An Employee of NSO Group, Which Sells Powerful Spyware, Allegedly Stole Company's Tools For Personal Profit

Joseph Cox, reporting for Motherboard: NSO Group sells some of the most potent, off-the-shelf malware for remotely breaking into smartphones. Some versions allow a law enforcement or intelligence agency to steal essentially all meaningful data from an iPhone with no interaction from the target. Others just require the victim to click one link in a carefully crafted text message, before giving up their contacts, emails, social media messages, GPS location, and much more. NSO only sells its tools to government agencies, but a newly released, explosive indictment alleges that a company employee stole NSO's spyware product, dubbed Pegasus, and tried to sell it to non-authorized parties for $50 million worth of cryptocurrency.

These capabilities "are estimated at hundreds of millions of [US] dollars," a translated version of the indictment reads. Several Israeli outlets were the first to report on and upload the indictment. The news shows a danger often highlighted by critics of the malware industry: that hacking tools or exploits typically reserved for law enforcement or intelligence agencies may fall into other hands. Omri Lavie, the co-founder of NSO, told Motherboard in an online chat "no comment."

Oddly, I am not bothered by this

What goes around comes around?

Who would expect it?

[qbast]

Employees of a scummy company are also scum. News at 11.

Re:Who would expect it?

[drinkypoo]

There's no honor among thieves, only things they think they can get away with. Literally.

Re: Who would expect it?

His name is Seth Rich.

He died to expose the depth of the DNC and Obama Administration's corruption.

Re: Who would expect it?

His name is Seth Rich.

He died to expose the depth of the DNC and Obama Administration's corruption.

That is complete fucking bullshit.

Just because Fox made up some bullshit, doesn't make it true.

Re: Who would expect it?

You do realize Apple is trying to block all these tools and exploits, and is fighting this sort of privacy invasion? With Android, it's a given that someone in possession of the device can crack it, and you have to wait on your carrier or device OEM to let you upgrade.

Re:Who would expect it?

[Pinky's+Brain]

As valuable as the software supposedly is, I doubt they distribute it as a software. Ideally you'd just put your own software running on your own servers in the loop, but that would make you far more complicit with all the dirty shit the third world countries and expose their dirty shit to you. Neither them nor the customers want that.

I assume they distribute it as a tamperproofed box. Tamperproofing is not all that easy to break if you only have a single unit available, even for advanced actors.

No honor among thieves

[cerberusss]

Breaking news: thieving tools stolen!

In a move that stunned nobody, a thief stole from crime lord. The crime lord in question sold thieving tools to corrupt governments to spy on their citizens. When business took off, the crime lord hired a local thug. When the crime lord looked the other way, the thief left with all of the inventory! The crime lord took to the courts and explained his plight.

When the courts laughed in his face, he threatened to expose the moral bankrupcy of several national institutions. Soon after, an attorney general helped him rewrite his complaint, not mentioning ordinary theft but rather calling it "industrial spionage" and was thus able to spend the taxes of citizens to spy on them. The crime lord himself told Motherboard in an online chat "no comment."

Everyone has a price

[nehumanuscrede]

There is a financial breaking point for everyone where they will sell out and give you anything you want from them.
No matter how rich you are, no matter how moral or ethical you are, the vast majority of people will cave in eventually once the price is high enough.

For this reason alone, I laugh when Government and LE types try to claim there is no way such secrets can ever fall into the wrong hands.

People are, and have always been, the weakest link in the chain.

Trust us with the backdoor, we're the Government

[dwillden]

And thus the proof to the argument that if a backdoor or entry method exists for the authorities, it will get out to the criminals. Someone considered 'trustworthy' will have a price. or will be greedy or disgruntled.

And all security is then nullified.

Re:Trust us with the backdoor, we're the Governmen

[Immerman]

You forget the de-facto First Law of Authoritarianism: Anything done by the authorities is not a crime. Unless it targets higher authorities.

I'm more bothered by the comma

[raymorris]

The sentence reads as if these are the most off-the-shelf and potent malware. That bugs me. The bad guys already have plenty of exploits, and most users don't even do the most basic things for security.

For example, we know we shouldn't re-use passwords, we know the password we always use is probably in a data dump somewhere, but we keep using it. The number one most important security thing we can all do is have well-tested off site backups. (Think cryptolocker etc, and rootkit / malware recovery). When is the last time you tested yours? Yeah me too.

Most of us are pretty easy targets.

Another Apple approved backdoor ?

[shubus]

It seems when a backdoor to iOS appears, Apple takes it sweet time in closing it......while opening yet another backdoor which has not yet been publicly discovered. That's what it looks like from 5 miles up.

Re: Trust us with the backdoor, we're the Governme

[houghi]

The criminals are the ones requesting the backdoor. The others are merely opportunists.

And?

[wonkey_monkey]

Heaven forbid Slashdot should actually include some pertinent information in the summary to justify the headline...