After Weeks Of Reports Of Misuse Of Its Exploits, NSO Group Considering Shutting Down Its Malware Service

from the if-you-can't-beat-'em,-quit dept

RIP NSO Group. Cause of death: investigative reporting.

It's probably too early to celebrate the demise of Israel's most infamous export, but it's looking like NSO is running out of options. The Israeli government recently (and drastically) reduced the number of approved governments NSO could sell its powerful Pegasus malware to, trimming down the permitted list from 102 countries to 37. That followed blacklisting by the US Commerce Department, which means American tech companies aren't permitted to sell exploits, hardware, or devices to NSO without securing a waiver they're unlikely to receive.

That followed weeks of revelations about how NSO customers were using its Pegasus spyware. According to multiple reports, governments and the occasional king were using NSO tools to target journalists, dissidents, government critics, religious leaders, US State Department employees, an ex-wife, an ex-wife's lawyer, and government officials.

I guess when it's no longer feasible to sell spyware to authoritarians and human rights violators, the only option is to default on your debts and shut down your most toxic product.

The NSO Group, the controversial technology company recently blacklisted by the United States over the illegal use of its spyware, is reportedly considering shutting down its Pegasus operation and selling the entire company to an American investment fund, Bloomberg reported on Monday.

The report, citing officials involved in the talks, said that there are two potential suitors for the embattled company, who have discussed a potential takeover and the shuttering of Pegasus unit, in exchange for a $200 million injection of capital and a pivot into strictly defensive cybersecurity services.

NSO needs the cash. It has millions in debt and whatever plans it had for paying it back have been severely curtailed with its blacklisting by the US government and its reduced customer base.

The U.S. restrictions put added pressure on NSO, which needs to pay back about $450 million in debt, just two years after a management buyout that valued the company at about $1 billion. Moody’s Investors Service said last month there’s an increasing risk the company will violate the terms of its loans.

The problem with ditching Pegasus is that it's NSO's most valuable product. This premium phone exploit accounts for half of NSO's business. Fifty percent of NSO is worth far less than the $200 million the company is hoping to obtain. Now that it's blacklisted, it can't purchase exploits or devices from the US, which means it will be extremely difficult to develop new hacking tools worth selling. There may be a market for defensive tech, but that's likely to be far less popular with foreign governments than zero-click exploits that can be deployed remotely.

Here's how it looks for NSO on the home front, as reported by Israeli newspaper Haaretz:

Defense officials think the sanctions could soon bring about the company’s collapse and a shutdown of its operations. The company depends upon constant innovation: It’s one Apple or Android cellphone update away from the failure of its products. If it doesn’t manage to hold onto the best personnel in the world, the kind who would continue to find vulnerabilities in the operating systems, they won’t have a product.

Senior officials have told Haaretz that the move by the United States has totally paralyzed the company’s future operations. “They’re not able to buy a pen at a Walmart store,” the officials quipped. If an American company wants to sell them products, it needs a special permit.

According to this report, the Israeli government believes its local tech companies are being unfairly targeted by US sanctions. The country is home to 19 companies developing offensive exploits, but so far the US has only blacklisted NSO Group and Candiru. The government appears to have been caught off guard by the sanctions handed down by the Biden Administration after having received much more support and cooperation from the previous president, Donald Trump.

The Israeli government may be reeling a bit from the last few months of negative press targeting NSO, but it really can't blame anyone else for the mess the company is in or the sanctions that have greeted the steady stream of reporting about misuse of its Pegasus spyware. It was directly involved with the sale of the malware to a number of known human rights abusers.

[I]n Israel it is acknowledged that oversight of contracts NSO entered into was too lax. The Netanyahu government gladly traded in spyware, with the Mossad reportedly assisting in the initial mediation of the transactions.

[...]

The company’s sales momentum over the past decade is closely linked to the diplomatic and intelligence-related steps that Netanyahu took, which improved relations with countries in various parts of the world, and where NSO’s technology often served as an asset that brought Israel to the table for the improvement of ties. In the past, Netanyahu ordered the defense establishment to advance offensive cybertechnology deals, and it appears he preferred that overly energetic oversight not be imposed on the deals or the parties to them.

Welp. The shitbirds have come home to roost, as the saying goes.

And if the Israeli government thinks the US Commerce Department overreacted, it won't be pleased with the latest demands from members of the federal government.

More than a dozen Democratic lawmakers have called on the Biden administration to sanction four cyber surveillance firms for "enabling human rights abuses" by "selling powerful surveillance technology to authoritarian governments."

The letter, led by Sen. Ron Wyden of Oregon and House Intelligence Chairman Adam Schiff of California, asks the Treasury Department to sanction Israeli spyware vendor NSO Group, Emirati cybersecurity firm DarkMatter and European surveillance firms Nexa Technologies and Trovicor -- as well as the firms' top executives.

This would go beyond the blacklisting already in place. The Global Magnitsky Human Rights Accountability Act allows the US president to sanction people and companies for human rights abuses. In this case, the abuses would have been aided and abetted by NSO, rather than participated in directly by NSO execs or employees. While it normally is used to sanction government officials, it has been used in the past to sanction private parties with ties to human rights abusers.

Whether or not sanctions ever arrive, it appears NSO's days are numbered. But there are still plenty of malware purveyors out there. And there are plenty of authoritarians willing to pay top dollar for spy tech that enables them to more efficiently oppress their countries' populations. The exploit market will remain lively. It just may be that one of the most recognizable names in the business will no longer be in business.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: exploits, malware, pegasus, spyware, surveillance
Companies: nso group