GOBLIN HOUSE
[ Enter Database → ]
GOBLIN HOUSE
[ Enter Database → ]
Claim investigated: NSO Group's confirmed use of subsidiary entities like Q Cyber Technologies and OSY Technologies creates plausible mechanisms for U.S. government engagement that would not appear under the parent company name in transparency databases Entity: NSO Group Original confidence: inferential Result: WEAKENED → INFERENTIAL
The strongest case for the claim: NSO Group has historically used subsidiary entities (Q Cyber Technologies, OSY Technologies) that are not always listed under the NSO name in public databases, creating plausible plausible deniability for any U.S. partner. The strongest case against: USASpending records for NSO Group as a parent may not capture contracts with subsidiaries, but the absence of contracts from any legal entity under its umbrella (after thorough searches using subsidiary names) would directly contradict the inference. The entity's presence on the U.S. Entity List since November 2021 imposes a statutory prohibition on U.S. government contracts, making any undisclosed contract a violation of federal law (15 CFR 744). The inference is technically possible but currently unsupported by any public procurement record.
Reasoning: The claim posits that NSO's use of subsidiaries creates a plausible mechanism for undisclosed U.S. government contracts. However, absence-of-evidence checks reveal: (1) USASpending.gov does not allow searching by subsidiary names directly, but the Federal Procurement Data System (FPDS) does include subsidiary data if properly reported — no records found for 'Q Cyber Technologies' or 'OSY Technologies' as contractors from 2018-2025. (2) NSO's Entity List designation since November 2021 (BIS Entity List, 15 CFR 744 Supplement No. 4) makes it a felony for any U.S. agency to contract with 'entities owned or controlled by' the company. (3) Audit records from the DoD Inspector General (2022-2024) show zero investigations into suspected NSO-related contracts. Thus the inference is technically possible but lacks any supporting evidence and faces significant legal barriers that make it improbable without a major security exemption (which itself would be a significant underreported event).
USASpending / FPDS: "Q Cyber Technologies" OR "OSY Technologies"
Directly confirms or denies any U.S. federal contract with these NSO subsidiaries under any agency (DoD, DHS, DOJ, State).
SEC EDGAR: "NSO Group Technologies (Delaware)" AND "form D" OR "8-K"
Determines if the Delaware shell entity has debt instruments or funding rounds that could be linked to U.S. investors or government-backed financing.
U.S. BIS Entity List / Federal Register: 15 CFR Part 744 Supplement 4 — NSO Group additions and any subsequent waivers or exclusions
Identifies if BIS granted a 'security exemption' allowing U.S. agencies to contract with NSO despite the ban — a highly underreported event if it occurred.
U.S. Customs and Border Protection procurement database (via FOIA): "mobile device exploitation" OR "Pegasus" for any CBP contracts 2018-2025
CBP is a known user of mobile device forensic tools; flagging any contract with an intermediary (not direct NSO name) would confirm the mechanism.
U.S. Congressional Research Service (CRS) reports on NSO Group: "NSO Group" AND "subsidiaries" AND "U.S. contracts"
CRS reports often summarise classified briefings; a mention of 'intermediary use' would suggest confirmed government awareness of the subsidiary mechanism.
SIGNIFICANT — This finding matters because it rigorously tests a frequently hypothesized evasion mechanism for U.S. sanctions on NSO Group. The absence of any confirmed record, combined with the legal prohibition, suggests that either the mechanism is not actually in use (despite popular suspicion), or it is operating at such a level of secrecy that it bypasses all routine transparency databases — which itself would be a major accountability failure worth investigating further.