After Months Of Troubling News, Israel's Government Finally Limits Who NSO Group Can Sell To

from the tough-to-stay-solvent-using-a-'scorch-your-own-earth'-policy dept

Well, it’s been yet another hilarious couple of days for Israel’s NSO Group. I mean, not so much for NSO, which is currently sitting at the center of a raging dumpster fire of its own creation. But just because NSO isn’t laughing doesn’t mean it’s not funny.

For years, it sold spyware to whoever wanted it. Those customers used the powerful phone exploits to target journalists, activists, dissidents, and high-ranking government officials.

Some of this had already been exposed by security researchers like Canada’s Citizen Lab before the bombshell dropped: a list of 50,000 alleged NSO malware targets. NSO denied having anything to do with the list, but report after report tied its spyware to abuse by government agencies and quasi-political leaders like kings and princes in the United Arab Emirates, one who used the malware to hack the phone of his ex-wife and her lawyer.

France’s President, Emmanuel Macron, was one of those on the target list obtained by journalists. This prompted the President (and other French government officials) to acquire new phones. Because of this, the French government has decided it won’t be requiring the services of NSO in the future.

At the exact same time, MIT Technology Review has learned, French government officials were in the final stages of contract negotiations to purchase Pegasus hacking tools from NSO. The French were on the verge of buying the tool—in the type of deal that is typically worth millions of dollars—despite years of allegations that it was regularly being used to surveil and harass dissidents, journalists, and human rights activists worldwide.

But sources familiar with the deal say that the process fell apart after the accusations that French politicians potentially were among those targeted, and negotiations were broken off just a few days before the sale was set to take place. After publication, France’s Ministry of Foreign Affairs denied it was in the process of purchasing NSO Group tools.

That takes one customer off the list for NSO. The Israeli government — after years of ignoring NSO’s sales to human rights violators — has further limited the company’s market base, removing nearly two-thirds of the countries on its approved purchasers list.

The Defense Ministry has dramatically scaled back the number of countries to which Israeli companies can sell cyber technologies amid global fallout over Israeli spyware firm NSO Group, according to a report Thursday.

The updated November list consists of 37 countries, down from 102, according to the Calcalist business news daily.

Countries with questionable human rights records, including Israel’s new allies Morocco and the UAE, have been removed, the report said.

Much like everything related to the fallout from the NSO target list obtained in July, this could have been prevented if NSO had decided not to sell to governments known to routinely violate human rights or — if it just couldn’t help itself — its government had forbidden sales of powerful malware to these countries.

Having fewer customers isn’t going to help NSO climb back out of the hole it dug for itself. This trimming of its potential user base follows blacklisting by the US Commerce Department — something that had an almost-immediate effect on the company’s credit rating.

According to Bloomberg, Moody’s dropped NSO’s credit rating by two levels, asserting that the company’s risk of defaulting on its debts had increased and noting that the company has been losing money since 2020.

Not that NSO was in great financial shape to begin with. This was the second downgrade by Moody’s, the first of which came a month before the July release of the alleged NSO spyware target list.

Moody’s said in June that it downgraded the company’s rating from B2 to B3, adding that its outlook remains negative. The report said most of the debt is supposed to be repaid in March 2025.

NSO has been offering up nonsensical and contradictory defenses of its actions for several months. Now, it’s just flailing. It now wants people to believe its current woes are the end result of an anti-Israel conspiracy.

In a letter, [NSO] argued that the U.S. blacklisting arose from “an orchestrated campaign by anti-Israel organizations” that would result in hundreds of employees losing their job, according to Israeli news site Walla.

That’s a ridiculous assertion. NSO would be toxic no matter where it was located. And it has had years to head off this sort of worldwide reckoning but chose to reap the profits, rather than control use of its powerful phone hacking tools. Investigations attributing phone hacks of journalists and human rights activists to NSO malware have been public knowledge for a few years now, and the company’s response (until now) has been to do nothing.

By waiting this long to finally start addressing these allegations, NSO has limited its options to making nonsensical defensive statements and, presumably, starting to figure out how much its office furniture might go for at auction.

The same can be said for the Israeli government, which has been aware of these troubling allegations about NSO for just as long, but instead chose to urge on sales to human rights abusers, rather than discourage NSO from pursuing business relationships with governments that were always going to end up abusing the powerful malware. Due to this close relationship, NSO’s problems are also Israel’s problems, which is likely why even the Israeli government is trying to distance itself from the country’s most toxic asset.

Filed Under: , , , ,
Companies: nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “After Months Of Troubling News, Israel's Government Finally Limits Who NSO Group Can Sell To”

Subscribe: RSS Leave a comment
10 Comments
sumgai (profile) says:

The updated November list consists of 37 countries, down from 102, according to the Calcalist business news daily.

All it’s going to take is just one person from just one of those 37 countries, and the "gray market" will thrive like there’s no tomorrow.

What would be truly ‘funny’ would be if that gray marketeer were to not continually purchase new copies for resale, i.e. if they simply copied the spyware and sold those copies onward. That would force NSO to sue them, and thus admit that the IP in question is, indeed, spyware.

Good times….

Anonymous Coward says:

The Defense Ministry has dramatically scaled back the number of countries to which Israeli companies can sell cyber technologies amid global fallout over Israeli spyware firm NSO Group, according to a report Thursday.

The updated November list consists of 37 countries, down from 102, according to the Calcalist business news daily.

This is actually bigger news than it seems: NSO Group hasn’t just limited its own ability to enable rights abusing countries. It’s limited ALL Israeli companies’ ability to enable rights abusing countries.

This is important because NSO Group can’t now just spin up new shell corporations and declare bankruptcy…

AND, other tech firms spun up by veterans of the Israeli intelligence services (like the one that deployed spyware/root access in HP and Lenovo laptops, or the one that sells the world’s majority of branded VPN services via various shell company names) ALSO have to cease working in these countries.

This is HUGE.

Anonymous Coward says:

Re: Re:

It’s limited ALL Israeli companies’ ability to enable rights abusing countries.

Though I do wonder whether that’s as good as it sounds. At least we knew about NSO Group; people like Citizen Lab were watching them and learning what software flaws they were exploiting, which led to those vulnerabilities getting fixed. Things could get harder when every country’s able to have their own malware, each taking advantage of a different unknown flaw.

Arijirija says:

foot in mouth, shoots self in foot

not pretty.

So typical about the NSO claiming there’s an anti-Israel conspiracy going on. Anyone claiming (with proof) that Israel is committing major human rights abuses against the Palestinians it controls, usually gets labelled anti-Semitic. So typical … you don’t need to be Jewish to be a fool; but equally, being Jewish is no defense against also being a fool.

Does the NSO really want to tar all Israelis with their repulsive mess?

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »