NSO Group Employee Allegedly Stole Company’s Powerful Spyware for Personal Profit
NSO Group sells some of the most potent, off-the-shelf malware for remotely breaking into smartphones. Some versions allow a law enforcement or intelligence agency to steal essentially all meaningful data from an iPhone with no interaction from the target. Others just require the victim to click one link in a carefully crafted text message, before giving up their contacts, emails, social media messages, GPS location, and much more.
NSO only sells its tools to government agencies, but a newly released, explosive indictment alleges that a company employee stole NSO’s spyware product, dubbed Pegasus, and tried to sell it to non-authorized parties for $50 million worth of cryptocurrency. These capabilities “are estimated at hundreds of millions of [US] dollars,” a translated version of the indictment reads. Several Israeli outlets were the first to report on and upload the indictment.
The news shows a danger often highlighted by critics of the malware industry: that hacking tools or exploits typically reserved for law enforcement or intelligence agencies may fall into other hands.