Israeli Exploit Developer Caught Negotiating Spyware Sales With Saudi Government

from the got-'em-right-in-the-optics dept

More ugly news has surfaced about Israeli malware developer NSO Group. Over the past year, investigations have uncovered sales of phone-targeting spyware to countries known mostly for their human rights violations. Even less questionable governments have purchased NSO’s software ostensibly for law enforcement purposes only to use it to target activists, journalists, and government critics.

There’s no telling how US agencies will deploy this malware, but there’s no question federal entities like the DEA think NSO spyware would be a useful addition to their investigative tool kits. The US government doesn’t appear to be worried about getting in bed with tech companies willing to sell software to blacklisted countries, so NSO Group is still a viable option.

Haaretz has obtained information showing NSO is willing to sell its exploits to its own enemies. Unfortunately, Haaretz has also decided to paywall its discovery, so we’ll be pointing you to the Times of Israel’s reporting instead.

An Israeli company that specializes in cyber espionage tools reportedly negotiated a multi-million-dollar deal with Saudi Arabia to sell a technology that allows governments to hack their citizens’ cellphones, and to listen to calls as well as conversations that take place near the phones.

Representatives from the Herzliya-based NSO Group held meetings with Saudi officials in Vienna and, apparently, also in a Gulf State to negotiate a $55 million sale of their Pegasus 3 software, the Haaretz daily reported on Sunday.

These negotiations occurred shortly before Mohammed bin Salman kicked his purge machinery into high gear. Unfortunately, the documents (which surfaced due to a lawsuit filed against NSO by an employee who says the company screwed him on commissions) don’t say whether or not the Saudi government chose to purchase this software and/or whether it was used to help MBS hunt down his political opponents.

From what has been seen, NSO tried to play it both ways while negotiating a deal with the Saudis. It refused to identify the person behind an anti-government Twitter account but did offer to demonstrate the effectiveness of tools designed to hijack targets’ cellphones.

In response to the recent stream of criticism, NSO Group also tried to have it both ways:

The NSO Group has insisted in the past that it sells its software to clients on the condition that it be used only against crime and terrorism, and has shirked responsibility in cases where it was allegedly used for civil rights abuses.

“We made them promise to only use the tools for good” is a pretty weak defense of sales to countries like Uzbekistan and Kazakhstan. And it certainly doesn’t excuse approaching the Saudi government with tools NSO certainly knew would not be used for good. Then again, our president just made it clear no amount of murdered journalists is going to stand in the way of selling weapons to Mohammed bin Salman’s government, so there’s really no taking the high road in international relations should it be discovered the Saudi government is using Israeli tools to hunt down dissenters… or Israeli natsec personnel.

Filed Under: , , , , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Israeli Exploit Developer Caught Negotiating Spyware Sales With Saudi Government”

Subscribe: RSS Leave a comment
23 Comments
ECA (profile) says:

Dont think this is the only one...

Just cause 1 person/group has found some dirty tricks..
Dont mean someone ELSE hasnt created them also..

Who understands the ideals of an open society?? Esp. with semi smart people, and kids that DO know tech..
The only down side is finding and fixing the problem. This only gives OTHER GROUPS, the ability to Sell you the Solution.
This goes back to the old days..of Anti-Virus, and WHERE THE HELL IT CAME FROM.. Think how hard in the old days, it took to get a virus onto a computer. No internet(not like todays) Dick operated system, requires a set of Disks EACH time you boot up.. think about that..and Iv found 7 virus on 1 Floppy disk..

We are on the Cusp of a new form of protection and SALES..
Anyone for Linux??

Anonymous Coward says:

Re: Dont think this is the only one...

Anyone for Linux??

NO. Not for anything productive.

Nor any longer for "hobbyist". You’ll waste dozens of hours "learning" each ones’s unique quirks and trying to find one that just works. But you won’t.

Just read Distrowatch.com Weekly: even those who want it can’t find one that works.

Linux on the desktop has failed.

Anonymous Coward says:

Re: Re: Re: Not for anything productive.

Such as trying to recover files that Microsoft has decided to delete.

Oh, I agree! You won’t find a more staunch opponent of Crimosoft.

But key problem is programmers: they’ve no common sense, always doing more tricks rather than making appliances.

I stop there because off-topic and you’re replying to ME whom I doubt wanted to.

P.A. Back-Time says:

Re: Re: Re: Dont think this is the only one...

throw away my laptop which has been running Debian for over a decade

Free software on an antique is an all old alky / doper like you can afford. That’s why you’re a pirate, too.

But I’m even more right, and you can prove it to yourself: just TRY a modern Linux distro / GUI. They’ve gone backwards in last 10 years.

Lawrence D’Oliveiro says:

Re: Re: Re:2 just TRY a modern Linux distro / GUI

Well, LibreOffice has a more modern GUI than Microsoft Office. Microsoft”s “ribbon” UI was developed before modern widescreen monitors became popular. Because documents still tend to have portrait-oriented pages, the Ribbon reduces the area available to show your document. Whereas the LibreOffice Sidebar occupies the available space to the side, letting you see more of your document at once.

ECA (profile) says:

Re: Re: Re:2 Dont think this is the only one...

Part of this STUFF..
tends to be Linux trying to get Programing BACK to linux side..
before 1999, Linux was the system to create things…Then MS got pissy..and said NOPE..
How many environments on Win10 computer NOW..
DX, ??Netframework, then trying to get the phone/console/desktop All running the same Environment.. then trying to lock down its Own Browser, with a new one..Are those holes still in it?? Is the Advert backdoor still there??

ryuugami says:

Re: Re: Re:2 Dont think this is the only one...

just TRY a modern Linux distro / GUI. They’ve gone backwards in last 10 years.

Right, and in the world of Linux, there is no way to choose a different GUI, you are locked in. Unlike Windows, where there is a rich selection of interfaces to choose from, and the newer interfaces were widely praised for their usability.

Oh, wait, that’s all bullshit. Windows 8/10 "Modern" interface is a usability abomination, and Linux offers dozens of different GUIs, most of them highly customizable. You’re talking out of your ass, again.

Gwiz (profile) says:

Re: Re: Re:2 Dont think this is the only one...

Free software on an antique is an all old alky / doper like you can afford.

Lol. Love the uninformed insults. Very entertaining. Aren’t you the one who claims that ad hominems detract from this site?

 

That’s why you’re a pirate, too.

I am not a pirate, except for one day a year when I talk like one. If you are referring to illegal downloading, then you are also incorrect. What content (which is very little since I pay for HBO/SHOWTIME/CINEMAX on my Directv account) I do download/view these days is from PAID accounts.

 

But I’m even more right, and you can prove it to yourself: just TRY a modern Linux distro / GUI. They’ve gone backwards in last 10 years.

Not sure what you are babbling about here, my Debian install IS the latest since I upgrade to the latest Debian distros when they are released.

My laptop may be considered an "antique", but it works just fine for my purposes. Why fix something if it ain’t broke?

Anonymous Coward says:

Re: Re: Re:3 Dont think this is the only one...

my Debian install IS the latest since I upgrade to the latest Debian distros when they are released.

Switch to Debian testing, and enjoy a reliable, up to date, rolling distro. Seven years and counting of daily updates, and no significant issues to report.

Gwiz (profile) says:

Re: Re: Re:4 Dont think this is the only one...

I used to use the testing repository and did have some problems with Wine years ago. I prefer to do my upgrades manually (I’m old school, I guess lol).

For awhile I didn’t upgrade at all because I resisted the change to systemd as long as I could, not because it doesn’t work, but because I really don’t like the design philosophy behind it. systemd marked the beginning of the end for "Do one thing and do it well". Debian is now headed into the Microsoft land of "do a bunch of things mostly well".

Lawrence D’Oliveiro says:

Re: Re: Re:5 "Do one thing and do it well"

Doug McIlroy has a lot to answer for, for the misinterpretation of his words. Unix/Linux has never exclusively consisted of the kind of small, modular pieces he was talking about. They would have been useless without the many large, monolithic pieces that are also an essential part of the system. Consider:

  • Does the Linux kernel “do one thing and do it well”?
  • Does an elaborate command-line shell like bash “do one thing and do it well”?
  • Does the X11 server “do one thing and do it well”?
  • Does GCC “do one thing and do it well”?
  • Does glibc “do one thing and do it well”?
  • Do your more advanced GUI environments like GNOME and KDE “do one thing and do it well”?
  • Does a web browser “do one thing and do it well”?

systemd provides a unified architecture for dealing with a number of tasks that have hitherto been managed piecemeal by various ad-hoc pieces that were not performing their tasks particularly well at all. By combining these, you get an overall simplification by exploiting synergies between them. Other projects (e.g. launchd, upstart) were feeling their way towards the same goal; systemd simply offers the best realization of this idea.

Gwiz (profile) says:

Re: Re: Re:6 "Do one thing and do it well"

Yes, I’ve heard the arguments for systemd and I’ve since resigned myself to fact that it’s a necessary evil going forward on Linux.

I am just not all that comfortable with one program having that much control of critical functions on my system because it makes it a huge target for infiltration by black hat hackers or government agencies. A couple of security flaws have already been discovered in systemd.

That One Guy (profile) says:

'They even PINKY PROMISED!'

The NSO Group has insisted in the past that it sells its software to clients on the condition that it be used only against crime and terrorism, and has shirked responsibility in cases where it was allegedly used for civil rights abuses.

Which, since the malware they sell can only be used to combat those things, seems like a perfectly reasonable condition. I mean it’s not like someone would use malware that is designed to strip a target of anonymity to go after their critics who might have very real reasons to want to be anonymous, after having promised not to do that very thing…

ShadowNinja (profile) says:

Re: Re: 'They even PINKY PROMISED!'

And ‘terrorism’ literally means using fear and/or violence to accomplish your political goals. Wouldn’t be too hard to say those journalists were scaring people, so therefore they’re terrorists. And those anti-government groups scare the government, so they’re terrorists to!

stderric (profile) says:

From a Reuters item:

Saudi Arabia’s public prosecutor is seeking the death penalty for five suspects charged in the murder of journalist Jamal Khashoggi, as the kingdom tries to contain its biggest political crisis for a generation.

The first of the five who’s gonna be found guilty? The one who forgot to check if Turkey was on NSO Group’s customer list, too.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...