After Weeks Of Reports Of Misuse Of Its Exploits, NSO Group Considering Shutting Down Its Malware Service

from the if-you-can't-beat-'em,-quit dept

RIP NSO Group. Cause of death: investigative reporting.

It's probably too early to celebrate the demise of Israel's most infamous export, but it's looking like NSO is running out of options. The Israeli government recently (and drastically) reduced the number of approved governments NSO could sell its powerful Pegasus malware to, trimming down the permitted list from 102 countries to 37. That followed blacklisting by the US Commerce Department, which means American tech companies aren't permitted to sell exploits, hardware, or devices to NSO without securing a waiver they're unlikely to receive.

That followed weeks of revelations about how NSO customers were using its Pegasus spyware. According to multiple reports, governments and the occasional king were using NSO tools to target journalists, dissidents, government critics, religious leaders, US State Department employees, an ex-wife, an ex-wife's lawyer, and government officials.

I guess when it's no longer feasible to sell spyware to authoritarians and human rights violators, the only option is to default on your debts and shut down your most toxic product.

The NSO Group, the controversial technology company recently blacklisted by the United States over the illegal use of its spyware, is reportedly considering shutting down its Pegasus operation and selling the entire company to an American investment fund, Bloomberg reported on Monday.

The report, citing officials involved in the talks, said that there are two potential suitors for the embattled company, who have discussed a potential takeover and the shuttering of Pegasus unit, in exchange for a $200 million injection of capital and a pivot into strictly defensive cybersecurity services.

NSO needs the cash. It has millions in debt and whatever plans it had for paying it back have been severely curtailed with its blacklisting by the US government and its reduced customer base.

The U.S. restrictions put added pressure on NSO, which needs to pay back about $450 million in debt, just two years after a management buyout that valued the company at about $1 billion. Moody’s Investors Service said last month there’s an increasing risk the company will violate the terms of its loans.

The problem with ditching Pegasus is that it's NSO's most valuable product. This premium phone exploit accounts for half of NSO's business. Fifty percent of NSO is worth far less than the $200 million the company is hoping to obtain. Now that it's blacklisted, it can't purchase exploits or devices from the US, which means it will be extremely difficult to develop new hacking tools worth selling. There may be a market for defensive tech, but that's likely to be far less popular with foreign governments than zero-click exploits that can be deployed remotely.

Here's how it looks for NSO on the home front, as reported by Israeli newspaper Haaretz:

Defense officials think the sanctions could soon bring about the company’s collapse and a shutdown of its operations. The company depends upon constant innovation: It’s one Apple or Android cellphone update away from the failure of its products. If it doesn’t manage to hold onto the best personnel in the world, the kind who would continue to find vulnerabilities in the operating systems, they won’t have a product.

Senior officials have told Haaretz that the move by the United States has totally paralyzed the company’s future operations. “They’re not able to buy a pen at a Walmart store,” the officials quipped. If an American company wants to sell them products, it needs a special permit.

According to this report, the Israeli government believes its local tech companies are being unfairly targeted by US sanctions. The country is home to 19 companies developing offensive exploits, but so far the US has only blacklisted NSO Group and Candiru. The government appears to have been caught off guard by the sanctions handed down by the Biden Administration after having received much more support and cooperation from the previous president, Donald Trump.

The Israeli government may be reeling a bit from the last few months of negative press targeting NSO, but it really can't blame anyone else for the mess the company is in or the sanctions that have greeted the steady stream of reporting about misuse of its Pegasus spyware. It was directly involved with the sale of the malware to a number of known human rights abusers.

[I]n Israel it is acknowledged that oversight of contracts NSO entered into was too lax. The Netanyahu government gladly traded in spyware, with the Mossad reportedly assisting in the initial mediation of the transactions.

[...]

The company’s sales momentum over the past decade is closely linked to the diplomatic and intelligence-related steps that Netanyahu took, which improved relations with countries in various parts of the world, and where NSO’s technology often served as an asset that brought Israel to the table for the improvement of ties. In the past, Netanyahu ordered the defense establishment to advance offensive cybertechnology deals, and it appears he preferred that overly energetic oversight not be imposed on the deals or the parties to them.

Welp. The shitbirds have come home to roost, as the saying goes.

And if the Israeli government thinks the US Commerce Department overreacted, it won't be pleased with the latest demands from members of the federal government.

More than a dozen Democratic lawmakers have called on the Biden administration to sanction four cyber surveillance firms for "enabling human rights abuses" by "selling powerful surveillance technology to authoritarian governments."

The letter, led by Sen. Ron Wyden of Oregon and House Intelligence Chairman Adam Schiff of California, asks the Treasury Department to sanction Israeli spyware vendor NSO Group, Emirati cybersecurity firm DarkMatter and European surveillance firms Nexa Technologies and Trovicor -- as well as the firms' top executives.

This would go beyond the blacklisting already in place. The Global Magnitsky Human Rights Accountability Act allows the US president to sanction people and companies for human rights abuses. In this case, the abuses would have been aided and abetted by NSO, rather than participated in directly by NSO execs or employees. While it normally is used to sanction government officials, it has been used in the past to sanction private parties with ties to human rights abusers.

Whether or not sanctions ever arrive, it appears NSO's days are numbered. But there are still plenty of malware purveyors out there. And there are plenty of authoritarians willing to pay top dollar for spy tech that enables them to more efficiently oppress their countries' populations. The exploit market will remain lively. It just may be that one of the most recognizable names in the business will no longer be in business.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: exploits, malware, pegasus, spyware, surveillance
Companies: nso group


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 16 Dec 2021 @ 11:05am

    Sounds like Pegasus had its wings clipped.

    link to this | view in chronology ]

  • icon
    ECA (profile), 16 Dec 2021 @ 11:44am

    Israel is very interesting.
    And I love Christians that dont remember that the 2 are related.

    Anyone here, think the USA will not use this programming? Hasnt used it. Hasnt hacked it and made it, our own?
    Love the hypocrites in this nation. Esp. With deniability. "WE, didnt know they were doing this", is so Common, that we can say, "monkey see, monkey do".

    link to this | view in chronology ]

  • icon
    Bloof (profile), 16 Dec 2021 @ 1:23pm

    They'll shut it down, wait a few months for the heat to die down then rename the company and malware then restart, or will just sell everything to a company with the same ownership.

    link to this | view in chronology ]

    • identicon
      Bobvious, 16 Dec 2021 @ 1:57pm

      Re: wait for the heat to die down..

      then rename the company and malware then restart

      You mean they'll become OTP, and release their new software product, Phoenix?

      In the meantime, they'll have to rebrand as Meta.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 16 Dec 2021 @ 3:03pm

    “They’re not able to buy a pen at a Walmart store,” the officials quipped. If an American company wants to sell them products, it needs a special permit.

    That's obvious bullshit. Walmart does not require its customers, upon entering a physical store or paying with cash, to state or prove they're not buying for NSO. And it would be extreme idiocy for a company in NSO's position to be buying electronic equipment anywhere but a physical store, off the shelf—governments could fuck with ("interdict") any shipment that's linkable to them.

    Lack of cash, however, could be a very real difficulty for them. As would selling to countries who now know NSO has been hacking their officials.

    link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 16 Dec 2021 @ 7:15pm

    I await seeing a new company opening in the Kingdom.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Dec 2021 @ 9:29am

    Re: “ demise of Israel's most infamous export”

    Do you mean USS Liberty souvenirs?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Dec 2021 @ 11:19am

    Left hand, Right hand...

    "It just may be that one of the most recognizable names in the business will no longer be in business."

    At least it may no longer be 'visibly' in business.
    But the product is in high demand - especially after all this great publicity - and such things always find a merchant willing and eager to peddle them to those willing and eager to utilize them.

    Amazing how much money one can make by doing private deals behind the scenes. And as a bonus, there is no tax data attached to such transactions.

    I'm certain the company will do just fine, even if it is dissolved. Publicly. :)

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.