Former NSO employee tries to sell stolen spyware for $50 million in cryptocurrency

A former employee of NSO Group has been charged with cybercrimes after stealing software used for mobile surveillance and attempting to sell it on the dark web.

The accused, who has not been named, was a senior programmer with access to the company’s servers and proprietary tools. According to Israel’s Justice Ministry, he was called in for a hearing by NSO Group in April before being dismissed, after which he circumvented the company’s policies in order to download and steal its software.

He then posed as a member of a hacker group which he claimed had successfully breached NSO Group’s systems, and advertised the product on the dark web, offering to sell it to “a foreign party” for $50 million in cryptocurrency. However, a potential buyer tipped NSO Group off to the theft, resulting in the arrest of the accused in June by the Lahav 433 cyber unit.

He was charged with attempting to damage property in a manner which would harm state security, employee theft, carrying out a “marketing operation” without a license, and disruption of computer material.

According to Globes, an Israeli business news provider, the software in question was mobile spyware program ‘Pegasus’, which is sold to governments for “lawful interception” in order to help them “combat terror and crime”. It made headlines in 2016 and 2017, when it was associated with malware used to target human rights activists and other private citizens, though NSO Group stated that it was unaware of any incidents.

The Justice Ministry said that the defendant’s alleged actions “endangered NSO and could have led to its collapse”, and furthermore, posed a threat to state security.

The defendant’s lawyer, however, said that his client never considered endangering state security, and that court proceedings would show that the accusations are baseless.

NSO Group said in a statement that no intellectual property or company materials were shared with any third party, and no customer data or information was compromised.

“We will continue to support the prosecution of the perpetrator to the full extent of the law and pursue all available legal actions,” a spokesperson for the company said.

Researcher, writer, recovering medievalist. Currently particularly interested in the cybersecurity solutions market, cyber insurance/risk modelling, and IoT security.

Related posts

Your thoughts