
Back Camera
Screenshot
the
. Grid
'Map:
- On map display
- Full trail
- Type of locarion data (GpS or Cell-ID based)
. List
. Grid
board
. Date & Time
. Photo
. Source ofphoto
. Photo viewer
--s
_-s\
t,
t'.
Agreement 100/2015
Page 20 of 46
-?:-'
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 87 of 111
,--l
[.-:: f:.": rI
r+:" 'f
(\
-\)
i.?
d-
File System listing
File retrievel
Room Tap (environmental sound
recording)
. List of folders (tuee)
. List of files (grid):
-
. Grid
. Tree view
Filename
Modified date
File size
Retrieval status
. Recorded audio
. Recording Date & Time
. Grid
. Playback interface
. Duration
L\J
+--
-L
6
o
('
*\
Agreemenr 100,?015
Page 21
of46
i
i
i
i.- -)
Case 3:19-cv-07123 Document 1-1'I Filed 10/29/19 Page 88L,--."-..J L_,...*..,J
of 111
..t
\.. \
'-'t
!
t. ..,.,J
t....."..,
1..
";
' t
i'
't
,.'-;
r-.
O
Rules
&
AIerLs:
Geo Fence - Acr:ess hotspot
Aiert when target entered an important area
Meeting detection
Alert when two targets meet
Connectior detection
Alert when
a message
Geo-fence alerts are based on a perimeter around a
certain location, where the operator defines the size
the perimeter.
The alert occurs in two target are at the same perimeter
as defined by the user. The alert wifi take place
also if
targets visited the same location in different times.
is sent from/to a specific number
Alert when target
AS
Alert when
number
of
a phone call is performed from/to a specific
defined
is corresponding
the user.
ith a certain num ber
Alert when target conducts/receives a phone call to/from
a certain number as defined bv the user.
se
b,
t
r(/
^\
Agreement I00/2015
l:.
Page ?,2 of 46
i
i_;i i::t
i:l
i-'.
Case 3:19-cv-07123 Document 1-1 Filed I .... ..,.--l Page 89 of 111
10/29/19 t
.
m: r::
r-:1
rl
t_
(-/
Exh$[4-2
List of Hardware Equi.pment and Software
The system Prorider shatl supply the fottowing
ha.dware equipment and software, or similar, to
enable the commissioning of the system.
Disclaimer: rhis List may change per Network\Regulation\System\country
feature support changes.
PowerEdge R7:0xd Server
3.4GHa2 0M cache,e.
i;r;| ilr"#
ii;iffi;,
60
Gr/s epr,rurbo, Hr,6 c/ I 2r
Dell
(I3s
w)
I
R73oXI)
R730/xd PCIe Riser 2, Center
R730ixd PCIe Riser 1, Right
PowerEdge R730xd Shipping EMEA1
(English/French/German/Spani sh,/Russi anlFlebrew)
Bezel
Chassis with up to 24,2.5,, Hard Drives
DIMM Blanks for System with 2 processors
Performance Optimized
t;f
2133MT/s RDILIMs
! I8GB RDIlvIIvI,2133MT/s, Dual Rank, x8 Data Width
2 X Star-dard H:atsink for powerEdge R730/R730xd
Upgrade to Two Intel Xeon E5_Z6a{ fi 3.4GH2,20M
Cache,9.60GT/s
QPI,Turbo,HT,r'C/l 2T (1 3 5W)
iD,RACS
h
Enterprise, integrated Dell Remote Access controrler,
Enterprise
'
2 X 300G8 t5K RpM SAS 6Gbps 2.5in Hot_plug
Hard
16 X 500c8 7.:,K R'M_NLSAS6Gbps 2.5in
IE\C HT30Integrated
Performance
Orive,i:C
Hoi-plug Hard Orive,t:G
RAID Controiter, lGB Cache
BIOS Settings
Dual, Hot-plug, Redundant power Supply (1+l),
750W
2 X C13 to Ct4. pDU Style, t0 AMp;b.6m power
Cord
C)
PowerEdge Server FIPS TpM
Inte Ethernet ii5rl QP Gb N etwork Daughter
Card
Intel Ethernet I] 5 0
G b Server
P
\,
Agreement 100i2015
"t
Page 23 of 46
-
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 90 of 111
---t
g,.-
-
f.-'r
-r<
a\l
r_.
PorverEdge R730/R7 3Oxd Motherboard
No Media Required
No Operating Sysrem
OpenManage Essentials, Server Configuration
Management
Electronic System Documentation uriop"ntvtanage
DVD Kit, powerEdge R730/xd
OEM Order
Nor Selected in this Configuration
Asset Service - System & shipbox Label (Model,
Svc Tag, order krformation, Basic
Config Details)
|91$nals Sliding Rails With Cable Management Arm
RA'D 1+R{ID -5 f61H330/H730/H730p (2"t 3-22
HDDs or SSDs)
Base Warranfv
lYr Parts Only Warranty (Emerging Only)
iNFo lYr Prosupport and Nextbusin"rs buy on-Site
Service (Emerging only)
3Yr ProSuppsrt and Next Business Day On_dite
Service (Emerging Only)
Consolidation Fee
EX-Works
PowerEdge R?30 Server
ilfl il:J i#ffi};,
2.4GHz,r5M cache,8.00Gr/s
epr,rurb o,Hr,6c/tzr(85w)
R730/xd PCIe Riser 2, Center
R730 PCIe Riser 3, Left
R730/xd PCIe Riser 1, Right
PowerEdge R730 Shipping EMEA1
(English/French/German /Spanish.tRus sian /tlebrew
)
Dell
2
R730
tro
*l*
Bezel
Chassis with up io 8, 3.5" Hard Drives
DIMM Blanks for System with 2 processors
Perform ance Crptim ize d
2.l33MT/s RDII{Ms
X 8Glf RD If\,[M, 2 J 3MT/s, Dual Rank, x8 Data wi dth
2
Stancarc Heatsink for PowerEdge R 730/R73
0xd
U pgrade to T 'l\o Intel Xeon E5-2620 v3 2.4G
},lz, 5M Cache,8 .00G T/s
Turb
2T
2
V
l1
O
V
t
Agreement 130/2015
Page24 of 46
,.\
:'
'\
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 91 of 111
:---'-l
-\\
\-.--1
CJ
iDTdA C8 Enterprise, integrated D
ell Remote Access Control ler, Enterprise
2 X J OC'GB OK RPM SAS 6Gbps
2 .5 in H,ot-plug I{ard Dri ve,3 .5 1n HYB CARR
PERC H?30 Integrated RAID Controller,
t GB Cache
Performalce BIO S Settings
,A,
DVD+/. RW, SAT Intemal
Dual, Hot-plug, Redundant power Supply (1+l),
750W
Cl3 to C14, pDU Style, 10 AMp, 0.6m iower
cora
European Power Cord 220V
PowerEdge Server FIPS TpM
Intel Ethernet i350 ep 1Gb Network Daughter
Card
Intel Ethemet 1350 ep lGb Server adapti
PowerEdge R73 0/R73 Oxd Motherboard
No Media Required
No Oprating System
OpenManage Essentials, Server Configuration
Management
Electronic System Documentatio,
-iop"r,lutanage DVD
OEM Order
Not Selected in this Configuration
Ki!
powerEdge R730/xd
F
Asset Service - System & shipbox Labei (Model,
Svc Tag, order Information, Basic
Config Details)
|ea{Vna$ Sliding Raiis With Cabte Management Arm
RAID I for H3304I730/H730P (2 HDDs or"SSDs)
L_.
*{-
b
Base Warranty
lYr
Pars Only Warranty (Emerging Only)
11, ProSupporr
an{Ne1t-Au1n.r, buy On_Sire Service (Emerging Only)
3Yr ProSupport and Next Business Day On_dite
Service (Emerging OnIy)
ry,Fg
Consolidation Fee
EX-Works
PowerECge R730 Server
lntel Xeon E5-2650 v3 2-3GHz,25M cache,9.60GT/s
epl,Turbo,HT,l0c/20T (105w)
Max Mem 2133MHz
q
R730/xd PCIe Riser 2, Center
R730 PCIe Riser 3, Left
R730/xd PCIe Riser I Ri
Agreement 100/2015
Dell
2
R730
6
{.
Page 25 of 46
i,=.-*.--i ;--.-,1
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 92t.-.,i t..:;
of 111
*-:l
\
+)
f;
:---l
,:--r
f.:.
ffi
f:
f-l
t----'
i..-;
\-1.
(--'
L
PowerEdge R730 Shipping EMEAI
(English/French./Germar/Spanish,rRussian[Iebrew)
I
Bezel
Chassis with up ro 8, 3.5,, Hard Drives
DIMM Blanks for System with 2 processors
Performance Optimized
2l33MTis RDIIvIMs
8 X 16GB RDIVIU,2133 MT/s, Dual Rank, x4 Data
Width
2 X Standard Heatsink for powerEdge R730/R730xd
upgrade to Two Intel Xeon E5-2650 v3 z.3GHz,25M cache,9.60GT/s
QPI,Turbo,HT, 1 0C/20T ( I 05W)
iDRACS Enterprise, integrated Deil Remote Access conboler, Enterprise
VFlastr, 8GB SD Card for iDRAC Enterprise
2 x 300cB 10K RPM sAS 6Gbps 2.5in Hor-plug
Hard Drive,3.5in HyB CARR
PERC HT30lntegrated RAID Controller, IGB Cache
Emulex LPE12002 Dual channel gGb pcle Host Bus Adapter,
Low profile
Performance BlOS Settings
DVD+/-RW. S.4"TA, Internal
Dual, Hot-plug. Redundant power Supply (l+l), 750W
C13 to Cl4. PDU Sryle, 10 AMp,0.6m Fower Cord
PowerEdge Server FIPS TpM
Intel Ethernet i350 Qp tGb Network Daughter Card
Intel Ethernet 1350 eP 1Gb Server Adapter
PowerEd ge R7l 0/R73 Oxd Motherboard
No Media Required
No Operating System
Electronic system Documentation and openManage DVD Kit, powerEdge
R730ixd
OEM OrCer
Not SelecteJ in this Configuration
Asset Service - S.v*stem & Shipbox Label (Model, Svc Tag,
order Information, Basic
Config Details)
ReadyRails Sliding Rails With Cable Management Arm
RAID i for H330,tI730/H730p (2 HDDs oiSSOry
Base Warranty
lYr
Parts Onl
w
H
V\
-F
5E
\
On
!.
ii
.1 i
Agreement 100/2015
t,
Page 26 of 46
m m: r*::] (Xl (-: r:] _r-
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 93 of 111
--.,j
r(.--,
d
INFO lYr ProSupport and N ext Business
Day On-Site Service (Emerging Only
)
Yr ProSupport ald Next Business Day On-Site
Service (Emerging Only)
Consolidaticn F ee
EX-Works
_1
PowerEdge K}'M lOglAD _ Bi Port
Keyboard/Video/lr4ouse Analog Switch, EUCEM
8x USB Sen.er Interface pod, includes 2
CAT 5 Cables,
Deli
I
1U KMI.,{ (Touchpad, US/Intemational
Keyboard and Widescreen 1g.5,, LED) with
ReadyRails - Ki1
Deil
I
NetApp
1
TAA
1081AD
FAS8O2O
r<
L.\
-C 2
+
?
,-C 288
0\
L
Agreemenr I00/20I5
Page?7 of46
J
'{
L-
-.-,... .
.;
l...*.-"!
(__*.*i
L*.J
t*_J
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 94 of 111
:-J
L.-...,J
L*_.. J
["**J
l**-_,*,J
i,-,
)
,1
*4:
i.
()
Digi PortServer TS l6 port rackmounlable RJ-45 Serial to Ethemet
Terminal Server
One (1) span
digihl T1/Ei/JllpRI pCl-Express xl
2
Cisco
Cisco 2921
Cisco 2921 Securit_v Bundle w/SEC license pAK
SMARTNET SX5XNBD Cisco 2921 Security
Four port 1 Oi 10011 000 Ethemet switch interface card
Cisco 2901-2921 IOS UNIVERSAL
Data Paper PAK for Cisco 2901-2951
Cisco 2921/2951 AC Power Supply
Console Cable 6ft with RJ45 and DBSF
Cisco Config Pro Express on Router Flash
lnsert Packout - PI-MSE
2
Digium
card
Digium
3
TS I6
2921
IP Base L.icense for Cisco 2gOl-ZgSl
Blank faceplate for HWIC slot on Cisco ISR
512M8 DRAM for Cisco ZgOt-Zg2t ISR (Default)
256M8 Cornpact Ftash for Cisco 1900 2900 3900 ISR
Secnrity License for Cisco ZgOl-2951
Blank facep_ate f.-:r DW slot on Cisco 2951 and,3925
Removable faceplate for SM slot on Cisco 290039004400 ISR
!n
\-
K
Cisco 3750X
Catalyst 3750X 48 Port Data Ip Base
Cisco
2
Cisco 3750X
SMARTNET SxsxNBD catalyst 3750x 4g port Data Ip Base for 36 Months
Catalyst 3K-X 350W AC Secondary power Supply
CAT 3750X IOS TINIVERSAL WITH WEB BASE DEV MGR
Cisco StackWise 50CM Stacking Cable
Catalyst 3750X and 3850 Stack power Cable 30 CM
Catalyst 3K-X 10G Network Module
Catalyst 3K-X 350W AC Power Supply
Insert Packout - PI-MSE
D
+
(-.\
Agreement _00/2015
Page 28
of46
i,
r.--..
. _..,,
-,.,;
!......"....,.r .t,."..-.-!
t-.".-*r
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 95 of 111
.
'...:,.
--l
l
:-l
-- --l .---l
L-,*._J
L--.._..J
L.*...,.,_,, 1..,,,,,.,",,j
t,
i
I
_-::l
I
Catalysr 296Cr-X 48 GigE 4 x SFp LAN Base
Cisco
2
Cisco 2960-X
Cinterion
9
MC55i
Dell
l5
Dell
30
APc NetShelter SX 42u Deep Enclosure 1200x600 with Roof
and sides Black
APC
2
AR3300
Rack PDU 2G. Metered , ZerorJ,32A,23OV, (36) C13
APC
4
AP8853
APC
4
AP9569
10
AR8429
SMARTNET sx5xr{BD cat2960-x stk 24 GigE4xSFp
LAN Base (36 Months)
Insert Packout - PI-MSE
Cinterion MC-< 5i l'zlodem
Optiplex 701D MT
' OptiPlex 7010 N{T: Mini-Tower
'Windows 8
' 3rd Gen Intel core ii417a (euad core,
3.40GHz Turbo, gMB, w/ HD4000 Graphics
' 8cB (2X4cB I td00 MHz DDR3 Non_ECC
yIf!+ (QWERTY) Dell KB2I2-B euietKey USB
' lTB 3.5inch Serial ATA IiI (7.200 Rpm) I{ard Drive Keyboard Btack
' Dell optica- oiot wireress), Scroil use-1:
buttons scrolr) Brack Mouse
' I6XDVD+/-RW Drive
Internal Dell Business Audio Speaker
3Yr ProSupp.rrt and Next Business Day On_Site Service (Emerging
Only)
Dell Professional p23 I 4H 5 g.4cm(23 ,') LED monitor vGA,DVI_D,Dp
BlackUK
(
1
g20x t 0g0)
& (6) Cl9
PDU cord Retention Kit for Full-Height & 4gu, Basic
& LCD-Metered pDU
PDU
(l
per
\^r
Horizontal Cable Organizer lU w/brush strip
CatT patch cord,0.5m,Blue
20
CatT patch ccrd,lm,Blue
40
C
Agreement 100l?015
_p
Page 29
of46
;
0a
\*.-,-,.^i
,..J
\
f-t
i-
,-_t ,I:
-l
L*.*J
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 96 of 111
=-t - .."i
i6-".J
L.-,",*di
q*r&{r,
b.,",,.*J
}* ,, ,r
i)
.,.d
CatT patch co:d,2m,Blue
60
Cat 7 patch cord,Sm,BLACK
20
Cat 7 patch cordl0m,Grey
10
48 port Cat 6 patch Panel HD Netkey
4
duplex patch cord,lOm - Patch cord Fiber OM3 LC LC 10m
10
Console Cable 6ft with RI45 and DBSF
2
Blank plate 1IJ(10 per pack total 4 packs)
40
Power Cord, Cl3 to
5m
20
Fower Cord, C13 to C14, 3m
40
Cl4,
APC Smart-LPS SRT 5000VA RM 230V
APC Smar-LrPS SRT 5kVA Output FIW
SRT001
APC
power cable
j
4
4
Office Pro Plus 2013
Microsoft
VPP L3 VMrvare vSphere 5 Enterprise for I processor
Production Support/Subscription for VMware vSphere 5 Enterprise for 1 processor
Vmware
VPP L3
\\Iware
vCenter Server 5 Standard for vSphere 5 (per Instance)
r
4
APC
APC Smart-UPS SRT 192V 5kVA and 6kVA RM Batrerv pack
E
SRTOOl
APC
meters for ups + Sicon 32A
4
APC
Kit installation
SRT5KRMXLI
APC
Kit
4
SRTI92RMBP
15
4 processors
C)
Vmware
1 Instances
__C\
t,
ll'\
*ti
Agreement 100/2015
Page 30 of 46
:---'* ..--\,
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 97L-.\--) L**-"J
of 111 l_"a
ill:-:-l
iL--J
I-.-*J
t-. ..J
r'B\q
t
)
r.--l
r-\
\\
-')
V eeam Backup
&. Replication Enterpri SC
for Vm ware
and Hyper-
per Socket License
Microsoft windows Server 2012 R2 Standard Edition
2 Socket License
MS SQL 2014 Serrer Standard core 2 socket License
Veeam
6 Sockets
Microsoft.
Microsoft
2
Nagios
Nagios XI (Enterprise version with 100 Nodes
license)
2
I
t*
(,.
=
C
t,...
Agreement 100/2015
Page 31
of46
Bls?
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 98 of 111 1\r
t
,lt'*'1
.,4'
II
il
)
Eihihit E
I
Consi.Gerations
fi
Gousi
ffir
fi
d
eratio li$ A}}toIfi ts.
i'System eonside ratloni'
provision'of ttiq Licease, Systern ,&:00&060.(Siglt nil }ioq.
arid, Seryj.ees.,
fi
ti
'!Support Feriod
,
&ay,ore Suppor{ Period,
22P/r
olthe System
Coidderafion.
Go-nsid€ration'r
t-
lr
lr
EdlrlicBt Tetiiil
System Consideratiou
I
I '!
I
I
The System Cons.ideratinori strall be paid by the End-USe'r to the Co.mpany in,
follows:
ll
t,
tlrqg Q)
(a)
5070 of',*re Sptam Consideration,shzrli oe-paid o'y Janua4y-'2-8ur 2016 ({he
(b)
i
I
3"5910
of
t'he S,ystern Considera,tion shall.bepaid uporr.the
p.
rnvision
insullm-errtS-
aS:
"First Installment").
o,f the Hardware Eqrlipnrent to
the Erd-Uset'ssile.
il
(c)
ir
l5o/o of lhe System Consicleration shall be paid upon the provisiori: of a writteu notice by the
Company to the End.User confirrning thar the Deplotrnnent oF the Syptern at the End-Userrs site
rvas
c
gmpl eted (thel'iC
om
mlssi
on
ing
No ti cen).
:
SUpporf qerjoi{ Considemtion
Thersupport P€fiod iconsidqrdtri:on sliall ba paid hi one.pa.vment, in advanc'e of each Support Period.
l
l
eN
Agreenrenr
10012015
r.l
t-^J
P agl 32 of 46
/
[J lsz
\t'r-
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 99 of 111
L
: I: :i
iI i",
!
t
t_
a!
I
I
I
i,
LJ
Exhibit.C
:
Installation Requirements
i,.i
!--;
l
!
1-:
The End-User shall ensure that the following pre-requisites are ready 2 weeks prior to the
1i
-tr
installation (aligaed to SW version).
System
Disclaimer: This tist may change per Network\Regulation\Systerr feature support changes'
:
{
.t
I
1
symmetric A TM lines each 2 OMB (from
different iSP's) with static IP' S of 8 external
2
Internet Connection
!
i
ri
li
ll
:
addresses
[2 lines a.e;;quired for
redundancy, The minimum
requirement might be even
lower - depends on the
(-
number and type of
stations.
fi
li
Cellular Reception
Air Condition
Electricity
ij
Stable Cellular Reception
4 power socket
18 Degrees
-220Y
I
it
il
ll
ii
tl
5X5M, Height 2.5 M
seryer room
i1
Area needed for
operator room
l0Xl0M, Fleight2.5 M
Patch panel
SIMs
Depends on the number of stationary stations.
Wires from the end stations to the patch panel in
the rack
2 SIM cards for each network
Security
.t
l
--95 db
None
Server room and
operational room drawings
are required to accuratelY
specifl a1l wall outlets
location. Power generator
and Faciliry environment
against hazard ddngers are
Untraceable
payment method
1
X named credit card with 4000$ balance
1
X
There are 2 48U racks with
the following dimensions:
Height 2258.00 mm,
Width 600.00 mm, DePth
1070.00 mm
into
Can be
rooms
S
Lockable doors
il
it
]
ootional
Area needed for
l
end
Passport scan on the same name as a credit
card
rl
X Prepaid no name local SIM card
f X Utility bill with address on the same name as
1
It is mandatory to use a 3rd
party to order the SIMs ,
account
also use a
It is recommended to use
a
3rd party, The PassPort,
credit card and utilitY bill
should not be related to the
organization
rt
t1
i-l
ll, ,/' .\
t
LLh
l
0r
t515
I"
I
\\l
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 100 of 111
I
l)
t!
,t
!:
'I
I
t:
i(-l
t!
li
l
Exhibit D
rl
,)
Service Level Agreement
]I
i
1
,J
,i
li
:l
),)
1.
i
This Service Level Agreement (the 'SLA') is an agreement between NSO Group Technologies
Ltd, (hereinafter the "Compatry") and Infralok Development Limited (hereinafter the
jl
-t
il
rl
"Reseller").
i
The purpose of this SLA is to specify the services and commitments with respect to the
software technical support, location support and/or hardware replacement services for the
rl
:1
.J
i/
i1
il
-1
purchased products.
i
i
_1
il
it
!l
ti
:1
,
Introduction
1.1
Objecfives of the Service Level Agreement
To create an environment which is conducive to a co-operative and productive relationship
between the Company, t}te End User, and the Reseller to ensure effective support for the End
-t
il
.il
User.
t
To document the responsibilities of all the parties involved in the SLA'
i1
To ensure the Company provides high qualiry seryice to the Reseller and the End User,
i_)
To define the service to be delivered by the Company and the level of service whicb can
ii
it
ll
:
be
expected by the End User, thereby reducing the risk of misunderstandings'
To institute a formal system of objective service level monitoring ensuring that reviews of the
SLA are based on factual data.
il
{i
To provide a common understanding of service requirements/capabilities and of the principals
involved in the measurement of service levels.
il
To provide for all parties to this SLA a single, easily referenced document, which caters for all
objectives as listed above.
ii
lt
I
l
.t
l
a
t
.s{},
r
I
1"
i
i
i'l
lj
t.l
I
il
i
I
u 6N
it
a
,\gt'eeiltent
100/2015
lage 3'l of
46
r:'(
I,
Ggr
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 101 of 111
t,
i
rr
,'"
i
.;
)
..,,1
t'i!l
1\+
'- t,
I
It
i'
Definitions
2
ri
Ilardware Replacement means a HW replacement service for the hardware products purchased
by &e Reseller from the Company, whereby the Company delivers a replacement to the End
User's site before the End IJser retums the faulty hardware.
l-i
il
il
ii
ll
11
U
All Hardware Replacements shall take effect after the Company receives relevant alerts and all
required information, and determines that the hardware issue is related to a malfunction of one of
the hardware components.
ti
it
i.t
fl
Business Day means a normal working day in the time zone where the End User is located.
li
il
Ir
Device Number means a unique identifier of a hardware device, which can be located on a label
on a Hardware product:
l.i
r
,
'
'
ll ii
ri
il
t-
ti
f
t
tl
il
i
tt
I
Company.
ii
!'
li
Hardware means a computing device md/or its component with a specific function and limited
configuration ability. The Hardware is sold by the Company to the Reseller for the sole purpose
of executing the specific Sofrware producUs supplied with it.
il
t_
(IMEI)
Error means an error in one or more of the Company's products, which degrades the product
functionality in accordance with the Severity defmitions, as compared to the product
functionality and performance specifications described in the official user guides provided by the
ll
l
Service Tag Number (STN)
Enhancement means ali software changes, including new releases, new versions, product
improvements, system modifications, updates, upgrades and service packs.
l'l
i:
(..
Serial Number (SA{),
Documentation means the User and Technical manrids provided by the Company for use with
the purchased software and hardware products.
il
t-
Media Access Control (MAC) Address,
Internationai Mobile Station Equipment Identity
Information means any idea, data and program, technical, business or other intangible
information, howeyer conveyed.
(
I
ir
il
Problem Resolufion means the use of reasonable commercial efforts to resolve the reported
problem. These methods may include, but are not limited to: configuration changes, patches that
fix an issue, replacing a failed hardware component, reinstalling the software, etc.
I
1i
l;
lt
il
Force Majeure has the meaning ascribed to it in the Agreement between the parties.
i
issue.
Response means addressing the initial request and commencement
of work pertaining to the
Response Time means the amount of time elapsed between the
initial contact by the Reseller or
the End User with the Company's Technical Support Team and the returned response to the
Reseller or the End User by the Company's support staff.
it
il
Resolution Time means the amount of time elapsed between the initial contact by the Reseller
or the End User with the Company's Technical Support Team till the issue reported is resolyed
wither by permanent fix or a workaround till a permanent fix would be available.
T
Security Code means a specific code dedicated to the End User's account in the Company's
'l'echnical Sr.rpport Center.'l'his code must be provided hy the EnrlTIser eaclr tirne the End User
up;rruuchcri the Colrrpuny's support staff.
Support means the technical Support and Hardware replacement services provirlerl hy
i
TI
ii
r.he
Company to the End User as set forth in this SLA.
I [tt)u
Agreement
aa..
.::.
.:
i.i.:,:, t: :. ,I:
10012015
tt,,"lt:.:
Page 35 of
46
i
'1'.-4"
.I
,LJ
(
BlL b
I.
I,
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 102 of 111
I !'
11
s*
' [-."
1r'
j
r-'
I
t_.
t:
t-
I
l:
t--i
Support case means a single issue opened in the Company's Case Management System. The
i;
rl
I1
Ii
Lf
'
i.
I
tt
li
t'
case number identifies the Service Request.
Field Service Engineer means an engineer that provides the following onsite services:
installation, field configuration, operates system to demonstrate equipment on test devices and to
analyze malfunctions, interprets rnaintenance manuals, schematics, and diagrams, and repairs
electronic equipment, such as computer, computing device or component, utilizing knowledge of
electronics and using standard test instruments and hand tools.
LJ
System means the Hardware, Software and Documentation that have been provided
rI
to
the
Reseller and/or the End User by the Company.
il
i:
1
Ji
,j
Workaround means a change in the followed procedures
substantialiy impairing use of the product.
or
data
to avoid error
rvithout
i
il
ll
li
.i
ir' '
I
il
ii
iJ
i
l
j
j
ll
ll
al
II
1l
lt
ll
LI
i 'l
rl
il
t.
T
il
il
l'l
il
LI
rl
i-t
I L/'\-'uu\
r^n/.nl<
D
^-^at^Ft
L-i
lbtsf
r"
1,.
I
t_"
\\6
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 103 of 111
I
I
I
.l
r"
t,
Company's Obligations
3
.).
r'-:
li
i
l
I
I
3.1.
Maintenance and Support
!
l
The Services shall include wuranty, support and maintenance of the System as further detailed
below, via support center.
!t
il
il
ii
The Company shall provide the End User with technical support for the System, consisting of:
(a) first level to fourth level ("Tierl to Tier4" as described in section 6.2) support via the
Company's support center, and (b) SW updates and SW upgrades of the System, which, for the
avoidance of any doubt, shali not be specifically adjusted to comply with any End-User
Adjustments (as such term is defined in the Agreement which this SLA is attached to). The
Services shall only be provided to the End User
i1
System support and maintenance covers both SW and HW provided by the company. In case of
3rd party HW supplier, the company will contact the 3rd parly and ensure proper suppott
ij
r-i
ti
ti
il
it i
i
provided to the End User.
Maintenance
a.
l
il
b.
1
I
['J
c,
will cover the following:
SW upgrades - periodical SW releases to add new features and bug fix'es. Installing
a new SW upgrade is communicated in advance to schedule the best time for the
end-user and minimize the system downtime
SW updates - special SW packages provided to fix specific critical bug outside the
periodical SW release. SW updates are also provided when a new OS version is
infroduced for a specific platform (e.g new iOS version).
MoUilqftng system - connected to our 2417 NOC room and monitored around the
clock. The monitoring system is configured to do the following:
Connected to all the major HW components in the system, providing real-
il
a.
b.
c.
il
time status of the system
Monitors SW components such as tunnels, VPS servers alerting when any
component goes down
Checks for white accounts balances and alefts when
For further details, see the
i
d.
A dedicated NOC center is operated to provide 24/7 support Tickets
can be submitted via phone call, dedicated website or email. The NOC
representatives foilow our support procedures to ensure each ticket is being handled
24/7 sapport
-
according to the SLA.
End user should report issues with the system, using an agreed form or tool specifuing ali
predefined data and providing all the required operational and technjcal information
ri
The Company shall not be obligated to provide the Services in case of misuse, abuse, neglect,
alteration, modification, improper installation of the System, use of the System for purposes
other than those authorizedby the Company, or repairs by anyone other than the Company or its
authorized representatives without the Cornpany prior written approval. The Company shall not
be ultligal,ed lo pnrvirle Llre Services irr corrrrecl,iorr rvil,lt [ltc l-']trd-lJser Adjustniettts.
il
il
3.2.
I
il
enclosed "system monitoring capabilities and
requirements" appendix.
it
it
a predefined
threshold
i.l
I
it is below
Software Support
For End Users covered under a valid Support offering, Software Support will be provided
pursuant to the terms of Section 6 "software Support Procedure". The scope of commitment
/t1)=
Agreement 10012015
Page37 of46
tJ f
t:
\\&
15tsY
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 104 of 111
a
,,J
l
f
t
t*;
I
i"
r?
in case ofSystem failure requiring a software repair or fix is to preserve the System at the fully
functional condition as per the acceptance data ofthe System by the End User.
_!
L
,\]
l.:
r-1
ti
Il
tj
Software fixes are generally delivered in a secure format, delivered by the Company or in
special occasions by the Reseller and/or the End User or third parfy partner if it is agreed for a
particular case. In addition, permanent fixes are developed for known non-critical issues. These
are incorporated into service pack updates that are periodically distributed. The version updates
may include additional features, bug fixes and/ or services.
,i
ii
t-l
,i
i.l
The Company agrees to provide Suppor! where appropriate to the End User, which may
include but is not limited to, the following actions:
t.r
ii
li
(a) Provide the End User with access
upon general commercial release.
,.1
il
I'l
t-l
li
escalating the issue as needed.
I
?
l
I
{''
releases and related Documentation,
(b) Provide the End User with access to Technical Support Team representatives, who will
work with the End User to diagrrose issues, ald provide Problem Resolutions, including
ti
t1
to product update
ti
l. l
3.3.
ti
HardwareReplacement
LI
For End lJsers covered under a valid Support offering, the Company
will
use commercially
tl
)')
in accordance with the terms set forth in
Section 5 "Hardware Replacement Procedure". Provision of hardware Replacement is
subject to the following limitations:
il
ll
il
ii
l
i
-J
rl
i1
(a) The Company will provide Hardware Replacement for up to three (3) years after hardware
installation at the End User's Site or according to standard Hardware in case of a 3'o party
reasonable efforts to provide Hardware replacement
supplier.
:l
lt
(b) Hardware shall be repaired or replaced with same or similar products when needed, at the
Company's discretion.
it
il
il
3.4.
On-site Hardware Support
For End Users covered under a valid Support offering, upon the End User's request, after the
Company determines that the hardware issue is related to a malfunction of one of the hardware
i'l
i.l
components, the Company will decide whether to dispatch a representative to the site'
|.l
i'i
il
it
II
Provision of ou-site support is subject to the following limitations:
(a) On-site Hardware Support does not include on-site service for Software troubleshooting or
any Software or training related issues,
il
(b) On-site Hardware Support service may not dispatch a representative on-site to perform
Hardware replacement outside of the End User's Site address for the Hardware,
it
(c) On-site service response times may be dependent upon the End User's Site address for the
Hardware, the timely arrival of replacement parts at the End Uset's Site, and accessibility to the
it
Site.
it
3.5
On-site Software Support
On-site Sollware Support applies only in cases of Severity I issues rvhich can't be solved
remotely (based on the Company's customer support stat'f .iudgmcnt). After the Company
r:onfinns lhal lhe nral,ter is a Scvcrily I issue, tlte Contpatty and the End User will work
diligently, with highly skilled engineers to resolve the critisal situation artd to restore operation'
Il
tl
Lail't
I
Agreement 100/2015
Page 38
of46
-d
LJ'
I
EIST
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 105 of 111
r!
\t8
'-.
)
r,
t
I
J,
\j
)
tj
ln case the criticality of the issue remains or no progress is made, the Company will decide
whether to dispatch a representatiye to the End User's Site or use a partner Support
)
representative.
rp
ti
3.6.
Exclusions
i.,
r.l
Support does not include the following items or actions:
i,
r .i
l.l
L-t
i.i
''l
1l
il
li
-i
li
I
il
-)
I
I
'l'i
i
I
architecture changes, Security-policy
configuration, Audits, or Security design.
The Company shall have no obligation to Support:
(a) An altered, damaged, or modified product or any portion of the product incorporated with or
into other software, hardware, or products not specifically approved in advance in writing by
the Company.
(b) Product problems caused by the Resell6r's and,ior the End User's negligence, misuse,
misapplication, or use of the product in a way other than as specified in the System user
manual, or any other causes beyond the control of the Company.
(c) Product installed on any computer hardware that is not supported by the Company.
r"l
(d) Product not purchased from the Company.
(e) Products subjected to unusual physical or electrical stress, misuse, negligence or accident,
or used in ultra-hazardous activities,
?
il
il
l
-l
'r
Services, or Educational Services.
il
I
l
(a) Step-by-step installation of Software or Service Packs.
(b) On-site services (outside the ones described in this SLA), Professional Services, Managed
(c) Modification of software code, IT Network
it
il
The Company shall have no obligation to Support the End User if:
(a) Appropriate payment for Support has not been received by the Company and the Reseller
anilor the End User is unable to show reasonable proof of such payment; or
(b) The End User's annual Support term has expired without renewal.
l'l
'l
it
r1
it
ri
n
n
lr6jN
it
Agreement 10012015
Page 39 of 46
i /\
JLJ
'a{
{suo
I
t"
I
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 106 of 111
I
1\{
.r;
f-:
!
{-
r
5,
U
Hardware Replacement Procedure
The Company uses equipment from Ieading vendors, surveillance, network seryers and software
remedies. With each manufacturer, the Company has a contract for Service and Customer
tr
ri
technical support.
For End Users covered under a valid Suppori offering, the Company will provide the
f;
foll owing Hardware Support
i.t
:
il
(a) The Company will atlempt to diagnose and resolve Hardware problems over tle phone or via
remote access. Upon determination that an issue is related to a malfirnction of one of the
Hardware components, the Hardware Replacement process will be initiated by the Company.
il
il !i
il
(b) The Company will either issue a replacement for the faulty part or a full Hardware product
replacement.
tj
t1
rF
I
I
(c) The Company will send the required hardware to the End lJser's Site location within thirty
(30) business days of Hardware Replacement process initiation. The time to ship the required
hardware is dependent also on the export procedures that the Company must comply with, as
well as the import procedures on the End User's side.
i
il
(d) The End User must ship back the faulty Hardware product (or replaceable unit) suitably
packaged, as specified by the Company in a letter shipped with the replacement, to a location
designated by the Company.
'l
il
tl
I
I
I
I
Transportation costs incurred in connection with the delivery of a repaired or replacement
item to the End User by the Company shall be borne by the Company; provided, however. that
if the Company determines, in its sole discretion, that the allegedly defective item is not covered
by the terms and conditions of the Hardware Support described in this SLA or that a claim is
made after the Hardware Support period expired, tie cost of the repair or replacement by the
Company, including all shipping expsnses, shall be reimbursed by the End User.
lt
I
User.
(f)
rl
l
l
(e) Return shipment of the faulty Hardware should be made within five (5) business days of the
arival of the replacement. Transportation costs forreturn shipment shall be bome by the End
li
II
l
il
(g) The Company shall have no obligation to Support and Replace Hardware not monitored by
Monitoring Client installed on the System and connected to the Company's Technical Support
il
Center.
!
The Company shall have no obligation to Support:
it
t1
(a) An altered, damaged, or modified product or any portion of the product incorporated with or
into other software, hardware, or products not specifically approved in writing by the Company.
i
(b) Product problems caused by the End User's negligence, misuse, misapplication, or use of the
product other than as specitied in the System user manual, or any other causes beyond the
control of the Company.
T
rl
(c) Products subjected to unusual physical or electrical stress, misuse, negligence or accident, or
used in ultra-hazardous activities.
ll
(d) Untrained personnel from the End User are operating the system.
Fi
it
i-t
ll
il
frh
I
l
l,l
Agrocmcnl
100/2015
Pitgc 41
o146
LJf
\'i
I
l',
-I
I
{
,I
J
ti
ir
il
-'t
l
)
I
-1
I
tl
I
il
J
I
t"i
il
{
'1.
li
i
l-i
,i
l
)
ii
I
it
rl
il
i1
I
J
,-i
ii
{1
Case 3:19-cv-07123 Document 1-1 tu1 10/29/19 Page 107 of 111
Filed
I
6.'
il
'f
SoftwareSupportProcedure
(a) Upon initiation of initial contact with the Company's Technical Support Center, the End User
must authenticate its identity by providing a valid Security Code. The Company shall have no
obligation to provide Support if the End User does not provide the code.
(b) A Technical Support representative will validate the Security Code and start gathering
details relevant to the question or issue. The Company shall have no obligation to provide
Support services if the End User does not provide the relevant informarion.
(c) A unique Support Case number [Trouble Ticket] will be assigned and delivered to the End
User either verbally or via email. This nurnber will be used to track any given issue from initial
contact to final Problem Resolution.
lf
appropiate, an issue will be reproduced in the Company's labs. Additional testing and
problem duptication may take place in a nelwork laboratory environment. Further investigation,
including additional troubleshooting or debugging activity may be required. Based on the results
of the TestLab investigation, anissue may be resolved, or, if an anomaly is identifie4 elevated
to the appropriatc Company's Team for final Problem Resolution.
(e) The Company agrees to use commercially reasonable efforts to work with the End User on
Problem Resolution for an issue in accordance with the specifications bf this SLA. Timely
efforts must be made by all parties involved. If communication from the End User ceases
without notice, after five (5) business days, the Company may, upon notice, close a Support Case
due to inactivity on the part of the End User.
(I) The End User agrees to grant access via dedicated secured VPN tunnel, upon receiving a
request from the Company for addressing issues reported by the End User. Thus, the Company
will have access to the System for a limited period of time in order to reach Problem Resolution.
The Cornpany shall haye no obligation to provide Support services if the End User does not
provide the VPN connection to the System.
(g) The End User agrees to grant access via dedicated secured VPN tunnel, upon the Company's
request, for the purpose of Software updates and upgrades or for fixing problems detected during
the system operation. Thus, the Company will have access to the System for a limited period of
time in order to update/upgrade the System. The Company shall have no obligation to apply any
updates/upgrades if the End User does not provide the VPN connection to the System.
(d)
(h) The Company shall have no obligation to provide Support services
i-l
\r-o
if
Internet access
/
3G
issues occur at the End User's Site.
Exceptions:
In some cases, the Company may not be able to resolve the issue until the
I
i.
access network is
stable (for example when the service provider installs firewalls over a period of time or there is a
poor 3G coverage or poor Intemet access). In these cases, the Problem Resolution period will be
paused until the nefwork is stable again.
il
Opening a support
customer to provide
specific country.
il
reeardins authentication of an inbound roamer identitv. wili require the
a valid (activated) IMSI and MSISDN of the specific MNO from the
lVote.' System will present targets'information onJy if such information is available, based on
global roaming agreements. SAI (Send Authentication Info) and MSISDN by IMSI, information
may not be retrieved iftarget is hosted by an operator that blocks such queries or in lack of
roaming agreements with the telecom gateway,
i-i
ll
il
Technical Support Center:
!'or End Users covered under a valid Support offering, the Company will provide the following
t]
n
il
I
Software Support:
llN
Agreement 100/2015
Page 42 of 46
l,J
I
Gld*
lll
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 108 of 111
kt,
tl
i
support
(a) The company will provide the End user with access to the company's Technical
)i
Center 24 hours a day,7 days a week, 365 days a year'
il
assistance in operating, managing and
configuring the System as well as resolving any Software technical issues.
email, and
(c) The End User is able to submit an unlimited number of support cases by phone,
(b) The company will provide the End user with
web (Case Management SYstem)'
,.1
6.1
ll
Support Levels and Support Level activities:
Tier 1 support - Technical support that is provided by an_Engineer trained by the company'
installations'
Support activitie, at this levei'should include basic software and hardware
optimization'
upgrades, basic troubleshooting, configuration changes andlor operation
il
!l
l,
support
Tier 2 Support - Technical support level that is provided by a Field Service Engineer'
activities ut tfrls level should include all Tier 1 activities, customization management,
il
configuration changes and diagnostics or advanced troubleshooting.
Specialist'
Tier 3 Support - Technical support level that is provided by a Technical Support
1 and Tier 2 activities, in-dentl System
Support activities at this .leve1 s'htuld include all Tier
level of support
instructions, advanced diagnostics, and troubleshooting at R&D level' This
Support Team'
shall be initiated by a request to the System
'ii
i-l
il
Activities:
(a) Providing initial client contact
(b) Establishing problem logs and tracking
l
il
(c) Providing "how to" support
a-t
(d) Determining if an issue is documented
l:
ii
(e) Maintaining confi guration knowledge
(f) Working with the End User to duplicate and reproduce problems
(g) Providing intemal problem determination and verification
(h) Performing remote diagnosis
11
Support
Technical suppori level that is provided by an R&D Engineer'
software R&D
activities at this level should inciude design level consultation and solutions,
This level support
diagnostics, and high level of software and hardware fixes and solutions'
shall Ue initiated by a request to the Technical Support Team'
!i
Activities:
Tier 4 Support
-
(a) Isolating, tracking and fixing operational
issues
(b) working with the End user to duplicate and reproduce problems
(c) Technical evaluation and allocation of defect reports within R&D
i-l
(d) Providing system fxes if and when deemed necessary
lt
(e) Performing remote diagnosis
(f) System upgrades
n
ll
6.2.
Severity Levels
n
Business Impact: Complete System failure in which no field
p.".a*. resolves the reported issue, A problem has made a critical application fitnction
unusable or unavailable and no workaround exists'
l1
work, but is prodrrcing
scvcrity Lcvcl 2 - scrious Busincss Impact: The System is able to
,r*1r. *.ru., i1 uurtaitr t'uqucsl.s surrt. A problulrr Lus trtudu u uriticul upplication function
Severity Level 1
tl
I
- Critical
unusabie or unavailable but a workaround exists'
i{N
:,,
1. .. .:1
Agreement 100/2015
i.r,tr:ti r,::ri.
i. l',:
Page 43 of
.r..1: .
.r,,
46
A(
lbg
l))-
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 109 of 111
'L5
I
I
I
t'
v
\,,
ir
I]
L_;
Severify Level 3 - Minor Busiress Impact: The system has problems, which do not affect its
main functions. A problem has diminished critical or important application functionality or
performance but the functionaliry still performs as specified in the user documentation.
il
ti
Ll
dedicate
,
(a) For Severity Level 1: the Company's System Support Team and the End User agree to
fuil tirne and all t}le necessary resources to solve the case. Top prioriry is to
l'1
restore/improve service, not to debug the problem.
l
(b) For Severity Level 2 and 3: the Company's System Support Team and the End User agree
to use their technical resources in order to restore an acceptable level of service or bring
relevant information
I'
J
ii
i.
r
6.3.
J
Seryice Availability: The services of the helpdesk shall be available by way of CRM tool, email,
telephone at all times 24 hours a day,7 days a week.
I
Report of System failure: The End User shall notify the Company in writing (via e-mail or
CRM tool) using the "Customer Support Ticket" form, or by telephone promptly following the
discovery of any verifiable and reproducibte failure of the System. Thjs SLAdoes not apply to
bug reports or feature requests that are cosmetic or do not otherwise impair the operation of the
System. Such bugs reports or feature requests are fypically prioritized for handling in some
I
li
i.r
l
Contacting the Technical Support Center
i-l
ii
future regularly scheduled product release.
Email Support
The Company's Technical Support Center responds to all support requests sent via email. Generally, this
access the Case Management System. Email:
he lpdesk@slobalhel p.support
is used ai a backup in case the End User is unable to
il
j-,l
tl
il
il
Telephoue Support
The Company's support engineers are available by telephone to receive support requests.
Phone: +.4440-36954\An
Skype
i'l
NOC-HelpDesk
rl
Contact Support via the web portal
rl
The end user can also open a ticket to the Company's Technical Support Center via a dedicated web
portal that is connected to a CRM tool. Access is secured with a usemame and password which the
Company will provide.
il
6.4.
rl
li
Response Time and Resource Commitment
Severity
1
(a) Response'I'ime: I hour
(b) Commitrucnt - thc Company
and the Und User lvill commit tho nccousury resources arouad the
clock for Probleur Resolution to obtain workaround or reducc thc scverity. Top priority is to
T
'fL.iF
it
Agreement
100/2015
Page 44
of
46
;'i
Lt
t'I
vlbrl
Jzr
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 110 of 111
I
.,=
i
i
I
l
I
t
i-;
restore/improve service, not to debug the problem. If a workaround could not be provided, the
task wili be transferred to Supplier's R&D Tearn for further investigation.
)
i
I
Severify 2
il
t-J
I
tl
ti
(a) Response Time - t hour
(b) Commitment - the Company and the End User will commit the necessary resources during
I
I
i
l
normal business hours for Problem Resolution to obtain workaround or reduce the severity.
Top priority is to restore/improve service, not to debug the problem.
:.:i
,.I
Severity 3
(a) Response Time - 4 hours
(b) Commitnent - the Company's Technical Support Team
i
IJ
and the End User agree to use their
technical resources during normal business hours for Problem Resolution to obtain workaround
or reduce the severity. Top priority is to restore an acceptable level ofservice or bring relevant
I
il
information.
NOTE: In case of Hardware problerns, the faulty parts will be shipped and time for shipment
will be defined for each specific case. In case of severe software problems, the time for
resolution will be defined on a case-by-case basis. The Company will use commercially
reasonable efforts to provide Hardware replacement in accordance with the terms set forth in
Section 5 "Ifardware Replacement Procedure".
[,
L,
1
ll
i
a'!
ill
L
6.5.
I
:ii
Severity
ii
ti
.;']
1
(a) Resolution Time: 2 business days
(b) Commitment - the Company and the End User will commit the necessary resources around the
clock for Problem Resolulion to obtain workaround or reduce the severity. Top priority is to
restore/improve service.
Severify 2
ij
i'l
.,
Resolution Time and Resource Commitment
rl
(a) Resolution Time - l0 business days
(b) Commitment - the Company and the End User will commit the necessary resources during
normal business hours for Problem Resolution to obtain workaround or reduce the severity.
Top priority is to restore/improve service.
Severity 3
(c) Resolution Time - the 2"d scheduled SW release
(d) Commitment - the Company's Technical Support
I
i
il
Team and the End User aglee to use their
technical resources during normal business hours for Problem Resolution to resolve the issue in
the next scheduled SW release. This will be communic ated by the Company to the End user.
il
l)
il
tl
ii
il
I
arti"
Agreement 100/2015
Page 45 of 46
ur
[b1b5
Case 3:19-cv-07123 Document 1-1 Filed 10/29/19 Page 111 of 111
llY
l
\
l
l.
Clarifications
li,
r
i.
I
The System willextract target 3G keys only if such information is available, based on global
roaming agreements. This information may not be rekieved if the target is hosted by an
operator that blocks such queries or in lack of roaming agreements with the telecom gateway
I
I
'l
i
The System will not extuact targets 3G keys from and in specific countries such as the USA
I
I
;
and Israel.
l
I
t.
I
.
The installation of the system may involve the deployment of a dedicated SS7 telecom
gateway at one or more of the mobile operators in tie country. The End User shall be
responsible for providing access and permissions to the sites where the equipment is to be
installed, including the allocation of necessary space, power and ventilation required for the
installation of the equipment.
i
I'
1
I
-.J
I
I
I
f
jI
!
ti
1
.J
j
t
.
In
,
.
:
j
i
Operating-wise, it is recommended that system queries be used with caution and on highty
important cases, this in order to minimize risk of exceeding acceptable threshold in the
foreign network for such activity.
II
il
case of a cloud-based implementation, i.e., no S57 gateway implemented at a local telecom
operator, billing records of targets may be affected and interception of incoming SMS will be
restricted.
The Company reserye the right to end the System's life upon a six months prior notice, with effect not
before the lapse of 5 (five) years of a sale of a license to the System to the Reseller and/or the End User,
Operation
of the System during its life period is
conditioned upon timely and
fuli
payment of
maintenance and support fees during the entire period.
ii
i'l
i1
i1
it
il
n
tl
t1
ii
IL-b\)
Agreement 10012015
Page 46 of 46
oi
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?