Israeli Exploit Developer Caught Negotiating Spyware Sales With Saudi Government
from the got-'em-right-in-the-optics dept
More ugly news has surfaced about Israeli malware developer NSO Group. Over the past year, investigations have uncovered sales of phone-targeting spyware to countries known mostly for their human rights violations. Even less questionable governments have purchased NSO's software ostensibly for law enforcement purposes only to use it to target activists, journalists, and government critics.
There's no telling how US agencies will deploy this malware, but there's no question federal entities like the DEA think NSO spyware would be a useful addition to their investigative tool kits. The US government doesn't appear to be worried about getting in bed with tech companies willing to sell software to blacklisted countries, so NSO Group is still a viable option.
Haaretz has obtained information showing NSO is willing to sell its exploits to its own enemies. Unfortunately, Haaretz has also decided to paywall its discovery, so we'll be pointing you to the Times of Israel's reporting instead.
An Israeli company that specializes in cyber espionage tools reportedly negotiated a multi-million-dollar deal with Saudi Arabia to sell a technology that allows governments to hack their citizens’ cellphones, and to listen to calls as well as conversations that take place near the phones.
Representatives from the Herzliya-based NSO Group held meetings with Saudi officials in Vienna and, apparently, also in a Gulf State to negotiate a $55 million sale of their Pegasus 3 software, the Haaretz daily reported on Sunday.
These negotiations occurred shortly before Mohammed bin Salman kicked his purge machinery into high gear. Unfortunately, the documents (which surfaced due to a lawsuit filed against NSO by an employee who says the company screwed him on commissions) don't say whether or not the Saudi government chose to purchase this software and/or whether it was used to help MBS hunt down his political opponents.
From what has been seen, NSO tried to play it both ways while negotiating a deal with the Saudis. It refused to identify the person behind an anti-government Twitter account but did offer to demonstrate the effectiveness of tools designed to hijack targets' cellphones.
In response to the recent stream of criticism, NSO Group also tried to have it both ways:
The NSO Group has insisted in the past that it sells its software to clients on the condition that it be used only against crime and terrorism, and has shirked responsibility in cases where it was allegedly used for civil rights abuses.
"We made them promise to only use the tools for good" is a pretty weak defense of sales to countries like Uzbekistan and Kazakhstan. And it certainly doesn't excuse approaching the Saudi government with tools NSO certainly knew would not be used for good. Then again, our president just made it clear no amount of murdered journalists is going to stand in the way of selling weapons to Mohammed bin Salman's government, so there's really no taking the high road in international relations should it be discovered the Saudi government is using Israeli tools to hunt down dissenters… or Israeli natsec personnel.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: espionage, exploits, israel, jamal khashoggi, journalists, mohammed bin salman, saudi arabia, spying
Companies: nso group
Reader Comments
Subscribe: RSS
View by: Time | Thread
Dont think this is the only one...
Dont mean someone ELSE hasnt created them also..
Who understands the ideals of an open society?? Esp. with semi smart people, and kids that DO know tech..
The only down side is finding and fixing the problem. This only gives OTHER GROUPS, the ability to Sell you the Solution.
This goes back to the old days..of Anti-Virus, and WHERE THE HELL IT CAME FROM.. Think how hard in the old days, it took to get a virus onto a computer. No internet(not like todays) Dick operated system, requires a set of Disks EACH time you boot up.. think about that..and Iv found 7 virus on 1 Floppy disk..
We are on the Cusp of a new form of protection and SALES..
Anyone for Linux??
[ link to this | view in chronology ]
Re: Dont think this is the only one...
NO. Not for anything productive.
Nor any longer for "hobbyist". You'll waste dozens of hours "learning" each ones's unique quirks and trying to find one that just works. But you won't.
Just read Distrowatch.com Weekly: even those who want it can't find one that works.
Linux on the desktop has failed.
[ link to this | view in chronology ]
Re: Not for anything productive.
Note that, by “productive”, we mean “getting actual work done” as opposed to “farting around with your PC”. Such as trying to recover files that Microsoft has decided to delete.
[ link to this | view in chronology ]
Re: Re: Not for anything productive.
Oh, I agree! You won't find a more staunch opponent of Crimosoft.
But key problem is programmers: they've no common sense, always doing more tricks rather than making appliances.
I stop there because off-topic and you're replying to ME whom I doubt wanted to.
[ link to this | view in chronology ]
Re: Re: Dont think this is the only one...
Well damn. I guess I need to throw away my laptop which has been running Debian for over a decade and buy one of those new fancy laptops that reports everything I do to Redmond, Wa.
[ link to this | view in chronology ]
Re: Re: Re: Dont think this is the only one...
Free software on an antique is an all old alky / doper like you can afford. That's why you're a pirate, too.
But I'm even more right, and you can prove it to yourself: just TRY a modern Linux distro / GUI. They've gone backwards in last 10 years.
[ link to this | view in chronology ]
Re: just TRY a modern Linux distro / GUI
[ link to this | view in chronology ]
Re: Re: Re: Re: Dont think this is the only one...
tends to be Linux trying to get Programing BACK to linux side..
before 1999, Linux was the system to create things...Then MS got pissy..and said NOPE..
How many environments on Win10 computer NOW..
DX, ??Netframework, then trying to get the phone/console/desktop All running the same Environment.. then trying to lock down its Own Browser, with a new one..Are those holes still in it?? Is the Advert backdoor still there??
[ link to this | view in chronology ]
Re: Re: Re: Re: Dont think this is the only one...
Right, and in the world of Linux, there is no way to choose a different GUI, you are locked in. Unlike Windows, where there is a rich selection of interfaces to choose from, and the newer interfaces were widely praised for their usability.
Oh, wait, that's all bullshit. Windows 8/10 "Modern" interface is a usability abomination, and Linux offers dozens of different GUIs, most of them highly customizable. You're talking out of your ass, again.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Dont think this is the only one...
[ link to this | view in chronology ]
Re: Re: Re: Re: Dont think this is the only one...
[ link to this | view in chronology ]
Re: Re: Re: Re: Dont think this is the only one...
Lol. Love the uninformed insults. Very entertaining. Aren't you the one who claims that ad hominems detract from this site?
I am not a pirate, except for one day a year when I talk like one. If you are referring to illegal downloading, then you are also incorrect. What content (which is very little since I pay for HBO/SHOWTIME/CINEMAX on my Directv account) I do download/view these days is from PAID accounts.
Not sure what you are babbling about here, my Debian install IS the latest since I upgrade to the latest Debian distros when they are released.
My laptop may be considered an "antique", but it works just fine for my purposes. Why fix something if it ain't broke?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Dont think this is the only one...
Switch to Debian testing, and enjoy a reliable, up to date, rolling distro. Seven years and counting of daily updates, and no significant issues to report.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Dont think this is the only one...
I used to use the testing repository and did have some problems with Wine years ago. I prefer to do my upgrades manually (I'm old school, I guess lol).
For awhile I didn't upgrade at all because I resisted the change to systemd as long as I could, not because it doesn't work, but because I really don't like the design philosophy behind it. systemd marked the beginning of the end for "Do one thing and do it well". Debian is now headed into the Microsoft land of "do a bunch of things mostly well".
[ link to this | view in chronology ]
Re: "Do one thing and do it well"
Doug McIlroy has a lot to answer for, for the misinterpretation of his words. Unix/Linux has never exclusively consisted of the kind of small, modular pieces he was talking about. They would have been useless without the many large, monolithic pieces that are also an essential part of the system. Consider:
systemd provides a unified architecture for dealing with a number of tasks that have hitherto been managed piecemeal by various ad-hoc pieces that were not performing their tasks particularly well at all. By combining these, you get an overall simplification by exploiting synergies between them. Other projects (e.g. launchd, upstart) were feeling their way towards the same goal; systemd simply offers the best realization of this idea.
[ link to this | view in chronology ]
Re: Re: "Do one thing and do it well"
Yes, I've heard the arguments for systemd and I've since resigned myself to fact that it's a necessary evil going forward on Linux.
I am just not all that comfortable with one program having that much control of critical functions on my system because it makes it a huge target for infiltration by black hat hackers or government agencies. A couple of security flaws have already been discovered in systemd.
[ link to this | view in chronology ]
Re: A couple of security flaws have already been discovered in s
In other words, has systemd made any difference (in either direction) to the security of your installation?
[ link to this | view in chronology ]
'They even PINKY PROMISED!'
The NSO Group has insisted in the past that it sells its software to clients on the condition that it be used only against crime and terrorism, and has shirked responsibility in cases where it was allegedly used for civil rights abuses.
Which, since the malware they sell can only be used to combat those things, seems like a perfectly reasonable condition. I mean it's not like someone would use malware that is designed to strip a target of anonymity to go after their critics who might have very real reasons to want to be anonymous, after having promised not to do that very thing...
[ link to this | view in chronology ]
Re: 'They even PINKY PROMISED!'
[ link to this | view in chronology ]
Re: Re: 'They even PINKY PROMISED!'
[ link to this | view in chronology ]
Re: And 'terrorism' literally means ...
[ link to this | view in chronology ]
...
...
...
Pass.
[ link to this | view in chronology ]
From a Reuters item:
The first of the five who's gonna be found guilty? The one who forgot to check if Turkey was on NSO Group's customer list, too.
[ link to this | view in chronology ]